diff --git a/app/Plugins/Core/src/Handler/AvatarUpload.php b/app/Plugins/Core/src/Handler/AvatarUpload.php
index 53e3259bd..28914b36f 100644
--- a/app/Plugins/Core/src/Handler/AvatarUpload.php
+++ b/app/Plugins/Core/src/Handler/AvatarUpload.php
@@ -1,6 +1,6 @@
 <?php
 
-declare (strict_types=1);
+declare(strict_types=1);
 /**
  * This file is part of zhuchunshu.
  * @link     https://github.com/zhuchunshu
@@ -14,18 +14,25 @@
 use App\Plugins\User\src\Models\UserUpload;
 use Illuminate\Support\Str;
 use Intervention\Image\ImageManagerStatic as Image;
+
 class AvatarUpload
 {
-    public function save($file, $folder, $file_prefix = null, $max_width = false) : array
+    public function save($file, $folder, $file_prefix = null, $max_width = false): array
     {
-        if (!auth()->check() && !admin_auth()->Check()) {
+        if (! auth()->check() && ! admin_auth()->Check()) {
             return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败:未登录'];
         }
-        if (!$file_prefix) {
+        // 获取上传的文件大小
+        $file_size = $file->getSize() / 1024;
+        if ((float) get_options('core_user_up_img_size', 2048) < $file_size) {
+            return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败，上传文件大小超过限制'];
+        }
+
+        if (! $file_prefix) {
             $file_prefix = Str::random();
         }
         $folder_name = "upload/{$folder}/" . date('Ym/d', time());
-        if (!is_dir(public_path($folder_name))) {
+        if (! is_dir(public_path($folder_name))) {
             mkdir(public_path($folder_name), 0777, true);
         }
         $upload_path = public_path() . '/' . $folder_name;
@@ -60,6 +67,7 @@ public function save($file, $folder, $file_prefix = null, $max_width = false) :
         }
         return ['path' => $upload['url'], 'raw_path' => $upload['path'], 'success' => $upload['success'], 'status' => '上传成功!'];
     }
+
     public function reduceSize($file_path, $max_width)
     {
         // 先实例化，传参是文件的磁盘物理路径
@@ -74,6 +82,7 @@ public function reduceSize($file_path, $max_width)
         // 对图片修改后进行保存
         $image->save();
     }
+
     private function webp($from, $to)
     {
         $image = Image::make($from);
@@ -81,4 +90,4 @@ private function webp($from, $to)
         $image->save($to);
         unlink($from);
     }
-}
\ No newline at end of file
+}
diff --git a/app/Plugins/Core/src/Handler/FileUpload.php b/app/Plugins/Core/src/Handler/FileUpload.php
index 4b2b38876..fb4010a23 100644
--- a/app/Plugins/Core/src/Handler/FileUpload.php
+++ b/app/Plugins/Core/src/Handler/FileUpload.php
@@ -1,6 +1,6 @@
 <?php
 
-declare (strict_types=1);
+declare(strict_types=1);
 /**
  * This file is part of zhuchunshu.
  * @link     https://github.com/zhuchunshu
@@ -12,13 +12,22 @@
 
 use App\Plugins\Core\src\Service\FileStoreService;
 use App\Plugins\User\src\Models\UserUpload;
+use Hyperf\HttpMessage\Upload\UploadedFile;
+
 class FileUpload
 {
-    public function save($file, $folder, $file_prefix = null) : array
+    public function save(UploadedFile $file, $folder, $file_prefix = null): array
     {
-        if (!auth()->check() && !admin_auth()->Check()) {
+        if (! auth()->check() && ! admin_auth()->Check()) {
             return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败:未登录'];
         }
+        if (auth()->check()) {
+            // 获取上传的文件大小
+            $file_size = $file->getSize() / 1024;
+            if ((float) get_options('core_user_up_file_size', 4096) < $file_size) {
+                return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败，上传文件大小超过限制'];
+            }
+        }
         $service = new FileStoreService();
         $upload = $service->save($file, $folder, $file_prefix);
         if ($upload['success'] !== true) {
@@ -31,4 +40,4 @@ public function save($file, $folder, $file_prefix = null) : array
         }
         return ['path' => $upload['url'], 'raw_path' => $upload['path'], 'success' => $upload['success'], 'status' => '上传成功!'];
     }
-}
\ No newline at end of file
+}
diff --git a/app/Plugins/Core/src/Handler/UploadHandler.php b/app/Plugins/Core/src/Handler/UploadHandler.php
index 88e498a48..47e769e7a 100644
--- a/app/Plugins/Core/src/Handler/UploadHandler.php
+++ b/app/Plugins/Core/src/Handler/UploadHandler.php
@@ -1,6 +1,6 @@
 <?php
 
-declare (strict_types=1);
+declare(strict_types=1);
 /**
  * This file is part of zhuchunshu.
