[Refactor] expand admin multipart image upload capacity

[LeeHanEum]

🌱 관련 이슈

• close #

📌 작업 내용 및 특이 사항

• 관리자 이미지 업로드 시 용량 제한 완화

📝 참고

📌 체크 리스트

• 리뷰어를 추가하셨나요 ?
• 변경사항에 대해 충분히 설명하고 있나요 ?

Summary by CodeRabbit

• Chores
  • Updated file upload configuration to support uploads up to 10MB per file and 10MB per request.

[coderabbitai]

📝 Walkthrough

Walkthrough

Spring Boot multipart upload configuration was added to the application settings, specifying maximum file size and maximum request size limits of 10MB each. No functional code or public API entities were modified.

Changes

Cohort / File(s)	Summary
Spring Boot Multipart Configuration pida-core/core-api/src/main/resources/application.yml	Added spring.servlet.multipart configuration with max-file-size and max-request-size constraints set to 10MB.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hop, hop, hooray! the rabbit did say,
Ten megabytes bounded in style,
Configuration tucked neat, makes uploads so sweet,
A simple addition, worthwhile! 📦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: relaxing capacity limits for multipart file uploads by configuring max-file-size and max-request-size to 10MB.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/max-multipart-upload

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pida-core/core-api/src/main/resources/application.yml (1)

23-26: Add explicit validation to multipart upload endpoints and adjust size configuration.

Only two multipart upload endpoints exist in the codebase (FlowerSpotCafeController.uploadThumbnail and FlowerEventController.uploadThumbnail), both admin-only. The global spring.servlet.multipart configuration is appropriate here since no other multipart endpoints exist.

However, consider these improvements:

1. Neither endpoint has explicit size validation — they rely solely on the global limit. Add validation at the controller level for defense in depth:

   require(thumbnail.size <= 10 * 1024 * 1024) { "File size must not exceed 10MB" }
   require(thumbnail.contentType?.startsWith("image/") == true) { "Only image files are allowed" }

2. Adjust max-request-size for headroom — both are set to 10MB, leaving no room for other multipart fields. Set max-request-size: 12MB to accommodate the file plus metadata.

3. Document the 10MB choice — add a comment explaining why this limit was selected (e.g., support for high-resolution thumbnails).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pida-core/core-api/src/main/resources/application.yml` around lines 23 - 26,
Update the multipart configuration and add defense-in-depth checks: change
spring.servlet.multipart.max-request-size to 12MB in application.yml (leave
max-file-size at 10MB and add a short comment documenting the 10MB choice for
high-resolution thumbnails), and add explicit validation inside
FlowerSpotCafeController.uploadThumbnail and
FlowerEventController.uploadThumbnail to assert thumbnail.size <= 10 * 1024 *
1024 and thumbnail.contentType?.startsWith("image/") == true (throw a bad
request / require failure with a clear message) so uploads are validated at the
controller level even if global limits change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pida-core/core-api/src/main/resources/application.yml`:
- Around line 23-26: Update the multipart configuration and add defense-in-depth
checks: change spring.servlet.multipart.max-request-size to 12MB in
application.yml (leave max-file-size at 10MB and add a short comment documenting
the 10MB choice for high-resolution thumbnails), and add explicit validation
inside FlowerSpotCafeController.uploadThumbnail and
FlowerEventController.uploadThumbnail to assert thumbnail.size <= 10 * 1024 *
1024 and thumbnail.contentType?.startsWith("image/") == true (throw a bad
request / require failure with a clear message) so uploads are validated at the
controller level even if global limits change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e96cb069-28a6-4947-ba32-f6f454e59a5b

📥 Commits

Reviewing files that changed from the base of the PR and between fcb4790 and 27118d1.

📒 Files selected for processing (1)

• pida-core/core-api/src/main/resources/application.yml