Unify success codes and update upload deps

back/main.py

@@ -8,6 +8,8 @@ import os
 import uuid
 import json
 import filetype
+from PIL import Image
+from PIL import UnidentifiedImageError
 from datetime import datetime
 
 app = Flask(__name__)
@@ -212,6 +214,23 @@ def save_hashtags(tag_type, target_id, hashtopic):
         )
         db.session.add(new_tag)
 
+def mime_allowed(mime, rules):
+    if not rules:
+        return True
+    if not mime:
+        return False
+    mime = mime.lower()
+    for rule in rules:
+        rule = str(rule).strip().lower()
+        if not rule:
+            continue
+        if rule == 'image/*':
+            if mime.startswith('image/'):
+                return True
+        if mime == rule:
+            return True
+    return False
+
 # --- 用户普通api端点 ---
 @app.route('/api/settings', methods=['GET'])
 def get_settings():
@@ -244,7 +263,7 @@ def get_about():
             "data": settings.about
         })
     else:
-        # about在初始化时不会被设置，避免管理面板报错，返回默认文本
+        # about在初始化时不会被设置，避免报错，返回默认文本
         return jsonify({
             "code": 1000,
             "data": "# 默认关于页面\n关于页面未设置，请前往管理面板操作。"
@@ -354,7 +373,7 @@ def submit_post():
         save_hashtags(0, new_post.id, hashtopic)
         db.session.commit()
         
-        code = 1002 if new_post.status == 'Pending' else 1001
+        code = 1002 if new_post.status == 'Pending' else 1000
         return jsonify({"code": code, "data": {"id": new_post.id}})
     except Exception as e:
         db.session.rollback()
@@ -409,7 +428,7 @@ def submit_comment():
         save_hashtags(1, new_comment.id, hashtopic)
         db.session.commit()
         
-        return jsonify({"code": 1001, "data": {"id": new_comment.id}})
+        return jsonify({"code": 1000, "data": {"id": new_comment.id}})
     except Exception as e:
         db.session.rollback()
         return jsonify({"code": 2003, "data": f"评论失败: {str(e)}"})
@@ -448,7 +467,7 @@ def submit_report():
         db.session.add(report)
         db.session.commit()
 
-        return jsonify({"code": 1001, "data": {"id": report.id}})
+        return jsonify({"code": 1000, "data": {"id": report.id}})
     except Exception as e:
         return jsonify({"code": 2003, "data": f"投诉失败: {str(e)}"})
 
@@ -499,15 +518,27 @@ def upload_pic():
         if FILE_SIZE_LIMIT_MB is not None:
             limit_bytes = float(FILE_SIZE_LIMIT_MB) * 1024 * 1024
             if file_length > limit_bytes:
-                return jsonify({"code": 2006, "data": "上传的图片超出限制大小"})
+                return jsonify({"code": 2006, "data": f"上传的图片超出{FILE_SIZE_LIMIT_MB}MB限制大小"})
 
         ext = os.path.splitext(file.filename)[1].lstrip('.').lower()
         kind = filetype.guess(file.read(5120))
         file.seek(0)
         detected_mime = kind.mime if kind else None
-        if not detected_mime or (FILE_FORMATS and detected_mime.lower() not in FILE_FORMATS):
+        if not detected_mime or not mime_allowed(detected_mime, FILE_FORMATS):
             return jsonify({"code": 2007, "data": "上传的文件类型不支持"})
 
+        try:
+            file.seek(0)
+            img = Image.open(file)
+            img.verify()
+            file.seek(0)
+        except (UnidentifiedImageError, OSError):
+            file.seek(0)
+            return jsonify({"code": 2008, "data": "上传的文件损坏"})
+        except Exception:
+            file.seek(0)
+            return jsonify({"code": 2008, "data": "上传的文件损坏"})
+
         if not ext and kind:
             ext = kind.extension
         filename = f"{uuid.uuid4().hex}.{ext}" if ext else uuid.uuid4().hex
@@ -519,7 +550,7 @@ def upload_pic():
         db.session.add(ImgFile(path=filename, name=name, identity_token=identity_token))
         db.session.commit()
 
-        return jsonify({"code": 1001, "data": f"/api/files/{filename}"})
+        return jsonify({"code": 1000, "data": f"/api/files/{filename}"})
     except Exception as e:
         return jsonify({"code": 2003, "data": str(e)})