Merge branch 'security_fix/uploadfile_ix' of eta_server/eta_api into master

controllers/banner.go

@@ -4,7 +4,6 @@ import (
 	"eta/eta_api/models"
 	"eta/eta_api/services"
 	"eta/eta_api/utils"
-	"github.com/h2non/filetype"
 	"io/ioutil"
 	"os"
 	"path"
@@ -53,14 +52,24 @@ func (this *BannerController) Upload() {
 		br.ErrMsg = "读取文件失败, Err: " + e.Error()
 		return
 	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
-		br.Msg = "文件格式有误"
-		br.ErrMsg = "文件格式有误"
+	//pass := filetype.IsImage(fileData)
+	//if !pass {
+	//	br.Msg = "文件格式有误"
+	//	br.ErrMsg = "文件格式有误"
+	//	return
+	//}
+	ext := path.Ext(h.Filename)
+	if !utils.IsValidType(fileData, []utils.SourceType{
+		utils.Image,
+	}, []string{
+		"jpg",
+		"png",
+	}, ext) {
+		br.Msg = "文件格式不支持"
+		br.ErrMsg = "文件格式不支持"
 		return
 	}
 
-	ext := path.Ext(h.Filename)
 	dateDir := time.Now().Format("20060102")
 	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
 	err = os.MkdirAll(uploadDir, utils.DIR_MOD)

controllers/material/material.go

@@ -10,7 +10,6 @@ import (
 	materialService "eta/eta_api/services/material"
 	"eta/eta_api/utils"
 	"fmt"
-	"github.com/h2non/filetype"
 	"github.com/rdlucklib/rdluck_tools/http"
 	"github.com/rdlucklib/rdluck_tools/paging"
 	"io/ioutil"
@@ -1368,13 +1367,23 @@ func (this *MaterialController) Upload() {
 		br.ErrMsg = "读取文件失败, Err: " + e.Error()
 		return
 	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
-		br.Msg = "文件格式有误"
-		br.ErrMsg = "文件格式有误"
+	//pass := filetype.IsImage(fileData)
+	//if !pass {
+	//	br.Msg = "文件格式有误"
+	//	br.ErrMsg = "文件格式有误"
+	//	return
+	//}
+	ext := path.Ext(h.Filename)
+	if !utils.IsValidType(fileData, []utils.SourceType{
+		utils.Image,
+	}, []string{
+		"jpg",
+		"png",
+	}, ext) {
+		br.Msg = "文件格式不支持"
+		br.ErrMsg = "文件格式不支持"
 		return
 	}
-	ext := path.Ext(h.Filename)
 	randStr := utils.GetRandStringNoSpecialChar(28)
 	fileName := randStr + ext
 

