Merge branch 'szzh' of http://repository.trustie.net/xianbo/trustie2 into szzh

2015-05-26 11:31:21 +08:00 · 2015-05-26 11:31:21 +08:00 · aa86be1d8a
parent 3318d11c6d 6d85535a4d
commit aa86be1d8a
4 changed files with 69 additions and 41 deletions
--- a/app/controllers/avatar_controller.rb
+++ b/app/controllers/avatar_controller.rb
@ -24,48 +24,58 @@ class AvatarController < ApplicationController
          else
            @image_file=params[:filename]
          end      
+          @temp_file = StringIO.new(@temp_file)
        end
      end
    end

    if  @temp_file && (@temp_file.size > 0)
-      diskfile=disk_filename(@source_type,@source_id)
-      @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file))
+      if @temp_file.size > Setting.upload_avatar_max_size.to_i
+        @status = 1
+        @msg = l(:error_upload_avatar_to_large, :max_size => number_to_human_size(Setting.upload_avatar_max_size.to_i))
+      elsif Trustie::Utils::Image.new(@temp_file).image?
+        diskfile=disk_filename(@source_type,@source_id)
+        @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file))

-      # 用户头像上传时进行特别处理
-      if  @source_type == 'User'
-        diskfile += "temp"
-        @urlfile += "temp"
-      end
-
-      logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)")
-      path = File.dirname(diskfile)
-      unless File.directory?(path)
-        FileUtils.mkdir_p(path)
-      end
-      md5 = Digest::MD5.new
-      File.open(diskfile, "wb") do |f|
-        if @temp_file.respond_to?(:read)
-          buffer = ""
-          while (buffer = @temp_file.read(8192))
-            f.write(buffer)
-            md5.update(buffer)
-          end
-        else
-          f.write(@temp_file)
-          md5.update(@temp_file)
+        # 用户头像上传时进行特别处理
+        if  @source_type == 'User'
+          diskfile += "temp"
+          @urlfile += "temp"
        end
+
+        logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)")
+        path = File.dirname(diskfile)
+        unless File.directory?(path)
+          FileUtils.mkdir_p(path)
+        end
+        md5 = Digest::MD5.new
+        File.open(diskfile, "wb") do |f|
+          if @temp_file.respond_to?(:read)
+            @temp_file.rewind
+            buffer = ""
+            while (buffer = @temp_file.read(8192))
+              f.write(buffer)
+              md5.update(buffer)
+            end
+          else
+            f.write(@temp_file)
+            md5.update(@temp_file)
+          end
+        end
+
+        Trustie::Utils::Image.new(diskfile,true).compress(300)
+        @status = 0
+        @msg = ''
+      else
+        @status = 2
+        @msg = l(:not_valid_image_file)
      end
-#    self.digest = md5.hexdigest
    end
    @temp_file = nil

-    image = Trustie::Utils::Image.new(diskfile,true)
-    image.compress(300)
-
    respond_to do |format|
      format.json{
-        render :inline => "#{@urlfile.to_s}?#{Time.now.to_i}",:content_type => 'text/html'
+        render :inline => {status: @status, message:@msg, url:"#{@urlfile.to_s}?#{Time.now.to_i}"}.to_json,:content_type => 'text/html'
        return
      }
      format.js
--- a/app/controllers/zipdown_controller.rb
+++ b/app/controllers/zipdown_controller.rb
@ -9,10 +9,14 @@ class ZipdownController < ApplicationController

  #统一下载功能
  def download
-    begin
-      send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file])
-    rescue => e
-      render file: 'public/no_file_found.html'
+    if User.current.logged?
+      begin
+        send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file])
+      rescue => e
+        render file: 'public/no_file_found.html'
+      end
+    else
+      render_403
    end
  end

--- a/lib/trustie/utils/image.rb
+++ b/lib/trustie/utils/image.rb
@ -17,21 +17,20 @@ module Trustie
      end

      def jpeg?(data)
-        data[0,4]== 0xff.chr + 0xd8.chr + 0xff.chr + 0xe0.chr
+        data[0,3]== 0xff.chr + 0xd8.chr + 0xff.chr
      end
      def png?(data)
        data[0,2]==0x89.chr + 80.chr
      end

      def image?
-        begin
-          f = File.open(@file,'rb')  # rb means to read using binary
-          return false if f.size < 9
-          data = f.read(9)              # magic numbers are up to 9 bytes
-          return bitmap?(data) || gif?(data) || jpeg?(data) || png?(data)
-        ensure
-          f.close
+        data = ''
+        if @file.respond_to?(:read)
+          data = @file.read(9)
+          @file.rewind
        end
+        return false if data.size < 9
+        bitmap?(data) || gif?(data) || jpeg?(data) || png?(data)
      end

      def compress(size=300)
--- a/spec/requests/avatar_request_spec.rb
+++ b/spec/requests/avatar_request_spec.rb
@ -0,0 +1,15 @@
+require 'rails_helper'
+
+RSpec.describe "avatar request", type: :request do
+  describe "上传头像" do
+    let(:user){FactoryGirl.create(:user)}
+
+    it "参数正确，可以成功上传头像" do
+      data = File.open("#{Rails.root}/spec/fixtures/test.jpg").read
+      binding.pry
+      post upload_avatar_path(source_type: 'User', source_id: user.id, filename: 'test.jpg')
+      expect(response).to have_http_status(:success)
+      expect(response.body).to include(/\/images\/avatars\/User\//)
+    end
+  end
+end