dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate image size as soon as possible; pretty max size in the error

Browse Source
This commit is contained in:
ViacheslavKlimov 2023-12-12 11:55:57 +02:00
parent 27743c3e3a
commit 2cfa040cc5
3 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/src/main/java/org/thingsboard/server/controller/ImageController.java
View File

@ -50,9 +50,10 @@ import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.page.PageData; import org.thingsboard.server.common.data.page.PageData;
import org.thingsboard.server.common.data.page.PageLink; import org.thingsboard.server.common.data.page.PageLink;
import org.thingsboard.server.common.data.security.Authority; import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.dao.resource.ImageService;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.dao.resource.ImageCacheKey; import org.thingsboard.server.dao.resource.ImageCacheKey;
import org.thingsboard.server.dao.resource.ImageService;
import org.thingsboard.server.dao.service.validator.ResourceDataValidator;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.resource.TbImageService; import org.thingsboard.server.service.resource.TbImageService;
import org.thingsboard.server.service.security.model.SecurityUser; import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.permission.Operation; import org.thingsboard.server.service.security.permission.Operation;
@ -77,6 +78,8 @@ public class ImageController extends BaseController {
private final ImageService imageService; private final ImageService imageService;
private final TbImageService tbImageService; private final TbImageService tbImageService;
private final ResourceDataValidator resourceValidator;
@Value("${cache.image.systemImagesBrowserTtlInMinutes:0}") @Value("${cache.image.systemImagesBrowserTtlInMinutes:0}")
private int systemImagesBrowserTtlInMinutes; private int systemImagesBrowserTtlInMinutes;
@Value("${cache.image.tenantImagesBrowserTtlInMinutes:0}") @Value("${cache.image.tenantImagesBrowserTtlInMinutes:0}")
@ -94,6 +97,7 @@ public class ImageController extends BaseController {
TbResource image = new TbResource(); TbResource image = new TbResource();
image.setTenantId(user.getTenantId()); image.setTenantId(user.getTenantId());
accessControlService.checkPermission(user, Resource.TB_RESOURCE, Operation.CREATE, null, image); accessControlService.checkPermission(user, Resource.TB_RESOURCE, Operation.CREATE, null, image);
resourceValidator.validateResourceSize(user.getTenantId(), null, file.getSize());
image.setFileName(file.getOriginalFilename()); image.setFileName(file.getOriginalFilename());
if (StringUtils.isNotEmpty(title)) { if (StringUtils.isNotEmpty(title)) {
@ -115,6 +119,8 @@ public class ImageController extends BaseController {
@PathVariable String key, @PathVariable String key,
@RequestPart MultipartFile file) throws Exception { @RequestPart MultipartFile file) throws Exception {
TbResourceInfo imageInfo = checkImageInfo(type, key, Operation.WRITE); TbResourceInfo imageInfo = checkImageInfo(type, key, Operation.WRITE);
resourceValidator.validateResourceSize(getTenantId(), imageInfo.getId(), file.getSize());
TbResource image = new TbResource(imageInfo); TbResource image = new TbResource(imageInfo);
image.setData(file.getBytes()); image.setData(file.getBytes());
image.setFileName(file.getOriginalFilename()); image.setFileName(file.getOriginalFilename());

3
dao/src/main/java/org/thingsboard/server/dao/service/DataValidator.java
View File

@ -17,6 +17,7 @@ package org.thingsboard.server.dao.service;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.FileUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.thingsboard.server.common.data.BaseData; import org.thingsboard.server.common.data.BaseData;
@ -129,7 +130,7 @@ public abstract class DataValidator<D extends BaseData<?>> {
EntityType entityType) { EntityType entityType) {
if (maxSumDataSize > 0) { if (maxSumDataSize > 0) {
if (dataDao.sumDataSizeByTenantId(tenantId) + currentDataSize > maxSumDataSize) { if (dataDao.sumDataSizeByTenantId(tenantId) + currentDataSize > maxSumDataSize) {
throw new DataValidationException(String.format("%ss total size exceeds the maximum of " + maxSumDataSize + " bytes", entityType.getNormalName())); throw new DataValidationException(String.format("%ss total size exceeds the maximum of " + FileUtils.byteCountToDisplaySize(maxSumDataSize), entityType.getNormalName()));
} }
} }
} }