controllers/report.go

@@ -232,112 +232,122 @@ func (this *ReportController) Delete() {
 //	br.Msg = "保存成功"
 //	br.Data = resp
 //}
-
-// Upload
-// @Title 图片上传
-// @Description 图片上传接口
-// @Param   file   query   file  true       "文件"
-// @Success 200 新增成功
-// @router /upload [post]
-func (this *ReportController) Upload() {
-	br := new(models.BaseResponse).Init()
-	defer func() {
-		this.Data["json"] = br
-		this.ServeJSON()
-	}()
-	f, h, err := this.GetFile("file")
-	if err != nil {
-		br.Msg = "获取资源信息失败"
-		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
-		return
-	}
-
-	fileData, e := io.ReadAll(f)
-	if e != nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "读取文件失败, Err: " + e.Error()
-		return
-	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
-		br.Msg = "文件格式有误"
-		br.ErrMsg = "文件格式有误"
-		return
-	}
-
-	ext := path.Ext(h.Filename)
-	dateDir := time.Now().Format("20060102")
-	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
-	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
-	if err != nil {
-		br.Msg = "存储目录创建失败"
-		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
-		return
-	}
-	randStr := utils.GetRandStringNoSpecialChar(28)
-	fileName := randStr + ext
-	fpath := uploadDir + "/" + fileName
-	defer f.Close() //关闭上传文件
-	err = this.SaveToFile("file", fpath)
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-
-	resourceUrl := ``
-	//上传到阿里云 和 minio
-	//if utils.ObjectStorageClient == "minio" {
-	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//} else {
-	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//}
-	ossClient := services.NewOssClient()
-	if ossClient == nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "初始化OSS服务失败"
-		return
-	}
-	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-
-	defer func() {
-		os.Remove(fpath)
-	}()
-
-	item := new(models.Resource)
-	item.ResourceUrl = resourceUrl
-	item.ResourceType = 1
-	item.CreateTime = time.Now()
-	newId, err := models.AddResource(item)
-	if err != nil {
-		br.Msg = "资源上传失败"
-		br.ErrMsg = "资源上传失败,Err:" + err.Error()
-		return
-	}
-	resp := new(models.ResourceResp)
-	resp.Id = newId
-	resp.ResourceUrl = resourceUrl
-	br.Msg = "上传成功"
-	br.Ret = 200
-	br.Success = true
-	br.Data = resp
-	return
-}
+//
+//// Upload
+//// @Title 图片上传
+//// @Description 图片上传接口
+//// @Param   file   query   file  true       "文件"
+//// @Success 200 新增成功
+//// @router /upload [post]
+//func (this *ReportController) Upload() {
+//	br := new(models.BaseResponse).Init()
+//	defer func() {
+//		this.Data["json"] = br
+//		this.ServeJSON()
+//	}()
+//	f, h, err := this.GetFile("file")
+//	if err != nil {
+//		br.Msg = "获取资源信息失败"
+//		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
+//		return
+//	}
+//
+//	fileData, e := io.ReadAll(f)
+//	if e != nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "读取文件失败, Err: " + e.Error()
+//		return
+//	}
+//	//pass := filetype.IsImage(fileData)
+//	//if !pass {
+//	//	br.Msg = "文件格式有误"
+//	//	br.ErrMsg = "文件格式有误"
+//	//	return
+//	//}
+//
+//	ext := path.Ext(h.Filename)
+//	if !utils.IsValidType(fileData, []utils.SourceType{
+//		utils.Image,
+//	}, []string{
+//		"jpg",
+//		"png",
+//	}, ext) {
+//		br.Msg = "文件格式不支持"
+//		br.ErrMsg = "文件格式不支持"
+//		return
+//	}
+//	dateDir := time.Now().Format("20060102")
+//	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
+//	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
+//	if err != nil {
+//		br.Msg = "存储目录创建失败"
+//		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
+//		return
+//	}
+//	randStr := utils.GetRandStringNoSpecialChar(28)
+//	fileName := randStr + ext
+//	fpath := uploadDir + "/" + fileName
+//	defer f.Close() //关闭上传文件
+//	err = this.SaveToFile("file", fpath)
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//
+//	resourceUrl := ``
+//	//上传到阿里云 和 minio
+//	//if utils.ObjectStorageClient == "minio" {
+//	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//} else {
+//	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//}
+//	ossClient := services.NewOssClient()
+//	if ossClient == nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "初始化OSS服务失败"
+//		return
+//	}
+//	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//
+//	defer func() {
+//		os.Remove(fpath)
+//	}()
+//
+//	item := new(models.Resource)
+//	item.ResourceUrl = resourceUrl
+//	item.ResourceType = 1
+//	item.CreateTime = time.Now()
+//	newId, err := models.AddResource(item)
+//	if err != nil {
+//		br.Msg = "资源上传失败"
+//		br.ErrMsg = "资源上传失败,Err:" + err.Error()
+//		return
+//	}
+//	resp := new(models.ResourceResp)
+//	resp.Id = newId
+//	resp.ResourceUrl = resourceUrl
+//	br.Msg = "上传成功"
+//	br.Ret = 200
+//	br.Success = true
+//	br.Data = resp
+//	return
+//}
 
