[Refactor] expand admin multipart image upload capacity#139
[Refactor] expand admin multipart image upload capacity#139
Conversation
📝 WalkthroughWalkthroughSpring Boot multipart upload configuration was added to the application settings, specifying maximum file size and maximum request size limits of 10MB each. No functional code or public API entities were modified. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
pida-core/core-api/src/main/resources/application.yml (1)
23-26: Add explicit validation to multipart upload endpoints and adjust size configuration.Only two multipart upload endpoints exist in the codebase (
FlowerSpotCafeController.uploadThumbnailandFlowerEventController.uploadThumbnail), both admin-only. The globalspring.servlet.multipartconfiguration is appropriate here since no other multipart endpoints exist.However, consider these improvements:
Neither endpoint has explicit size validation — they rely solely on the global limit. Add validation at the controller level for defense in depth:
require(thumbnail.size <= 10 * 1024 * 1024) { "File size must not exceed 10MB" } require(thumbnail.contentType?.startsWith("image/") == true) { "Only image files are allowed" }Adjust
max-request-sizefor headroom — both are set to 10MB, leaving no room for other multipart fields. Setmax-request-size: 12MBto accommodate the file plus metadata.Document the 10MB choice — add a comment explaining why this limit was selected (e.g., support for high-resolution thumbnails).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pida-core/core-api/src/main/resources/application.yml` around lines 23 - 26, Update the multipart configuration and add defense-in-depth checks: change spring.servlet.multipart.max-request-size to 12MB in application.yml (leave max-file-size at 10MB and add a short comment documenting the 10MB choice for high-resolution thumbnails), and add explicit validation inside FlowerSpotCafeController.uploadThumbnail and FlowerEventController.uploadThumbnail to assert thumbnail.size <= 10 * 1024 * 1024 and thumbnail.contentType?.startsWith("image/") == true (throw a bad request / require failure with a clear message) so uploads are validated at the controller level even if global limits change.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@pida-core/core-api/src/main/resources/application.yml`:
- Around line 23-26: Update the multipart configuration and add defense-in-depth
checks: change spring.servlet.multipart.max-request-size to 12MB in
application.yml (leave max-file-size at 10MB and add a short comment documenting
the 10MB choice for high-resolution thumbnails), and add explicit validation
inside FlowerSpotCafeController.uploadThumbnail and
FlowerEventController.uploadThumbnail to assert thumbnail.size <= 10 * 1024 *
1024 and thumbnail.contentType?.startsWith("image/") == true (throw a bad
request / require failure with a clear message) so uploads are validated at the
controller level even if global limits change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e96cb069-28a6-4947-ba32-f6f454e59a5b
📒 Files selected for processing (1)
pida-core/core-api/src/main/resources/application.yml
1 participant
🌱 관련 이슈
📌 작업 내용 및 특이 사항
📝 참고
📌 체크 리스트
Summary by CodeRabbit