diff --git a/backend/src/main/java/io/dataease/controller/staticResource/StaticResourceController.java b/backend/src/main/java/io/dataease/controller/staticResource/StaticResourceController.java
index 277552ecc3..1d2e5368bf 100644
--- a/backend/src/main/java/io/dataease/controller/staticResource/StaticResourceController.java
+++ b/backend/src/main/java/io/dataease/controller/staticResource/StaticResourceController.java
@@ -16,7 +16,7 @@ import java.util.Map;
  * Description:
  */
 @RestController
-@RequestMapping("/static/resource")
+@RequestMapping("/staticResource")
 public class StaticResourceController {
 
     @Resource
diff --git a/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java b/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java
index 309f0d6f3b..19a8c5a04d 100644
--- a/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java
+++ b/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java
@@ -3,6 +3,7 @@ package io.dataease.service.staticResource;
 import cn.hutool.core.codec.Base64Decoder;
 import cn.hutool.core.collection.CollectionUtil;
 import com.google.gson.Gson;
+import io.dataease.commons.exception.DEException;
 import io.dataease.commons.utils.FileUtils;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.commons.utils.StaticResourceUtils;
@@ -14,7 +15,10 @@ import org.springframework.util.Assert;
 import org.springframework.util.FileCopyUtils;
 import org.springframework.web.multipart.MultipartFile;
 
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
 import java.io.IOException;
+import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -31,61 +35,78 @@ public class StaticResourceService {
 
     private final Path staticDir = Paths.get("/opt/dataease/data/static-resource/");
 
-    public void upload(String fileId,MultipartFile file) {
+    public void upload(String fileId, MultipartFile file) {
         // check if the path is valid (not outside staticDir)
         Assert.notNull(file, "Multipart file must not be null");
         try {
+            if (!isImage(file)) {
+                DEException.throwException("Multipart file must be image");
+            }
             String originName = file.getOriginalFilename();
-            String newFileName = fileId+originName.substring(originName.lastIndexOf("."),originName.length());
+            String newFileName = fileId + originName.substring(originName.lastIndexOf("."), originName.length());
             Path uploadPath = Paths.get(staticDir.toString(), newFileName);
             // create dir is absent
             FileUtils.createIfAbsent(Paths.get(staticDir.toString()));
             Files.createFile(uploadPath);
             file.transferTo(uploadPath);
         } catch (IOException e) {
-            LogUtil.error("文件上传失败",e);
+            LogUtil.error("文件上传失败", e);
             DataEaseException.throwException("文件上传失败");
-        } catch (Exception e){
+        } catch (Exception e) {
             DataEaseException.throwException(e);
         }
     }
 
-    public void saveFilesToServe(String staticResource){
+    private boolean isImage(MultipartFile file) {
+        BufferedImage image = null;
+        try (InputStream input = file.getInputStream()) {
+            image = ImageIO.read(input);
+        } catch (IOException e) {
+            LogUtil.error(e.getMessage(), e);
+            return false;
+        }
+        if (image == null || image.getWidth() <= 0 || image.getHeight() <= 0) {
+            return false;
+        }
+        return true;
+    }
+
+    public void saveFilesToServe(String staticResource) {
         Gson gson = new Gson();
-        if(StringUtils.isNotEmpty(staticResource)){
-            Map<String,String> resource = gson.fromJson(staticResource,Map.class);
-            for(Map.Entry<String,String> entry:resource.entrySet()){
+        if (StringUtils.isNotEmpty(staticResource)) {
+            Map<String, String> resource = gson.fromJson(staticResource, Map.class);
+            for (Map.Entry<String, String> entry : resource.entrySet()) {
                 String path = entry.getKey();
-                String fileName = path.substring(path.lastIndexOf("/")+1,path.length());
-                saveSingleFileToServe(fileName,entry.getValue());
+                String fileName = path.substring(path.lastIndexOf("/") + 1, path.length());
+                saveSingleFileToServe(fileName, entry.getValue());
             }
         }
     }
 
-    public void saveSingleFileToServe(String fileName,String content){
+    public void saveSingleFileToServe(String fileName, String content) {
         Path uploadPath = Paths.get(staticDir.toString(), fileName);
-        try{
+        try {
             if (uploadPath.toFile().exists()) {
                 LogUtil.info("file exists");
-            }else{
-                if(StringUtils.isNotEmpty(content)){
+            } else {
+                if (StringUtils.isNotEmpty(content)) {
                     Files.createFile(uploadPath);
-                    FileCopyUtils.copy(Base64Decoder.decode(content),Files.newOutputStream(uploadPath));
+                    FileCopyUtils.copy(Base64Decoder.decode(content), Files.newOutputStream(uploadPath));
                 }
             }
-        }catch (Exception e){
-            LogUtil.error("template static resource save error"+e.getMessage());
+        } catch (Exception e) {
+            LogUtil.error("template static resource save error" + e.getMessage());
         }
     }
 
-    public Map<String,String> findResourceAsBase64(StaticResourceRequest resourceRequest){
-        Map<String,String> result = new HashMap<>();
-        if(CollectionUtil.isNotEmpty(resourceRequest.getResourcePathList())){
-            for(String path :resourceRequest.getResourcePathList()){
-                String value = StaticResourceUtils.getImgFileToBase64(path.substring(path.lastIndexOf("/")+1,path.length()));
-                result.put(path,value);
+    public Map<String, String> findResourceAsBase64(StaticResourceRequest resourceRequest) {
+        Map<String, String> result = new HashMap<>();
+        if (CollectionUtil.isNotEmpty(resourceRequest.getResourcePathList())) {
+            for (String path : resourceRequest.getResourcePathList()) {
+                String value = StaticResourceUtils.getImgFileToBase64(path.substring(path.lastIndexOf("/") + 1, path.length()));
+                result.put(path, value);
             }
         }
-        return  result;
+        return result;
     }
 }
diff --git a/frontend/src/api/staticResource/staticResource.js b/frontend/src/api/staticResource/staticResource.js
index 9af311c16d..3affe2c95a 100644
--- a/frontend/src/api/staticResource/staticResource.js
+++ b/frontend/src/api/staticResource/staticResource.js
@@ -4,7 +4,7 @@ import store from '@/store'
 
 export function uploadFile(fileId, param) {
   return request({
-    url: '/static/resource/upload/' + fileId,
+    url: '/staticResource/upload/' + fileId,
     method: 'post',
     headers: { 'Content-Type': 'multipart/form-data' },
     data: param,
@@ -26,7 +26,7 @@ export function uploadFileResult(file, callback) {
 
 export function findResourceAsBase64(params) {
   return request({
-    url: '/static/resource/findResourceAsBase64',
+    url: '/staticResource/findResourceAsBase64',
     method: 'post',
     data: params,
     loading: false