 // ClassifyIdDetail
 // @Title 根据分类获取最近一次报告详情接口
@@ -517,8 +527,23 @@ func (this *ReportUploadCommonController) UploadImg() {
 		err = fmt.Errorf("读取文件失败, Err: %s", e.Error())
 		return
 	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
+	//pass := filetype.IsImage(fileData)
+	//if !pass {
+	//	kind, _ := filetype.Match(fileData)
+	//	if kind.Extension != "pdf" {
+	//		err = fmt.Errorf("文件格式有误")
+	//		return
+	//	}
+	//	fmt.Printf("File type: %s. MIME: %s\n", kind.Extension, kind.MIME.Value)
+	//}
+
+	ext := path.Ext(h.Filename)
+	if !utils.IsValidType(fileData, []utils.SourceType{
+		utils.Image,
+	}, []string{
+		"jpg",
+		"png",
+	}, ext) {
 		kind, _ := filetype.Match(fileData)
 		if kind.Extension != "pdf" {
 			err = fmt.Errorf("文件格式有误")
@@ -526,8 +551,6 @@ func (this *ReportUploadCommonController) UploadImg() {
 		}
 		fmt.Printf("File type: %s. MIME: %s\n", kind.Extension, kind.MIME.Value)
 	}
-
-	ext := path.Ext(h.Filename)
 	dateDir := time.Now().Format("20060102")
 	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
 	err = os.MkdirAll(uploadDir, utils.DIR_MOD)

controllers/resource.go

@@ -30,113 +30,124 @@ type ResourceAuthController struct {
 	BaseAuthController
 }
 
-// @Title 图片上传
-// @Description 图片上传接口
-// @Param   file   query   file  true       "文件"
-// @Success 200 {object} models.ResourceResp
-// @router /image/upload [post]
-func (this *ResourceController) Upload() {
-	br := new(models.BaseResponse).Init()
-	defer func() {
-		this.Data["json"] = br
-		this.ServeJSON()
-	}()
-	f, h, err := this.GetFile("file")
-	if err != nil {
-		br.Msg = "获取资源信息失败"
-		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
-		return
-	}
-
-	fileData, e := ioutil.ReadAll(f)
-	if e != nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "读取文件失败, Err: " + e.Error()
-		return
-	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
-		br.Msg = "文件格式有误"
-		br.ErrMsg = "文件格式有误"
-		return
-	}
-
-	uploadFileName := h.Filename //上传的文件名
-	ext := path.Ext(h.Filename)
-	dateDir := time.Now().Format("20060102")
-	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
-	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
-	if err != nil {
-		br.Msg = "存储目录创建失败"
-		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
-		return
-	}
-	randStr := utils.GetRandStringNoSpecialChar(28)
-	fileName := randStr + ext
-	fpath := uploadDir + "/" + fileName
-	defer f.Close() //关闭上传文件
-	err = this.SaveToFile("file", fpath)
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-	resourceUrl := ``
-	//上传到阿里云 和 minio
-	//if utils.ObjectStorageClient == "minio" {
-	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//} else {
-	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//}
-	ossClient := services.NewOssClient()
-	if ossClient == nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "初始化OSS服务失败"
-		return
-	}
-	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-
-	defer func() {
-		os.Remove(fpath)
-	}()
-
-	item := new(models.Resource)
-	item.ResourceUrl = resourceUrl
-	item.ResourceType = 1
-	item.CreateTime = time.Now()
-	newId, err := models.AddResource(item)
-	if err != nil {
-		br.Msg = "资源上传失败"
-		br.ErrMsg = "资源上传失败,Err:" + err.Error()
-		return
-	}
-	resp := models.ResourceResp{
-		Id:           newId,
-		ResourceUrl:  resourceUrl,
-		ResourceName: uploadFileName,
-	}
-
-	br.Msg = "上传成功"
-	br.Ret = 200
-	br.Success = true
-	br.Data = resp
-	return
-}
+//
+//// @Title 图片上传
+//// @Description 图片上传接口
+//// @Param   file   query   file  true       "文件"
+//// @Success 200 {object} models.ResourceResp
+//// @router /image/upload [post]
+//func (this *ResourceController) Upload() {
+//	br := new(models.BaseResponse).Init()
+//	defer func() {
+//		this.Data["json"] = br
+//		this.ServeJSON()
+//	}()
+//	f, h, err := this.GetFile("file")
+//	if err != nil {
+//		br.Msg = "获取资源信息失败"
+//		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
+//		return
+//	}
+//
+//	fileData, e := ioutil.ReadAll(f)
+//	if e != nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "读取文件失败, Err: " + e.Error()
+//		return
+//	}
+//	//pass := filetype.IsImage(fileData)
+//	//if !pass {
+//	//	br.Msg = "文件格式有误"
+//	//	br.ErrMsg = "文件格式有误"
+//	//	return
+//	//}
+//
+//	uploadFileName := h.Filename //上传的文件名
+//	ext := path.Ext(h.Filename)
+//	if !utils.IsValidType(fileData, []utils.SourceType{
+//		utils.Image,
+//	}, []string{
+//		"jpg",
+//		"png",
+//	}, ext) {
+//		br.Msg = "文件格式不支持"
+//		br.ErrMsg = "文件格式不支持"
+//		return
+//	}
+//	dateDir := time.Now().Format("20060102")
+//	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
+//	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
+//	if err != nil {
+//		br.Msg = "存储目录创建失败"
+//		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
+//		return
+//	}
+//	randStr := utils.GetRandStringNoSpecialChar(28)
+//	fileName := randStr + ext
+//	fpath := uploadDir + "/" + fileName
+//	defer f.Close() //关闭上传文件
+//	err = this.SaveToFile("file", fpath)
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//	resourceUrl := ``
+//	//上传到阿里云 和 minio
+//	//if utils.ObjectStorageClient == "minio" {
+//	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//} else {
+//	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//}
+//	ossClient := services.NewOssClient()
+//	if ossClient == nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "初始化OSS服务失败"
+//		return
+//	}
+//	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//
+//	defer func() {
+//		os.Remove(fpath)
+//	}()
+//
+//	item := new(models.Resource)
+//	item.ResourceUrl = resourceUrl
+//	item.ResourceType = 1
+//	item.CreateTime = time.Now()
+//	newId, err := models.AddResource(item)
+//	if err != nil {
+//		br.Msg = "资源上传失败"
+//		br.ErrMsg = "资源上传失败,Err:" + err.Error()
+//		return
+//	}
+//	resp := models.ResourceResp{
+//		Id:           newId,
+//		ResourceUrl:  resourceUrl,
+//		ResourceName: uploadFileName,
+//	}
+//
+//	br.Msg = "上传成功"
+//	br.Ret = 200
+//	br.Success = true
+//	br.Data = resp
+//	return
+//}
 