  * @link     https://github.com/zhuchunshu
@@ -13,21 +13,29 @@
 use App\Plugins\Core\src\Event\UploadImage;
 use App\Plugins\Core\src\Service\FileStoreService;
 use App\Plugins\User\src\Models\UserUpload;
+use Hyperf\HttpMessage\Upload\UploadedFile;
 use Illuminate\Support\Str;
 use Intervention\Image\ImageManagerStatic as Image;
+
 // 上传图片
 class UploadHandler
 {
-    public function save($file, $folder, $file_prefix = null, $max_width = 1500) : array
+    public function save(UploadedFile $file, $folder, $file_prefix = null, $max_width = 1500): array
     {
-        if (!auth()->check() && !admin_auth()->Check()) {
+        if (! auth()->check() && ! admin_auth()->Check()) {
             return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败:未登录'];
         }
-        if (!$file_prefix) {
+        // 获取上传的文件大小
+        $file_size = $file->getSize() / 1024;
+        if ((float) get_options('core_user_up_img_size', 2048) < $file_size) {
+            return ['path' => '/404.jpg', 'success' => false, 'status' => '上传失败，上传文件大小超过限制'];
+        }
+
+        if (! $file_prefix) {
             $file_prefix = Str::random();
         }
         $folder_name = "upload/{$folder}/" . date('Ym/d', time());
-        if (!is_dir(public_path($folder_name))) {
+        if (! is_dir(public_path($folder_name))) {
             mkdir(public_path($folder_name), 0777, true);
         }
         $upload_path = public_path() . '/' . $folder_name;
@@ -58,6 +66,7 @@ public function save($file, $folder, $file_prefix = null, $max_width = 1500) : a
         }
         return ['path' => $upload['url'], 'raw_path' => $upload['path'], 'success' => $upload['success'], 'status' => '上传成功!'];
     }
+
     public function reduceSize($file_path, $max_width)
     {
         // 先实例化，传参是文件的磁盘物理路径
@@ -72,6 +81,7 @@ public function reduceSize($file_path, $max_width)
         // 对图片修改后进行保存
         $image->save();
     }
+
     private function webp($from, $to)
     {
         $image = Image::make($from);
@@ -79,4 +89,4 @@ private function webp($from, $to)
         $image->save($to);
         unlink($from);
     }
-}
\ No newline at end of file
+}
diff --git a/app/Plugins/User/src/Controller/ApiController.php b/app/Plugins/User/src/Controller/ApiController.php
index 62032568c..826416f1e 100644
--- a/app/Plugins/User/src/Controller/ApiController.php
+++ b/app/Plugins/User/src/Controller/ApiController.php
@@ -1,6 +1,6 @@
 <?php
 
-declare (strict_types=1);
+declare(strict_types=1);
 /**
  * This file is part of zhuchunshu.
  * @link     https://github.com/zhuchunshu
@@ -25,34 +25,32 @@
 use Hyperf\HttpServer\Annotation\Middleware;
 use Hyperf\HttpServer\Annotation\PostMapping;
 use Hyperf\RateLimit\Annotation\RateLimit;
-use Hyperf\Stringable\Str;
+
 #[Controller]
 #[RateLimit(create: 1, capacity: 3)]
 class ApiController
 {
     #[PostMapping('/user/upload/image')]
     #[Middleware(LoginMiddleware::class)]
-    public function up_image(UploadHandler $uploader)
+    public function up_image(UploadHandler $uploader): array
     {
-        if (!Authority()->check('upload_image')) {
+        if (! Authority()->check('upload_image')) {
             return Json_Api(419, false, ['msg' => '你所在的用户组无权上传图片']);
         }
         $file = request()->file('file');
-        if (@$file->getSize() && $file->getSize() > get_options('core_user_up_img_size', 2048)) {
-            $result = $uploader->save($file, 'topic', auth()->id());
-            if ($result['success'] === true) {
-                return Json_Api(200, true, ['msg' => '上传成功!', 'url' => $result['path']]);
-            }
-            return Json_Api(403, false, ['msg' => '上传失败!']);
+        $result = $uploader->save($file, 'topic', auth()->id());
+        if ($result['success'] === true) {
+            return Json_Api(200, true, ['msg' => '上传成功!', 'url' => $result['path']]);
         }
-        return Json_Api(403, false, ['msg' => '上传失败!']);
+        return Json_Api(403, false, ['msg' => $result['status']]);
     }
+
     #[PostMapping('/user/upload/file')]
     #[Middleware(LoginMiddleware::class)]
     public function up_file(FileUpload $uploader)
     {
         $data = [];
-        if (!Authority()->check('upload_file')) {
+        if (! Authority()->check('upload_file')) {
             return Json_Api(419, false, ['msg' => '你所在的用户组无权上传文件']);
         }
         foreach (request()->file('file') as $key => $file) {
@@ -68,8 +66,9 @@ public function up_file(FileUpload $uploader)
         }
         return $data;
     }
+
     #[PostMapping('/api/user/@has_user_username/{username}')]
-    public function has_user_username($username) : array
+    public function has_user_username($username): array
