Merge tag 'v6.0'

author: Iván Ávalos <avalos@disroot.org> 2024-04-10 15:29:47 -0600
committer: Iván Ávalos <avalos@disroot.org> 2024-04-10 15:29:47 -0600
commit: e8456ae8ec5960b2119b7cdbcffac6d9ff004c95 (patch)
tree: ed5dfe5ff3b9e3491adf15b2abe83e13e2ccb6c0 /src/main/java/org/traccar/api/resource/DeviceResource.java
parent: 4dec2ef603f078ff3bd18d63d1fbd992537cbb88 (diff)
parent: 9a285e59e580994dc9c3f80935f766f3dafdcd46 (diff)
download: trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.tar.gz
trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.tar.bz2
trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.zip
1 files changed, 32 insertions, 2 deletions
diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java
index 89bba7237..56253152f 100644
--- a/src/main/java/org/traccar/api/resource/DeviceResource.java
+++ b/src/main/java/org/traccar/api/resource/DeviceResource.java
@@ -62,6 +62,9 @@ import java.util.List;
 @Consumes(MediaType.APPLICATION_JSON)
 public class DeviceResource extends BaseObjectResource<Device> {
 
+    private static final int DEFAULT_BUFFER_SIZE = 8192;
+    private static final int IMAGE_SIZE_LIMIT = 500000;
+
     @Inject
     private Config config;
 
@@ -172,6 +175,23 @@ public class DeviceResource extends BaseObjectResource<Device> {
         return Response.noContent().build();
     }
 
+    private String imageExtension(String type) {
+        switch (type) {
+            case "image/jpeg":
+                return "jpg";
+            case "image/png":
+                return "png";
+            case "image/gif":
+                return "gif";
+            case "image/webp":
+                return "webp";
+            case "image/svg+xml":
+                return "svg";
+            default:
+                throw new IllegalArgumentException("Unsupported image type");
+        }
+    }
+
     @Path("{id}/image")
     @POST
     @Consumes("image/*")
@@ -186,10 +206,20 @@ public class DeviceResource extends BaseObjectResource<Device> {
                         new Condition.Permission(User.class, getUserId(), Device.class))));
         if (device != null) {
             String name = "device";
-            String extension = type.substring("image/".length());
+            String extension = imageExtension(type);
             try (var input = new FileInputStream(file);
                     var output = mediaManager.createFileStream(device.getUniqueId(), name, extension)) {
-                input.transferTo(output);
+
+                long transferred = 0;
+                byte[] buffer = new byte[DEFAULT_BUFFER_SIZE];
+                int read;
+                while ((read = input.read(buffer, 0, buffer.length)) >= 0) {
+                    output.write(buffer, 0, read);
+                    transferred += read;
+                    if (transferred > IMAGE_SIZE_LIMIT) {
+                        throw new IllegalArgumentException("Image size limit exceeded");
+                    }
+                }
             }
             return Response.ok(name + "." + extension).build();
         }
author	Iván Ávalos <avalos@disroot.org>	2024-04-10 15:29:47 -0600
committer	Iván Ávalos <avalos@disroot.org>	2024-04-10 15:29:47 -0600
commit	e8456ae8ec5960b2119b7cdbcffac6d9ff004c95 (patch)
tree	ed5dfe5ff3b9e3491adf15b2abe83e13e2ccb6c0 /src/main/java/org/traccar/api/resource/DeviceResource.java
parent	4dec2ef603f078ff3bd18d63d1fbd992537cbb88 (diff)
parent	9a285e59e580994dc9c3f80935f766f3dafdcd46 (diff)
download	trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.tar.gz trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.tar.bz2 trackermap-server-e8456ae8ec5960b2119b7cdbcffac6d9ff004c95.zip