 // @Title 视频上传
 // @Description 视频上传接口
@@ -662,14 +673,24 @@ func (this *ResourceController) UploadImageBase64() {
 			br.ErrMsg = "读取文件失败, Err: " + e.Error()
 			return
 		}
-		pass := filetype.IsImage(fileData)
-		if !pass {
-			br.Msg = "文件格式有误"
-			br.ErrMsg = "文件格式有误"
-			return
-		}
+		//pass := filetype.IsImage(fileData)
+		//if !pass {
+		//	br.Msg = "文件格式有误"
+		//	br.ErrMsg = "文件格式有误"
+		//	return
+		//}
 
 		ext = path.Ext(h.Filename)
+		if !utils.IsValidType(fileData, []utils.SourceType{
+			utils.Image,
+		}, []string{
+			"jpg",
+			"png",
+		}, ext) {
+			br.Msg = "文件格式不支持"
+			br.ErrMsg = "文件格式不支持"
+			return
+		}
 		dateDir := time.Now().Format("20060102")
 		uploadDir = utils.STATIC_DIR + "hongze/" + dateDir
 		err = os.MkdirAll(uploadDir, utils.DIR_MOD)
@@ -825,117 +846,129 @@ func IsFileExist(filename string) bool {
 	return true
 }
 
-// @Title 图片上传
-// @Description 图片上传接口
-// @Param   file   query   file  true       "文件"
-// @Success 200 新增成功
-// @router /image/uploadV2 [post]
-func (this *ResourceController) UploadV2() {
-	br := new(models.BaseResponse).Init()
-	defer func() {
-		this.Data["json"] = br
-		this.ServeJSON()
-	}()
-	businessType := this.Ctx.Request.Form.Get("business_type")
-	//this.Ctx.Request
-	fmt.Println("businessType:", businessType)
-	fmt.Println(this.Ctx.Request.Form)
-	fmt.Println("===========")
-	br.Data = businessType
-
-	f, h, err := this.GetFile("file")
-	if err != nil {
-		br.Msg = "获取资源信息失败"
-		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
-		return
-	}
-
-	fileData, e := ioutil.ReadAll(f)
-	if e != nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "读取文件失败, Err: " + e.Error()
-		return
-	}
-	pass := filetype.IsImage(fileData)
-	if !pass {
-		br.Msg = "文件格式有误"
-		br.ErrMsg = "文件格式有误"
-		return
-	}
-
-	ext := path.Ext(h.Filename)
-	dateDir := time.Now().Format("20060102")
-	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
-	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
-	if err != nil {
-		br.Msg = "存储目录创建失败"
-		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
-		return
-	}
-	randStr := utils.GetRandStringNoSpecialChar(28)
-	fileName := randStr + ext
-	fpath := uploadDir + "/" + fileName
-	defer f.Close() //关闭上传文件
-	err = this.SaveToFile("file", fpath)
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-	resourceUrl := ``
-	//上传到阿里云 和 minio
-	//if utils.ObjectStorageClient == "minio" {
-	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//} else {
-	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
-	//	if err != nil {
-	//		br.Msg = "文件上传失败"
-	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-	//		return
-	//	}
-	//}
-	ossClient := services.NewOssClient()
-	if ossClient == nil {
-		br.Msg = "上传失败"
-		br.ErrMsg = "初始化OSS服务失败"
-		return
-	}
-	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
-	if err != nil {
-		br.Msg = "文件上传失败"
-		br.ErrMsg = "文件上传失败，Err:" + err.Error()
-		return
-	}
-
-	defer func() {
-		os.Remove(fpath)
-	}()
-
-	item := new(models.Resource)
-	item.ResourceUrl = resourceUrl
-	item.ResourceType = 1
-	item.CreateTime = time.Now()
-	newId, err := models.AddResource(item)
-	if err != nil {
-		br.Msg = "资源上传失败"
-		br.ErrMsg = "资源上传失败,Err:" + err.Error()