     {
         $username = urldecode($username);
         if (User::query()->where('username', $username)->count()) {
@@ -77,28 +76,30 @@ public function has_user_username($username) : array
         }
         return Json_Api(404, false, ['msg' => '用户:' . $username . '不存在']);
     }
+
     #[PostMapping('/api/user/get.user.avatar.url')]
     public function get_user_avatar_url()
     {
         $user_id = request()->input('user_id');
-        if (!$user_id) {
+        if (! $user_id) {
             return Json_Api(403, false, ['请求参数不足,缺少:user_id']);
         }
-        if (!User::query()->where('id', $user_id)->exists()) {
+        if (! User::query()->where('id', $user_id)->exists()) {
             return Json_Api(403, false, ['此用户不存在']);
         }
         $data = User::query()->where('id', $user_id)->first();
         return Json_Api(200, true, ['msg' => super_avatar($data)]);
     }
+
     #[PostMapping('/api/user/get.user.data')]
     #[RateLimit(create: 12, capacity: 10)]
     public function get_user_data()
     {
         $user_id = request()->input('user_id');
-        if (!$user_id) {
+        if (! $user_id) {
             return Json_Api(403, false, ['请求参数不足,缺少:user_id']);
         }
-        if (!User::query()->where('id', $user_id)->exists()) {
+        if (! User::query()->where('id', $user_id)->exists()) {
             return Json_Api(403, false, ['此用户不存在']);
         }
         $data = User::query()->where('id', $user_id)->with('Class', 'options')->first();
@@ -106,10 +107,11 @@ public function get_user_data()
         $data['group'] = '<a href="/users/group/' . $data->class_id . '.html">' . Core_Ui()->Html()->UserGroup($data->Class) . '</a>';
         return Json_Api(200, true, $data);
     }
+
     #[PostMapping('/api/user/get.user.config')]
-    public function UserConfig() : array
+    public function UserConfig(): array
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
         // 通知小红点
@@ -123,59 +125,67 @@ public function UserConfig() : array
         $config = ['notice_red' => $notice_red];
         return Json_Api(200, true, $config);
     }
+
     // 已读通知
+
     #[PostMapping('/api/user/notice.read')]
-    public function notice_read() : array
+    public function notice_read(): array
     {
         $notice_id = request()->input('notice_id');
-        if (!$notice_id) {
+        if (! $notice_id) {
             return Json_Api(403, false, ['msg' => '请求参数不足']);
         }
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
-        if (!UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id(), 'id' => $notice_id])->exists()) {
+        if (! UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id(), 'id' => $notice_id])->exists()) {
             return Json_Api(403, false, ['msg' => '通知不存在!']);
         }
         UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id(), 'id' => $notice_id])->update(['status' => 'read']);
         return Json_Api(200, true, ['msg' => '设置成功!']);
     }
+
     // 一键已读未读通知
+
     #[PostMapping('/api/user/notice.allread')]
-    public function notice_allread() : array
+    public function notice_allread(): array
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
-        if (!UsersPm::query()->where(['to_id' => auth()->id()])->exists() && !UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id()])->exists()) {
+        if (! UsersPm::query()->where(['to_id' => auth()->id()])->exists() && ! UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id()])->exists()) {
             return Json_Api(403, false, ['msg' => '没有未读通知!']);
         }
         UsersNotice::query()->where(['status' => 'publish', 'user_id' => auth()->id()])->update(['status' => 'read']);
         UsersPm::query()->where(['to_id' => auth()->id()])->update(['read' => true]);
         return Json_Api(200, true, ['msg' => '操作成功!']);
     }
+
     // 一键已读未读通知
+
     #[PostMapping('/api/user/notice.clear')]
-    public function notice_clear() : array
+    public function notice_clear(): array
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
         UsersNotice::query()->where(['user_id' => auth()->id()])->delete();
         return Json_Api(200, true, ['msg' => '清空成功!']);
     }
+
     // 关注用户
+
     #[PostMapping('/api/user/userfollow')]
     public function user_follow()
     {
         $user_id = request()->input('user_id');
-        if (!$user_id) {
+        if (! $user_id) {
             return Json_Api(403, false, ['请求参数不足,缺少:user_id']);
         }
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
-        if (!User::query()->where('id', $user_id)->exists()) {
+        if (! User::query()->where('id', $user_id)->exists()) {
