From bde44595195efda9fe59f2cf336597d4b3dd72f6 Mon Sep 17 00:00:00 2001 From: Aaron Liu <912394456@qq.com> Date: Fri, 7 Apr 2023 19:29:43 +0800 Subject: [PATCH] feat(thumb): add ext whitelist for all policy types --- pkg/filesystem/driver/cos/handler.go | 13 +++++++++++++ pkg/filesystem/driver/oss/handler.go | 12 ++++++++++++ pkg/filesystem/driver/qiniu/handler.go | 13 +++++++++++++ pkg/filesystem/driver/s3/handler.go | 3 ++- pkg/filesystem/driver/upyun/handler.go | 13 +++++++++++++ 5 files changed, 53 insertions(+), 1 deletion(-) diff --git a/pkg/filesystem/driver/cos/handler.go b/pkg/filesystem/driver/cos/handler.go index 87a8124..8a045fd 100644 --- a/pkg/filesystem/driver/cos/handler.go +++ b/pkg/filesystem/driver/cos/handler.go @@ -17,10 +17,12 @@ import ( "time" model "github.com/cloudreve/Cloudreve/v3/models" + "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/response" "github.com/cloudreve/Cloudreve/v3/pkg/request" "github.com/cloudreve/Cloudreve/v3/pkg/serializer" + "github.com/cloudreve/Cloudreve/v3/pkg/util" "github.com/google/go-querystring/query" cossdk "github.com/tencentyun/cos-go-sdk-v5" ) @@ -223,6 +225,17 @@ func (handler Driver) Delete(ctx context.Context, files []string) ([]string, err // Thumb 获取文件缩略图 func (handler Driver) Thumb(ctx context.Context, file *model.File) (*response.ContentResponse, error) { + // quick check by extension name + // https://cloud.tencent.com/document/product/436/44893 + supported := []string{"png", "jpg", "jpeg", "gif", "bmp", "webp", "heif", "heic"} + if len(handler.Policy.OptionsSerialized.ThumbExts) > 0 { + supported = handler.Policy.OptionsSerialized.ThumbExts + } + + if !util.IsInExtensionList(supported, file.Name) || file.Size > (32<<(10*2)) { + return nil, driver.ErrorThumbNotSupported + } + var ( thumbSize = [2]uint{400, 300} ok = false diff --git a/pkg/filesystem/driver/oss/handler.go b/pkg/filesystem/driver/oss/handler.go index 826942b..fd39f3c 100644 --- a/pkg/filesystem/driver/oss/handler.go +++ b/pkg/filesystem/driver/oss/handler.go @@ -17,6 +17,7 @@ import ( model "github.com/cloudreve/Cloudreve/v3/models" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/chunk" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/chunk/backoff" + "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/response" "github.com/cloudreve/Cloudreve/v3/pkg/request" @@ -294,6 +295,17 @@ func (handler *Driver) Delete(ctx context.Context, files []string) ([]string, er // Thumb 获取文件缩略图 func (handler *Driver) Thumb(ctx context.Context, file *model.File) (*response.ContentResponse, error) { + // quick check by extension name + // https://help.aliyun.com/document_detail/183902.html + supported := []string{"png", "jpg", "jpeg", "gif", "bmp", "webp", "heic", "tiff", "avif"} + if len(handler.Policy.OptionsSerialized.ThumbExts) > 0 { + supported = handler.Policy.OptionsSerialized.ThumbExts + } + + if !util.IsInExtensionList(supported, file.Name) || file.Size > (20<<(10*2)) { + return nil, driver.ErrorThumbNotSupported + } + // 初始化客户端 if err := handler.InitOSSClient(true); err != nil { return nil, err diff --git a/pkg/filesystem/driver/qiniu/handler.go b/pkg/filesystem/driver/qiniu/handler.go index d201e5b..ad50107 100644 --- a/pkg/filesystem/driver/qiniu/handler.go +++ b/pkg/filesystem/driver/qiniu/handler.go @@ -13,10 +13,12 @@ import ( "time" model "github.com/cloudreve/Cloudreve/v3/models" + "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/response" "github.com/cloudreve/Cloudreve/v3/pkg/request" "github.com/cloudreve/Cloudreve/v3/pkg/serializer" + "github.com/cloudreve/Cloudreve/v3/pkg/util" "github.com/qiniu/go-sdk/v7/auth/qbox" "github.com/qiniu/go-sdk/v7/storage" ) @@ -231,6 +233,17 @@ func (handler *Driver) Delete(ctx context.Context, files []string) ([]string, er // Thumb 获取文件缩略图 func (handler *Driver) Thumb(ctx context.Context, file *model.File) (*response.ContentResponse, error) { + // quick check by extension name + // https://developer.qiniu.com/dora/api/basic-processing-images-imageview2 + supported := []string{"png", "jpg", "jpeg", "gif", "bmp", "webp", "tiff", "avif", "psd"} + if len(handler.Policy.OptionsSerialized.ThumbExts) > 0 { + supported = handler.Policy.OptionsSerialized.ThumbExts + } + + if !util.IsInExtensionList(supported, file.Name) || file.Size > (20<<(10*2)) { + return nil, driver.ErrorThumbNotSupported + } + var ( thumbSize = [2]uint{400, 300} ok = false diff --git a/pkg/filesystem/driver/s3/handler.go b/pkg/filesystem/driver/s3/handler.go index 98cb662..772126a 100644 --- a/pkg/filesystem/driver/s3/handler.go +++ b/pkg/filesystem/driver/s3/handler.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver" "io" "net/http" "net/url" @@ -265,7 +266,7 @@ func (handler *Driver) Delete(ctx context.Context, files []string) ([]string, er // Thumb 获取文件缩略图 func (handler *Driver) Thumb(ctx context.Context, file *model.File) (*response.ContentResponse, error) { - return nil, errors.New("未实现") + return nil, driver.ErrorThumbNotSupported } // Source 获取外链URL diff --git a/pkg/filesystem/driver/upyun/handler.go b/pkg/filesystem/driver/upyun/handler.go index 89192e5..f3a6d5d 100644 --- a/pkg/filesystem/driver/upyun/handler.go +++ b/pkg/filesystem/driver/upyun/handler.go @@ -18,10 +18,12 @@ import ( "time" model "github.com/cloudreve/Cloudreve/v3/models" + "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/driver" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/fsctx" "github.com/cloudreve/Cloudreve/v3/pkg/filesystem/response" "github.com/cloudreve/Cloudreve/v3/pkg/request" "github.com/cloudreve/Cloudreve/v3/pkg/serializer" + "github.com/cloudreve/Cloudreve/v3/pkg/util" "github.com/upyun/go-sdk/upyun" ) @@ -221,6 +223,17 @@ func (handler Driver) Delete(ctx context.Context, files []string) ([]string, err // Thumb 获取文件缩略图 func (handler Driver) Thumb(ctx context.Context, file *model.File) (*response.ContentResponse, error) { + // quick check by extension name + // https://help.upyun.com/knowledge-base/image/ + supported := []string{"png", "jpg", "jpeg", "gif", "bmp", "webp", "svg"} + if len(handler.Policy.OptionsSerialized.ThumbExts) > 0 { + supported = handler.Policy.OptionsSerialized.ThumbExts + } + + if !util.IsInExtensionList(supported, file.Name) { + return nil, driver.ErrorThumbNotSupported + } + var ( thumbSize = [2]uint{400, 300} ok = false