From 1c29f3a604fe13c8a337935a1a1ad966b4b62d5b Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Thu, 4 Apr 2024 07:54:07 -0700 Subject: Handle explicit image types --- .../java/org/traccar/api/resource/DeviceResource.java | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'src/main/java/org/traccar/api/resource/DeviceResource.java') diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java index 89bba7237..d7236fe2a 100644 --- a/src/main/java/org/traccar/api/resource/DeviceResource.java +++ b/src/main/java/org/traccar/api/resource/DeviceResource.java @@ -172,6 +172,23 @@ public class DeviceResource extends BaseObjectResource { return Response.noContent().build(); } + private String imageExtension(String type) { + switch (type) { + case "image/jpeg": + return ".jpg"; + case "image/png": + return ".png"; + case "image/gif": + return ".gif"; + case "image/webp": + return ".webp"; + case "image/svg+xml": + return ".svg"; + default: + throw new IllegalArgumentException("Unsupported image type"); + } + } + @Path("{id}/image") @POST @Consumes("image/*") @@ -186,7 +203,7 @@ public class DeviceResource extends BaseObjectResource { new Condition.Permission(User.class, getUserId(), Device.class)))); if (device != null) { String name = "device"; - String extension = type.substring("image/".length()); + String extension = imageExtension(type); try (var input = new FileInputStream(file); var output = mediaManager.createFileStream(device.getUniqueId(), name, extension)) { input.transferTo(output); -- cgit v1.2.3 From b099b298f90074c825ba68ce73532933c7b9d901 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Thu, 4 Apr 2024 08:03:16 -0700 Subject: Remove extra dot --- src/main/java/org/traccar/api/resource/DeviceResource.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/main/java/org/traccar/api/resource/DeviceResource.java') diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java index d7236fe2a..2edb0d16d 100644 --- a/src/main/java/org/traccar/api/resource/DeviceResource.java +++ b/src/main/java/org/traccar/api/resource/DeviceResource.java @@ -175,15 +175,15 @@ public class DeviceResource extends BaseObjectResource { private String imageExtension(String type) { switch (type) { case "image/jpeg": - return ".jpg"; + return "jpg"; case "image/png": - return ".png"; + return "png"; case "image/gif": - return ".gif"; + return "gif"; case "image/webp": - return ".webp"; + return "webp"; case "image/svg+xml": - return ".svg"; + return "svg"; default: throw new IllegalArgumentException("Unsupported image type"); } -- cgit v1.2.3 From e001c629d89e75fae1b13f69fb71517b134f3e09 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Thu, 4 Apr 2024 08:39:22 -0700 Subject: Limit image file size --- .../java/org/traccar/api/resource/DeviceResource.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'src/main/java/org/traccar/api/resource/DeviceResource.java') diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java index 2edb0d16d..56253152f 100644 --- a/src/main/java/org/traccar/api/resource/DeviceResource.java +++ b/src/main/java/org/traccar/api/resource/DeviceResource.java @@ -62,6 +62,9 @@ import java.util.List; @Consumes(MediaType.APPLICATION_JSON) public class DeviceResource extends BaseObjectResource { + private static final int DEFAULT_BUFFER_SIZE = 8192; + private static final int IMAGE_SIZE_LIMIT = 500000; + @Inject private Config config; @@ -206,7 +209,17 @@ public class DeviceResource extends BaseObjectResource { String extension = imageExtension(type); try (var input = new FileInputStream(file); var output = mediaManager.createFileStream(device.getUniqueId(), name, extension)) { - input.transferTo(output); + + long transferred = 0; + byte[] buffer = new byte[DEFAULT_BUFFER_SIZE]; + int read; + while ((read = input.read(buffer, 0, buffer.length)) >= 0) { + output.write(buffer, 0, read); + transferred += read; + if (transferred > IMAGE_SIZE_LIMIT) { + throw new IllegalArgumentException("Image size limit exceeded"); + } + } } return Response.ok(name + "." + extension).build(); } -- cgit v1.2.3