From a8b31591cc8d807771abd2576c038e364cef504e Mon Sep 17 00:00:00 2001
From: MikiraSora <mikirasora0409@126.com>
Date: Sat, 17 Dec 2022 10:29:09 +0800
Subject: [PATCH 1/4] [mai2] limit upload user portrait file size

---
 config/application.properties                          |  4 ++++
 .../game/maimai2/ApiMaimai2PlayerDataController.java   |  6 ++++++
 .../handler/impl/UploadUserPortraitHandler.java        | 10 ++++++++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/config/application.properties b/config/application.properties
index fb55e715..b66623ec 100644
--- a/config/application.properties
+++ b/config/application.properties
@@ -54,6 +54,10 @@ game.maimai2.splash-old-patch=false
 game.maimai2.userPhoto.enable=true
 ## Specify folder path that user portrait photo and its (.json) data save to.
 game.maimai2.userPhoto.picSavePath=data/userPhoto
+## When uploading user portraits, limit the divMaxLength parameter. 1 divLength is about equal to the file size of 10kb.
+## The default value is 32 (320kb), and the minimum value is 1 (10kb)
+game.maimai2.userPhoto.divMaxLength=32
+
 
 ## Logging
 spring.servlet.multipart.max-file-size=10MB
diff --git a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
index 9904b5d3..fd46e556 100644
--- a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
+++ b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
@@ -12,6 +12,7 @@ import icu.samnyan.aqua.sega.general.model.Card;
 import icu.samnyan.aqua.sega.general.service.CardService;
 import icu.samnyan.aqua.sega.maimai2.dao.userdata.*;
 import icu.samnyan.aqua.sega.maimai2.model.userdata.*;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Sort;
@@ -83,6 +84,11 @@ public class ApiMaimai2PlayerDataController {
         this.userUdemaeRepository = userUdemaeRepository;
     }
 
+    @GetMapping("config/userPhoto/divMaxLength")
+    public long getConfigUserPhotoDivMaxLength(@Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) {
+        return divMaxLength;
+    }
+
     @GetMapping("profile")
     public ProfileResp getProfile(@RequestParam long aimeId) {
         return mapper.convert(userDataRepository.findByCard_ExtId(aimeId).orElseThrow(), new TypeReference<>() {
diff --git a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
index 9b0074e4..e16f0544 100644
--- a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
+++ b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
@@ -27,13 +27,16 @@ public class UploadUserPortraitHandler implements BaseHandler {
 
     private final String picSavePath;
     private final boolean enable;
+    private final long divMaxLength;
 
     public UploadUserPortraitHandler(BasicMapper mapper,
-    @Value("${game.maimai2.userPhoto.enable:true}") boolean enable,
-    @Value("${game.maimai2.userPhoto.picSavePath:data/userPhoto}") String picSavePath) {
+                                     @Value("${game.maimai2.userPhoto.enable:true}") boolean enable,
+                                     @Value("${game.maimai2.userPhoto.picSavePath:data/userPhoto}") String picSavePath,
+                                     @Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) {
         this.mapper = mapper;
         this.picSavePath = picSavePath;
         this.enable = enable;
+        this.divMaxLength = divMaxLength;
 
         if (enable) {
             try {
@@ -60,6 +63,9 @@ public class UploadUserPortraitHandler implements BaseHandler {
             int divLength = userPhoto.getDivLength();
             String divData = userPhoto.getDivData();
 
+            if (divLength > divMaxLength)
+                return "{\"returnCode\":-1,\"apiName\":\"com.sega.maimai2servlet.api.UploadUserPortraitApi\"}";
+
             try {
                 var tmp_filename = Paths.get(picSavePath, userId + "-up.tmp");
                 if (divNumber == 0)

From ac95914e2224c437339037c7d412c1c6262ccb64 Mon Sep 17 00:00:00 2001
From: MikiraSora <mikirasora0409@126.com>
Date: Sat, 17 Dec 2022 10:31:31 +0800
Subject: [PATCH 2/4] [mai2] UploadUserPortraitApi enable CORS