-		return
-	}
-	resp := new(models.ResourceResp)
-	resp.Id = newId
-	resp.ResourceUrl = resourceUrl
-
-	br.Msg = "上传成功"
-	br.Ret = 200
-	br.Success = true
-	//br.Data = resp
-	return
-}
+//
+//// @Title 图片上传
+//// @Description 图片上传接口
+//// @Param   file   query   file  true       "文件"
+//// @Success 200 新增成功
+//// @router /image/uploadV2 [post]
+//func (this *ResourceController) UploadV2() {
+//	br := new(models.BaseResponse).Init()
+//	defer func() {
+//		this.Data["json"] = br
+//		this.ServeJSON()
+//	}()
+//	businessType := this.Ctx.Request.Form.Get("business_type")
+//	//this.Ctx.Request
+//	fmt.Println("businessType:", businessType)
+//	fmt.Println(this.Ctx.Request.Form)
+//	fmt.Println("===========")
+//	br.Data = businessType
+//
+//	f, h, err := this.GetFile("file")
+//	if err != nil {
+//		br.Msg = "获取资源信息失败"
+//		br.ErrMsg = "获取资源信息失败,Err:" + err.Error()
+//		return
+//	}
+//
+//	fileData, e := ioutil.ReadAll(f)
+//	if e != nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "读取文件失败, Err: " + e.Error()
+//		return
+//	}
+//	//pass := filetype.IsImage(fileData)
+//	//
+//	//if !pass {
+//	//	br.Msg = "文件格式有误"
+//	//	br.ErrMsg = "文件格式有误"
+//	//	return
+//	//}
+//
+//	ext := path.Ext(h.Filename)
+//	if !utils.IsValidType(fileData, []utils.SourceType{
+//		utils.Image,
+//	}, []string{
+//		"jpg",
+//		"png",
+//	}, ext) {
+//		br.Msg = "文件格式不支持"
+//		br.ErrMsg = "文件格式不支持"
+//		return
+//	}
+//	dateDir := time.Now().Format("20060102")
+//	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
+//	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
+//	if err != nil {
+//		br.Msg = "存储目录创建失败"
+//		br.ErrMsg = "存储目录创建失败,Err:" + err.Error()
+//		return
+//	}
+//	randStr := utils.GetRandStringNoSpecialChar(28)
+//	fileName := randStr + ext
+//	fpath := uploadDir + "/" + fileName
+//	defer f.Close() //关闭上传文件
+//	err = this.SaveToFile("file", fpath)
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//	resourceUrl := ``
+//	//上传到阿里云 和 minio
+//	//if utils.ObjectStorageClient == "minio" {
+//	//	resourceUrl, err = services.UploadImgToMinIo(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//} else {
+//	//	resourceUrl, err = services.UploadAliyunV2(fileName, fpath)
+//	//	if err != nil {
+//	//		br.Msg = "文件上传失败"
+//	//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//	//		return
+//	//	}
+//	//}
+//	ossClient := services.NewOssClient()
+//	if ossClient == nil {
+//		br.Msg = "上传失败"
+//		br.ErrMsg = "初始化OSS服务失败"
+//		return
+//	}
+//	resourceUrl, err = ossClient.UploadFile(fileName, fpath, "")
+//	if err != nil {
+//		br.Msg = "文件上传失败"
+//		br.ErrMsg = "文件上传失败，Err:" + err.Error()
+//		return
+//	}
+//
+//	defer func() {
+//		os.Remove(fpath)
+//	}()
+//
+//	item := new(models.Resource)
+//	item.ResourceUrl = resourceUrl
+//	item.ResourceType = 1
+//	item.CreateTime = time.Now()
+//	newId, err := models.AddResource(item)
+//	if err != nil {
+//		br.Msg = "资源上传失败"
+//		br.ErrMsg = "资源上传失败,Err:" + err.Error()
+//		return
+//	}
+//	resp := new(models.ResourceResp)
+//	resp.Id = newId
+//	resp.ResourceUrl = resourceUrl
+//
+//	br.Msg = "上传成功"
+//	br.Ret = 200
+//	br.Success = true
+//	//br.Data = resp
+//	return
+//}
 