33
dao/src/main/java/org/thingsboard/server/dao/service/validator/ResourceDataValidator.java
View File

@ -15,12 +15,14 @@
*/ */
package org.thingsboard.server.dao.service.validator; package org.thingsboard.server.dao.service.validator;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.thingsboard.server.common.data.TbResource; import org.thingsboard.server.common.data.TbResource;
import org.thingsboard.server.common.data.id.EntityId; import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TbResourceId;
import org.thingsboard.server.common.data.id.TenantId; import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.tenant.profile.DefaultTenantProfileConfiguration; import org.thingsboard.server.common.data.tenant.profile.DefaultTenantProfileConfiguration;
import org.thingsboard.server.common.data.widget.BaseWidgetType; import org.thingsboard.server.common.data.widget.BaseWidgetType;
@ -83,19 +85,8 @@ public class ResourceDataValidator extends DataValidator<TbResource> {
if (resource.getResourceType() == null) { if (resource.getResourceType() == null) {
throw new DataValidationException("Resource type should be specified!"); throw new DataValidationException("Resource type should be specified!");
} }
if (!resource.getTenantId().isSysTenantId() && resource.getData() != null) { if (resource.getData() != null) {
DefaultTenantProfileConfiguration profileConfiguration = tenantProfileCache.get(tenantId).getDefaultProfileConfiguration(); validateResourceSize(resource.getTenantId(), resource.getId(), resource.getData().length);
long maxResourceSize = profileConfiguration.getMaxResourceSize();
if (maxResourceSize > 0 && resource.getData().length > maxResourceSize) {
throw new IllegalArgumentException("Resource exceeds the maximum size of " + maxResourceSize + " bytes");
}
long maxSumResourcesDataInBytes = profileConfiguration.getMaxResourcesInBytes();
int dataSize = resource.getData().length;
if (resource.getId() != null) {
long prevSize = resourceDao.getResourceSize(tenantId, resource.getId());
dataSize -= prevSize;
}
validateMaxSumDataSizePerTenant(tenantId, resourceDao, maxSumResourcesDataInBytes, dataSize, TB_RESOURCE);
} }
if (StringUtils.isEmpty(resource.getFileName())) { if (StringUtils.isEmpty(resource.getFileName())) {
throw new DataValidationException("Resource file name should be specified!"); throw new DataValidationException("Resource file name should be specified!");
@ -108,6 +99,22 @@ public class ResourceDataValidator extends DataValidator<TbResource> {
} }
} }
public void validateResourceSize(TenantId tenantId, TbResourceId resourceId, long dataSize) {
if (!tenantId.isSysTenantId()) {
DefaultTenantProfileConfiguration profileConfiguration = tenantProfileCache.get(tenantId).getDefaultProfileConfiguration();
long maxResourceSize = profileConfiguration.getMaxResourceSize();
if (maxResourceSize > 0 && dataSize > maxResourceSize) {
throw new IllegalArgumentException("Resource exceeds the maximum size of " + FileUtils.byteCountToDisplaySize(maxResourceSize));
}
long maxSumResourcesDataInBytes = profileConfiguration.getMaxResourcesInBytes();
if (resourceId != null) {
long prevSize = resourceDao.getResourceSize(tenantId, resourceId);
dataSize -= prevSize;
}
validateMaxSumDataSizePerTenant(tenantId, resourceDao, maxSumResourcesDataInBytes, dataSize, TB_RESOURCE);
}
}
@Override @Override
public void validateDelete(TenantId tenantId, EntityId resourceId) { public void validateDelete(TenantId tenantId, EntityId resourceId) {
List<WidgetTypeDetails> widgets = widgetTypeDao.findWidgetTypesInfosByTenantIdAndResourceId(tenantId.getId(), List<WidgetTypeDetails> widgets = widgetTypeDao.findWidgetTypesInfosByTenantIdAndResourceId(tenantId.getId(),