From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-core-context/src/main/java/org/springblade/core/context/props/BladeContextProperties.java |   81 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 81 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-core-context/src/main/java/org/springblade/core/context/props/BladeContextProperties.java b/Source/BladeX-Tool/blade-core-context/src/main/java/org/springblade/core/context/props/BladeContextProperties.java
new file mode 100644
index 0000000..c800cdc
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-context/src/main/java/org/springblade/core/context/props/BladeContextProperties.java
@@ -0,0 +1,81 @@
+/*
+ *      Copyright (c) 2018-2028, DreamLu All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: DreamLu 鍗㈡槬姊� (596392912@qq.com)
+ */
+package org.springblade.core.context.props;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springblade.core.launch.constant.TokenConstant;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Headers 閰嶇疆
+ *
+ * @author L.cm
+ */
+@Getter
+@Setter
+@ConfigurationProperties(BladeContextProperties.PREFIX)
+public class BladeContextProperties {
+	/**
+	 * 閰嶇疆鍓嶇紑
+	 */
+	public static final String PREFIX = "blade.context";
+	/**
+	 * 涓婁笅鏂囦紶閫掔殑 headers 淇℃伅
+	 */
+	private Headers headers = new Headers();
+
+	@Getter
+	@Setter
+	public static class Headers {
+		/**
+		 * 璇锋眰id锛岄粯璁わ細Blade-RequestId
+		 */
+		private String requestId = "Blade-RequestId";
+		/**
+		 * 鐢ㄤ簬 鑱氬悎灞� 鍚戣皟鐢ㄥ眰浼犻�掔敤鎴蜂俊鎭� 鐨勮姹傚ご锛岄粯璁わ細Blade-AccountId
+		 */
+		private String accountId = "Blade-AccountId";
+		/**
+		 * 鐢ㄤ簬 鑱氬悎灞� 鍚戣皟鐢ㄥ眰浼犻�掔鎴穒d 鐨勮姹傚ご锛岄粯璁わ細Blade-TenantId
+		 */
+		private String tenantId = "Blade-TenantId";
+		/**
+		 * 鑷畾涔� RestTemplate 鍜� Feign 閫忎紶鍒颁笅灞傜殑 Headers 鍚嶇О鍒楄〃
+		 */
+		private List<String> allowed = Arrays.asList("X-Real-IP", "x-forwarded-for", "version", "VERSION", "authorization", "Authorization", TokenConstant.HEADER.toLowerCase(), TokenConstant.HEADER);
+	}
+
+	/**
+	 * 鑾峰彇璺ㄦ湇鍔＄殑璇锋眰澶�
+	 *
+	 * @return 璇锋眰澶村垪琛�
+	 */
+	public List<String> getCrossHeaders() {
+		List<String> headerList = new ArrayList<>();
+		headerList.add(headers.getRequestId());
+		headerList.add(headers.getAccountId());
+		headerList.add(headers.getTenantId());
+		headerList.addAll(headers.getAllowed());
+		return headerList;
+	}
+
+}

--
Gitblit v1.9.3