Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add file size and type restriction for local file uploads #6390

Merged
merged 4 commits into from
Aug 1, 2024
Merged

feat: add file size and type restriction for local file uploads #6390

merged 4 commits into from
Aug 1, 2024

Conversation

guqing
Copy link
Member

@guqing guqing commented Jul 26, 2024
edited
Loading

What type of PR is this?

/kind feature
/area core

What this PR does / why we need it:

本次 PR 为本地附件存储策略增加了对上传单文件大小和文件类型限制的功能,具体包括:

  1. 单文件大小限制:
    实现了对单个文件上传大小的验证功能,确保上传文件不超过设定的最大值。
  2. 文件类型限制:
    添加了文件类型限制功能,使用 Apache Tika 读取上传文件的 magic numbers 得到文件 mime type 并根据用户配置来决定是否允许上传

参考链接:

Which issue(s) this PR fixes:

Fixes #6385

Does this PR introduce a user-facing change?

为本地附件存储策略增加了对上传单文件大小和文件类型限制的功能

@f2c-ci-robot f2c-ci-robot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. labels Jul 26, 2024
@f2c-ci-robot f2c-ci-robot bot requested review from JohnNiang and LIlGG July 26, 2024 09:42
@f2c-ci-robot f2c-ci-robot bot added the area/core Issues or PRs related to the Halo Core label Jul 26, 2024
@codecov Codecov
Copy link

codecov bot commented Jul 26, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 74 lines in your changes missing coverage. Please review.

Project coverage is 58.15%. Comparing base (bc10336) to head (3e5aa7d).
Report is 98 commits behind head on main.

Files Patch % Lines
...achment/endpoint/LocalAttachmentUploadHandler.java 0.00% 38 Missing ⚠️
...n/java/run/halo/app/infra/FileCategoryMatcher.java 0.00% 21 Missing ⚠️
.../run/halo/app/infra/utils/FileTypeDetectUtils.java 0.00% 7 Missing ⚠️
...app/infra/exception/FileSizeExceededException.java 0.00% 4 Missing ⚠️
...p/infra/exception/FileTypeNotAllowedException.java 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #6390      +/-   ##
============================================
+ Coverage     54.51%   58.15%   +3.64%     
- Complexity     3523     3770     +247     
============================================
  Files           646      651       +5     
  Lines         21862    22110     +248     
  Branches       1528     1555      +27     
============================================
+ Hits          11917    12859     +942     
+ Misses         9328     8628     -700     
- Partials        617      623       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@guqing guqing marked this pull request as ready for review July 29, 2024 04:42
@f2c-ci-robot f2c-ci-robot bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 29, 2024
@f2c-ci-robot f2c-ci-robot bot requested a review from LIlGG July 29, 2024 04:42
@JohnNiang JohnNiang requested a review from ruibaby July 31, 2024 06:50
ruibaby
ruibaby reviewed Jul 31, 2024
View reviewed changes
Copy link
Member

@ruibaby ruibaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm Indicates that a PR is ready to be merged. label Jul 31, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 31, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

ruibaby
ruibaby approved these changes Aug 1, 2024
View reviewed changes
Copy link
Member

@ruibaby ruibaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Aug 1, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ruibaby

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 1, 2024
@f2c-ci-robot f2c-ci-robot bot merged commit 58fe872 into halo-dev:main Aug 1, 2024
8 checks passed
@LIlGG LIlGG mentioned this pull request Aug 19, 2024
Merged
@guqing guqing deleted the feature/6385 branch September 18, 2024 08:15
@guqing guqing mentioned this pull request Sep 18, 2024
Merged
f2c-ci-robot bot pushed a commit that referenced this pull request Sep 25, 2024
@guqing
fix: correct file mime type validation parameter to restore functiona…
f6409a0 
…lity (#6673)

#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x

#### What this PR does / why we need it:
修复文件上传时类型校验失效的问题

此问题由 #6390 导致

#### Does this PR introduce a user-facing change?
```release-note
修复文件上传时类型校验失效的问题
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruibaby ruibaby ruibaby approved these changes

@JohnNiang JohnNiang Awaiting requested review from JohnNiang

@LIlGG LIlGG Awaiting requested review from LIlGG

Assignees

@ruibaby ruibaby

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/core Issues or PRs related to the Halo Core kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

对附件库上传文件类型及大小进行限制
3 participants
@guqing @ruibaby @LIlGG