---
 .../sega/maimai2/controller/Maimai2ServletController.java | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/main/java/icu/samnyan/aqua/sega/maimai2/controller/Maimai2ServletController.java b/src/main/java/icu/samnyan/aqua/sega/maimai2/controller/Maimai2ServletController.java
index 1d62afef..c7c9a5a3 100644
--- a/src/main/java/icu/samnyan/aqua/sega/maimai2/controller/Maimai2ServletController.java
+++ b/src/main/java/icu/samnyan/aqua/sega/maimai2/controller/Maimai2ServletController.java
@@ -3,10 +3,7 @@ package icu.samnyan.aqua.sega.maimai2.controller;
 import com.fasterxml.jackson.core.JsonProcessingException;
 
 import icu.samnyan.aqua.sega.maimai2.handler.impl.*;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.Map;
 
@@ -14,7 +11,7 @@ import java.util.Map;
  * @author samnyan (privateamusement@protonmail.com)
  */
 @RestController
-@RequestMapping({"/Maimai2Servlet/Maimai2Servlet", "/Maimai2Servlet"}) // Workaround for endpoint mismatch, let's just accept both
+@RequestMapping({"/Maimai2Servlet/Maimai2Servlet", "/Maimai2Servlet"})
 public class Maimai2ServletController {
 
     private final GetGameSettingHandler getGameSettingHandler;
@@ -229,6 +226,7 @@ public class Maimai2ServletController {
         return uploadUserPlaylogHandler.handle(request);
     }
 
+    @CrossOrigin//enable cors because aqua-viewer also use it.
     @PostMapping("UploadUserPortraitApi")
     public String uploadUserPortraitHandler(@ModelAttribute Map<String, Object> request) throws JsonProcessingException {
         return uploadUserPortraitHandler.handle(request);

From 191687f81430b9d1e426f52daf21fded50b2512f Mon Sep 17 00:00:00 2001
From: MikiraSora <mikirasora0409@126.com>
Date: Sat, 17 Dec 2022 10:33:52 +0800
Subject: [PATCH 3/4] ignore web folder.

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 286a8cf6..9580e866 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+web/
+
 HELP.md
 target/
 !.mvn/wrapper/maven-wrapper.jar

From f15812cb9ddb2c8e691a847dffd1faf096d88efb Mon Sep 17 00:00:00 2001
From: MikiraSora <mikirasora0409@126.com>
Date: Sat, 17 Dec 2022 10:57:11 +0800
Subject: [PATCH 4/4] [mai2] add log and adjust divMaxLength default value in
 annotations.

---
 .../sega/game/maimai2/ApiMaimai2PlayerDataController.java   | 2 +-
 .../maimai2/handler/impl/UploadUserPortraitHandler.java     | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
index fd46e556..66dfc5d3 100644
--- a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
+++ b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java
@@ -85,7 +85,7 @@ public class ApiMaimai2PlayerDataController {
     }
 
     @GetMapping("config/userPhoto/divMaxLength")
-    public long getConfigUserPhotoDivMaxLength(@Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) {
+    public long getConfigUserPhotoDivMaxLength(@Value("${game.maimai2.userPhoto.divMaxLength:32}") long divMaxLength) {
         return divMaxLength;
     }
 
diff --git a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
index e16f0544..fafd8f3c 100644
--- a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
+++ b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java
@@ -32,7 +32,7 @@ public class UploadUserPortraitHandler implements BaseHandler {
     public UploadUserPortraitHandler(BasicMapper mapper,
                                      @Value("${game.maimai2.userPhoto.enable:true}") boolean enable,
                                      @Value("${game.maimai2.userPhoto.picSavePath:data/userPhoto}") String picSavePath,
-                                     @Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) {
+                                     @Value("${game.maimai2.userPhoto.divMaxLength:32}") long divMaxLength) {
         this.mapper = mapper;
         this.picSavePath = picSavePath;
         this.enable = enable;
@@ -63,8 +63,10 @@ public class UploadUserPortraitHandler implements BaseHandler {
             int divLength = userPhoto.getDivLength();
             String divData = userPhoto.getDivData();
 
-            if (divLength > divMaxLength)
+            if (divLength > divMaxLength) {
+                logger.warn(String.format("stop user %d uploading photo data because divLength(%d) > divMaxLength(%d)", userId, divLength, divMaxLength));
                 return "{\"returnCode\":-1,\"apiName\":\"com.sega.maimai2servlet.api.UploadUserPortraitApi\"}";
+            }
 
             try {
                 var tmp_filename = Paths.get(picSavePath, userId + "-up.tmp");