 // @Title 获取STSToken
 // @Description 获取STSToken
@@ -1118,8 +1151,29 @@ func (this *ResourceController) FileUpload() {
 		return
 	}
 
-	uploadFileName := h.Filename //上传的文件名
 	ext := path.Ext(h.Filename)
+	fileData, e := io.ReadAll(f)
+	if e != nil {
+		br.Msg = "上传失败"
+		br.ErrMsg = "读取文件失败, Err: " + e.Error()
+		return
+	}
+	if !utils.IsValidType(fileData, []utils.SourceType{
+		utils.Image,
+		utils.Document,
+		utils.Archive,
+	}, []string{
+		"jpg",
+		"png",
+		"docx",
+		"xlsx",
+		"pdf",
+	}, ext) {
+		br.Msg = "文件格式不支持"
+		br.ErrMsg = "文件格式不支持"
+		return
+	}
+	uploadFileName := h.Filename //上传的文件名
 	dateDir := time.Now().Format("20060102")
 	uploadDir := utils.STATIC_DIR + "hongze/" + dateDir
 	err = os.MkdirAll(uploadDir, utils.DIR_MOD)
@@ -1171,7 +1225,6 @@ func (this *ResourceController) FileUpload() {
 		ResourceUrl:  resourceUrl,
 		ResourceName: uploadFileName,
 	}
-
 	br.Msg = "上传成功"
 	br.Ret = 200
 	br.Success = true

routers/commentsRouter.go

@@ -11410,15 +11410,6 @@ func init() {
             Filters: nil,
             Params: nil})
 
