From 17925215d37dd97d744c9296b185aeb16d3e44fb Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 20:06:12 +0800
Subject: [PATCH] URL请求路径安全校验
---
Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java | 56 +++++++++++++++++++++++---------------------------------
1 files changed, 23 insertions(+), 33 deletions(-)
diff --git a/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java b/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
index 9252704..909f7f1 100644
--- a/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
+++ b/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
@@ -17,6 +17,7 @@
package com.vci.ubcs.resource.endpoint;
import com.vci.ubcs.resource.entity.Attach;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import io.swagger.annotations.Api;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
@@ -28,11 +29,14 @@
import org.springblade.core.tool.utils.Func;
import com.vci.ubcs.resource.builder.oss.OssBuilder;
import com.vci.ubcs.resource.service.IAttachService;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
/**
* 瀵硅薄瀛樺偍绔偣
+ *
+ * 杩欎釜绫讳笉浣跨敤锛岀粺涓�鐢╢ileController
*
* @author Chill
*/
@@ -41,6 +45,7 @@
@AllArgsConstructor
@RequestMapping("/oss/endpoint")
@Api(value = "瀵硅薄瀛樺偍绔偣", tags = "瀵硅薄瀛樺偍绔偣")
+@Deprecated
public class OssEndpoint {
/**
@@ -52,6 +57,12 @@
* 闄勪欢琛ㄦ湇鍔�
*/
private final IAttachService attachService;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
/**
* 鍒涘缓瀛樺偍妗�
@@ -68,7 +79,7 @@
}
/**
- * 鍒涘缓瀛樺偍妗�
+ * 鍒犻櫎瀛樺偍妗�
*
* @param bucketName 瀛樺偍妗跺悕绉�
* @return R
@@ -108,6 +119,7 @@
return R.data(ossBuilder.template().statFile(fileName));
}
+
/**
* 鑾峰彇鏂囦欢鐩稿璺緞
*
@@ -142,6 +154,11 @@
@SneakyThrows
@PostMapping("/put-file")
public R<BladeFile> putFile(@RequestParam MultipartFile file) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
BladeFile bladeFile = ossBuilder.template().putFile(file.getOriginalFilename(), file.getInputStream());
return R.data(bladeFile);
}
@@ -156,39 +173,12 @@
@SneakyThrows
@PostMapping("/put-file-by-name")
public R<BladeFile> putFile(@RequestParam String fileName, @RequestParam MultipartFile file) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
- return R.data(bladeFile);
- }
-
- /**
- * 涓婁紶鏂囦欢骞朵繚瀛樿嚦闄勪欢琛�
- *
- * @param file 鏂囦欢
- * @return ObjectStat
- */
- @SneakyThrows
- @PostMapping("/put-file-attach")
- public R<BladeFile> putFileAttach(@RequestParam MultipartFile file) {
- String fileName = file.getOriginalFilename();
- BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
- Long attachId = buildAttach(fileName, file.getSize(), bladeFile);
- bladeFile.setAttachId(attachId);
- return R.data(bladeFile);
- }
-
- /**
- * 涓婁紶鏂囦欢骞朵繚瀛樿嚦闄勪欢琛�
- *
- * @param fileName 瀛樺偍妗跺璞″悕绉�
- * @param file 鏂囦欢
- * @return ObjectStat
- */
- @SneakyThrows
- @PostMapping("/put-file-attach-by-name")
- public R<BladeFile> putFileAttach(@RequestParam String fileName, @RequestParam MultipartFile file) {
- BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
- Long attachId = buildAttach(fileName, file.getSize(), bladeFile);
- bladeFile.setAttachId(attachId);
return R.data(bladeFile);
}
--
Gitblit v1.9.3