fix(upload): add image file check

2023-02-06 19:04:05 +08:00 · 2023-02-06 19:04:05 +08:00 · 964e6bd2d4
parent 808a2ebc12
commit 964e6bd2d4
4 changed files with 55 additions and 17 deletions
--- a/i18n/en_US.yaml
+++ b/i18n/en_US.yaml
@ -152,6 +152,9 @@ backend:
    install:
      create_config_failed:
        other: "Can't create the config.yaml file."
+    upload:
+      unsupported_file_format:
+        other: Unsupported file format.
  report:
    spam:
      name:
--- a/internal/base/reason/reason.go
+++ b/internal/base/reason/reason.go
@ -54,6 +54,7 @@ const (
 	InstallConfigFailed              = "error.install.create_config_failed"
 	SiteInfoNotFound                 = "error.site_info.not_found"
 	UploadFileSourceUnsupported      = "error.upload.source_unsupported"
+	UploadFileUnsupportedFileFormat  = "error.upload.unsupported_file_format"
 	RecommendTagNotExist             = "error.tag.recommend_tag_not_found"
 	RecommendTagEnter                = "error.tag.recommend_tag_enter"
 	RevisionReviewUnderway           = "error.revision.review_underway"
--- a/internal/service/uploader/upload.go
+++ b/internal/service/uploader/upload.go
@ -11,10 +11,10 @@ import (
 	"path/filepath"
 	"strings"

-	"github.com/answerdev/answer/internal/base/handler"
 	"github.com/answerdev/answer/internal/base/reason"
 	"github.com/answerdev/answer/internal/service/service_config"
 	"github.com/answerdev/answer/internal/service/siteinfo_common"
+	"github.com/answerdev/answer/pkg/checker"
 	"github.com/answerdev/answer/pkg/dir"
 	"github.com/answerdev/answer/pkg/uid"
 	"github.com/disintegration/imaging"
@ -40,10 +40,10 @@ var (
 		".jpg":  imaging.JPEG,
 		".jpeg": imaging.JPEG,
 		".png":  imaging.PNG,
-		".gif":  imaging.GIF,
-		".tif":  imaging.TIFF,
-		".tiff": imaging.TIFF,
-		".bmp":  imaging.BMP,
+		//".gif":  imaging.GIF,
+		//".tif":  imaging.TIFF,
+		//".tiff": imaging.TIFF,
+		//".bmp":  imaging.BMP,
 	}
 )

@ -74,13 +74,11 @@ func (us *UploaderService) UploadAvatarFile(ctx *gin.Context) (url string, err e
 	ctx.Request.Body = http.MaxBytesReader(ctx.Writer, ctx.Request.Body, 5*1024*1024)
 	_, file, err := ctx.Request.FormFile("file")
 	if err != nil {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}
 	fileExt := strings.ToLower(path.Ext(file.Filename))
 	if _, ok := FormatExts[fileExt]; !ok {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}

 	newFilename := fmt.Sprintf("%s%s", uid.IDStr12(), fileExt)
@ -147,13 +145,11 @@ func (us *UploaderService) UploadPostFile(ctx *gin.Context) (
 	ctx.Request.Body = http.MaxBytesReader(ctx.Writer, ctx.Request.Body, 10*1024*1024)
 	_, file, err := ctx.Request.FormFile("file")
 	if err != nil {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}
 	fileExt := strings.ToLower(path.Ext(file.Filename))
 	if _, ok := FormatExts[fileExt]; !ok {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}

 	newFilename := fmt.Sprintf("%s%s", uid.IDStr12(), fileExt)
@ -167,14 +163,12 @@ func (us *UploaderService) UploadBrandingFile(ctx *gin.Context) (
 	ctx.Request.Body = http.MaxBytesReader(ctx.Writer, ctx.Request.Body, 10*1024*1024)
 	_, file, err := ctx.Request.FormFile("file")
 	if err != nil {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}
 	fileExt := strings.ToLower(path.Ext(file.Filename))
 	_, ok := FormatExts[fileExt]
 	if !ok && fileExt != ".ico" {
-		handler.HandleResponse(ctx, errors.BadRequest(reason.RequestFormatError), nil)
-		return
+		return "", errors.BadRequest(reason.RequestFormatError).WithError(err)
 	}

 	newFilename := fmt.Sprintf("%s%s", uid.IDStr12(), fileExt)
@ -192,6 +186,17 @@ func (us *UploaderService) uploadFile(ctx *gin.Context, file *multipart.FileHead
 	if err := ctx.SaveUploadedFile(file, filePath); err != nil {
 		return "", errors.InternalServer(reason.UnknownError).WithError(err).WithStack()
 	}
+
+	src, err := file.Open()
+	if err != nil {
+		return "", errors.InternalServer(reason.UnknownError).WithError(err).WithStack()
+	}
+	defer src.Close()
+
+	if !checker.IsSupportedImageFile(src, filepath.Ext(fileSubPath)) {
+		return "", errors.BadRequest(reason.UploadFileUnsupportedFileFormat)
+	}
+
 	url = fmt.Sprintf("%s/uploads/%s", siteGeneral.SiteUrl, fileSubPath)
 	return url, nil
 }
--- a/pkg/checker/file_type.go
+++ b/pkg/checker/file_type.go
@ -0,0 +1,29 @@
+package checker
+
+import (
+	"image/jpeg"
+	"image/png"
+	"io"
+	"strings"
+)
+
+// IsSupportedImageFile currently answers support image type is `image/jpeg,image/jpg,image/png`
+func IsSupportedImageFile(file io.Reader, ext string) bool {
+	ext = strings.TrimPrefix(ext, ".")
+	var err error
+	switch strings.ToUpper(ext) {
+	case "JPG", "JPEG":
+		_, err = jpeg.Decode(file)
+	case "PNG":
+		_, err = png.Decode(file)
+	case "ICO":
+		// TODO: There is currently no good Golang library to parse whether the image is in ico format.
+		return true
+	default:
+		return false
+	}
+	if err != nil {
+		return false
+	}
+	return true
+}