-    beego.GlobalControllerRouter["eta/eta_api/controllers:ReportController"] = append(beego.GlobalControllerRouter["eta/eta_api/controllers:ReportController"],
-        beego.ControllerComments{
-            Method: "Upload",
-            Router: `/upload`,
-            AllowHTTPMethods: []string{"post"},
-            MethodParams: param.Make(),
-            Filters: nil,
-            Params: nil})
-
     beego.GlobalControllerRouter["eta/eta_api/controllers:ReportUploadCommonController"] = append(beego.GlobalControllerRouter["eta/eta_api/controllers:ReportUploadCommonController"],
         beego.ControllerComments{
             Method: "UploadImg",
@@ -11464,24 +11455,6 @@ func init() {
             Filters: nil,
             Params: nil})
 
-    beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"] = append(beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"],
-        beego.ControllerComments{
-            Method: "Upload",
-            Router: `/image/upload`,
-            AllowHTTPMethods: []string{"post"},
-            MethodParams: param.Make(),
-            Filters: nil,
-            Params: nil})
-
-    beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"] = append(beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"],
-        beego.ControllerComments{
-            Method: "UploadV2",
-            Router: `/image/uploadV2`,
-            AllowHTTPMethods: []string{"post"},
-            MethodParams: param.Make(),
-            Filters: nil,
-            Params: nil})
-
     beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"] = append(beego.GlobalControllerRouter["eta/eta_api/controllers:ResourceController"],
         beego.ControllerComments{
             Method: "OssSTSToken",

utils/file.go

@@ -0,0 +1,90 @@
+package utils
+
+import (
+	"fmt"
+	"github.com/h2non/filetype"
+	"github.com/h2non/filetype/types"
+	"strings"
+	"sync"
+)
+
+type SourceType string
+
+const (
+	Image    SourceType = "image"
+	Video    SourceType = "video"
+	Archive  SourceType = "archive"
+	Audio    SourceType = "audio"
+	Document SourceType = "document"
+)
+
+func CheckFileType(buf []byte, sourceType SourceType, exactFileType []string, fileExt string) bool {
+	switch sourceType {
+	case Document:
+		kind, err := filetype.Document(buf)
+		if err != nil {
+			return false
+		}
+		return exactFile(exactFileType, kind, fileExt)
+	case Image:
+		kind, err := filetype.Image(buf)
+		if err != nil {
+			return false
+		}
+		return exactFile(exactFileType, kind, fileExt)
+	case Video:
+		kind, err := filetype.Video(buf)
+		if err != nil {
+			return false
+		}
+		return exactFile(exactFileType, kind, fileExt)
+	case Audio:
+		kind, err := filetype.Audio(buf)
+		if err != nil {
+			return false
+		}
+		return exactFile(exactFileType, kind, fileExt)
+	case Archive:
+		kind, err := filetype.Archive(buf)
+		if err != nil {
+			return false
+		}
+		return exactFile(exactFileType, kind, fileExt)
+	default:
+		return false
+	}
+}
+func exactFile(exactFileType []string, fileKind types.Type, fileExt string) bool {
+	lowCase := strings.ToLower(fileExt)
+	for _, fileType := range exactFileType {
+		if fileKind.Extension == fileType {
+			if lowCase != "" && (lowCase == fmt.Sprintf(".%s", fileKind.Extension) || (lowCase == ".jpeg" && fileKind.Extension == "jpg")) {
+				return true
+			}
+			return false
+		}
+	}
+	return false
+}
+func IsValidType(buf []byte, sourceTypes []SourceType, exactFileType []string, fileExt string) bool {
+	if len(sourceTypes) == 0 {
+		return false
+	}
+	var wg sync.WaitGroup
+	resultChan := make(chan bool, len(sourceTypes))
+	for _, sourceType := range sourceTypes {
+		wg.Add(1)
+		go func(st SourceType) {
+			defer wg.Done()
+			resultChan <- CheckFileType(buf, st, exactFileType, fileExt)
+		}(sourceType)
+	}
+	wg.Wait()
+	close(resultChan)
+	for result := range resultChan {
+		if result {
+			return true
+		}
+	}
+	return false
+}