duannai1883 2015-09-14 08:58
浏览 28
已采纳

如何检查通过多部分形式发布的文件是否为图像类型并且小于Go中给定的maxsize?

I would like to know if there is a way of checking the size and the type before uploading it to the server. I am worried about people trying to upload really large files to slow the server down on purpose.

I only know how to check the size of a file after I have copied it to the server. I don't know how to check the file type. I would like to do it before having to upload 2 GB of data, and then validating the file.

This is what I have so far but this copies the file to the server first which is not what I want.

func userUploadImage(w http.ResponseWriter, r *http.Request, _ httprouter.Params) error {
    mpf, mpfh, err := r.FormFile("file")
    if err != nil {
        return nil
    }
    defer mpf.Close()

    dstFile, err := os.Create(config.UploadDir + "/img/" + mpfh.Filename)
    if err != nil {
        return err
    }
    defer dstFile.Close()

    size, err := io.Copy(dstFile, mpf)
    if err != nil {
        return err
    }

    spew.Dump(size)
    return nil
}
  • 写回答

1条回答 默认 最新

  • dsvs50005 2015-09-14 10:04
    关注

    To avoid having tons of data uploaded to your server, I recommend wrapping your multipart.File, which is essentially an io.Reader with an io.LimitedReader, like

    wrapped := io.LimitReader(mpf,10*1024*1024)    //10 MiB

    and then work on the wrapped reader. This will read the specified amount of bytes and then return EOF, so anything larger than 10 MiB will be truncated.

    To check whether the received data is an image, you have two choices:

    1. Parse the data with image.Decode(io.Reader), that will throw an error if it can't parse the data as an image - this also allows you to check whether the received data is complete and correct. Note however that this takes some time/steals performance. Maybe you want to avoid this, if you just discard the decoded image afterwards. Be sure to check the godoc for the image package, as you will have to import any formats you expect to decode.
    2. Check the magic number, PNG files for example have 89 50 4e 47 0d 0a 1a 0a as their magic number. However, a correct magic number does not imply a correct image. Especially if you truncated larger images to 10 MiB.

    If you have the power needed to decode every image at hand, go for it - the results should be more precise, but this is just a recommendation.

    I would rather not check the FileHeader (pkg/mime/multipart/#FileHeader) for the file type, I expect it to be unreliable. You might, however, find information about the (original) file size in there, I recommend just dumping the FileHeaders for some requests.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程