From a8b31591cc8d807771abd2576c038e364cef504e Mon Sep 17 00:00:00 2001 From: MikiraSora Date: Sat, 17 Dec 2022 10:29:09 +0800 Subject: [PATCH] [mai2] limit upload user portrait file size --- config/application.properties | 4 ++++ .../game/maimai2/ApiMaimai2PlayerDataController.java | 6 ++++++ .../handler/impl/UploadUserPortraitHandler.java | 10 ++++++++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/config/application.properties b/config/application.properties index fb55e715..b66623ec 100644 --- a/config/application.properties +++ b/config/application.properties @@ -54,6 +54,10 @@ game.maimai2.splash-old-patch=false game.maimai2.userPhoto.enable=true ## Specify folder path that user portrait photo and its (.json) data save to. game.maimai2.userPhoto.picSavePath=data/userPhoto +## When uploading user portraits, limit the divMaxLength parameter. 1 divLength is about equal to the file size of 10kb. +## The default value is 32 (320kb), and the minimum value is 1 (10kb) +game.maimai2.userPhoto.divMaxLength=32 + ## Logging spring.servlet.multipart.max-file-size=10MB diff --git a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java index 9904b5d3..fd46e556 100644 --- a/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java +++ b/src/main/java/icu/samnyan/aqua/api/controller/sega/game/maimai2/ApiMaimai2PlayerDataController.java @@ -12,6 +12,7 @@ import icu.samnyan.aqua.sega.general.model.Card; import icu.samnyan.aqua.sega.general.service.CardService; import icu.samnyan.aqua.sega.maimai2.dao.userdata.*; import icu.samnyan.aqua.sega.maimai2.model.userdata.*; +import org.springframework.beans.factory.annotation.Value; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Sort; @@ -83,6 +84,11 @@ public class ApiMaimai2PlayerDataController { this.userUdemaeRepository = userUdemaeRepository; } + @GetMapping("config/userPhoto/divMaxLength") + public long getConfigUserPhotoDivMaxLength(@Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) { + return divMaxLength; + } + @GetMapping("profile") public ProfileResp getProfile(@RequestParam long aimeId) { return mapper.convert(userDataRepository.findByCard_ExtId(aimeId).orElseThrow(), new TypeReference<>() { diff --git a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java index 9b0074e4..e16f0544 100644 --- a/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java +++ b/src/main/java/icu/samnyan/aqua/sega/maimai2/handler/impl/UploadUserPortraitHandler.java @@ -27,13 +27,16 @@ public class UploadUserPortraitHandler implements BaseHandler { private final String picSavePath; private final boolean enable; + private final long divMaxLength; public UploadUserPortraitHandler(BasicMapper mapper, - @Value("${game.maimai2.userPhoto.enable:true}") boolean enable, - @Value("${game.maimai2.userPhoto.picSavePath:data/userPhoto}") String picSavePath) { + @Value("${game.maimai2.userPhoto.enable:true}") boolean enable, + @Value("${game.maimai2.userPhoto.picSavePath:data/userPhoto}") String picSavePath, + @Value("${game.maimai2.userPhoto.divMaxLength:16}") long divMaxLength) { this.mapper = mapper; this.picSavePath = picSavePath; this.enable = enable; + this.divMaxLength = divMaxLength; if (enable) { try { @@ -60,6 +63,9 @@ public class UploadUserPortraitHandler implements BaseHandler { int divLength = userPhoto.getDivLength(); String divData = userPhoto.getDivData(); + if (divLength > divMaxLength) + return "{\"returnCode\":-1,\"apiName\":\"com.sega.maimai2servlet.api.UploadUserPortraitApi\"}"; + try { var tmp_filename = Paths.get(picSavePath, userId + "-up.tmp"); if (divNumber == 0)