             return Json_Api(419, false, ['msg' => '用户不存在!']);
         }
         // 禁止关注自己
@@ -193,15 +203,17 @@ public function user_follow()
         user_notice()->send($user_id, auth()->data()->username . ' 关注了你!', view('User::notice.userfollow'), '/notice');
         return Json_Api(200, true, ['msg' => '已关注']);
     }
+
     // 查询关注状态
+
     #[PostMapping('/api/user/userfollow.data')]
     public function user_follow_data()
     {
         $user_id = request()->input('user_id');
-        if (!$user_id) {
+        if (! $user_id) {
             return Json_Api(403, false, ['请求参数不足,缺少:user_id']);
         }
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
         if (UserFans::query()->where(['user_id' => $user_id, 'fans_id' => auth()->id()])->exists()) {
@@ -209,45 +221,48 @@ public function user_follow_data()
         }
         return Json_Api(403, true, ['msg' => '关注']);
     }
+
     #[PostMapping('/api/user/remove.collection')]
-    public function remove_collection() : array
+    public function remove_collection(): array
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
         $collection_id = request()->input('collection_id');
-        if (!$collection_id) {
+        if (! $collection_id) {
             return Json_Api(403, false, ['msg' => '请求参数不足,缺少:collection_id']);
         }
-        if (!UsersCollection::query()->where('id', $collection_id)->exists()) {
+        if (! UsersCollection::query()->where('id', $collection_id)->exists()) {
             return Json_Api(403, false, ['msg' => '收藏id不存在']);
         }
         UsersCollection::query()->where('id', $collection_id)->delete();
         return Json_Api(200, true, ['msg' => '已取消收藏!']);
     }
+
     #[PostMapping('/api/User/Files/remove')]
-    public function filesRemove() : array
+    public function filesRemove(): array
     {
-        if (!admin_auth()->check()) {
+        if (! admin_auth()->check()) {
             return Json_Api(419, false, ['msg' => '无权限!']);
         }
         $id = request()->input('id');
-        if (!UserUpload::query()->where('id', $id)->exists()) {
+        if (! UserUpload::query()->where('id', $id)->exists()) {
             return Json_Api(403, false, ['msg' => '删除失败! 文件不存在!']);
         }
         $data = UserUpload::query()->where('id', $id)->first();
-        if (!unlink($data->path)) {
+        if (! unlink($data->path)) {
             return Json_Api(403, false, ['msg' => '删除失败! 删除文件失败']);
         }
-        if (!UserUpload::query()->where('id', $id)->delete()) {
+        if (! UserUpload::query()->where('id', $id)->delete()) {
             return Json_Api(403, false, ['msg' => '删除失败! 从数据库中删除记录失败!']);
         }
         return Json_Api(200, true, ['msg' => '删除成功!']);
     }
+
     #[PostMapping('/api/user/get.user.settings')]
     public function get_user_settings()
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
         $result = [];
@@ -256,18 +271,19 @@ public function get_user_settings()
         }
         return Json_Api(200, true, $result);
     }
+
     #[PostMapping('/api/user/set.user.settings')]
     public function set_user_settings()
     {
-        if (!auth()->check()) {
+        if (! auth()->check()) {
             return Json_Api(419, false, ['msg' => '未登录!']);
         }
-        if (!is_array(request()->input('data'))) {
+        if (! is_array(request()->input('data'))) {
             $data = de_stringify(request()->input('data'));
         } else {
             $data = request()->input('data');
         }
-        if (!is_array($data)) {
+        if (! is_array($data)) {
             return Json_Api(403, false, ['msg' => '请提交正确的数据']);
         }
         foreach ($data as $key => $value) {
@@ -280,14 +296,15 @@ public function set_user_settings()
         user_settings_clear(auth()->id());
         return Json_Api(200, true, ['msg' => '更新成功!']);
     }
+
     #[PostMapping('/api/User/get.session.ip')]
-    public function get_user_session_ip() : array
+    public function get_user_session_ip(): array
     {
         $user_id = request()->input('user_id');
-        if (!$user_id) {
+        if (! $user_id) {
             return Json_Api(403, false, ['msg' => '用户id不能为空']);
         }
-        if (!User::query()->where('id', $user_id)->exists()) {
+        if (! User::query()->where('id', $user_id)->exists()) {
             return Json_Api(403, false, ['msg' => '用户不存在']);
         }
         $sessions = UsersAuth::query()->orderByDesc('created_at')->where('user_id', $user_id)->get();
@@ -298,4 +315,4 @@ public function get_user_session_ip() : array
         }
         return Json_Api(403, false, ['msg' => '未找到用户IP归属地信息']);
     }
-}
\ No newline at end of file
+}