From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/aspect/AuthAspect.java |  123 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 123 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/aspect/AuthAspect.java b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/aspect/AuthAspect.java
new file mode 100644
index 0000000..34ad152
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/aspect/AuthAspect.java
@@ -0,0 +1,123 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.secure.aspect;
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springblade.core.secure.annotation.PreAuth;
+import org.springblade.core.secure.auth.AuthFun;
+import org.springblade.core.secure.exception.SecureException;
+import org.springblade.core.tool.api.ResultCode;
+import org.springblade.core.tool.utils.ClassUtil;
+import org.springblade.core.tool.utils.StringUtil;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.core.MethodParameter;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+import org.springframework.lang.NonNull;
+
+import java.lang.reflect.Method;
+
+/**
+ * AOP 閴存潈
+ *
+ * @author Chill
+ */
+@Aspect
+public class AuthAspect implements ApplicationContextAware {
+
+	/**
+	 * 琛ㄨ揪寮忓鐞�
+	 */
+	private static final ExpressionParser EXPRESSION_PARSER = new SpelExpressionParser();
+
+	/**
+	 * 鍒� 鏂规硶 鍜� 绫讳笂鐨� @PreAuth 娉ㄨВ
+	 *
+	 * @param point 鍒囩偣
+	 * @return Object
+	 * @throws Throwable 娌℃湁鏉冮檺鐨勫紓甯�
+	 */
+	@Around(
+		"@annotation(org.springblade.core.secure.annotation.PreAuth) || " +
+			"@within(org.springblade.core.secure.annotation.PreAuth)"
+	)
+	public Object preAuth(ProceedingJoinPoint point) throws Throwable {
+		if (handleAuth(point)) {
+			return point.proceed();
+		}
+		throw new SecureException(ResultCode.UN_AUTHORIZED);
+	}
+
+	/**
+	 * 澶勭悊鏉冮檺
+	 *
+	 * @param point 鍒囩偣
+	 */
+	private boolean handleAuth(ProceedingJoinPoint point) {
+		MethodSignature ms = (MethodSignature) point.getSignature();
+		Method method = ms.getMethod();
+		// 璇诲彇鏉冮檺娉ㄨВ锛屼紭鍏堟柟娉曚笂锛屾病鏈夊垯璇诲彇绫�
+		PreAuth preAuth = ClassUtil.getAnnotation(method, PreAuth.class);
+		// 鍒ゆ柇琛ㄨ揪寮�
+		String condition = preAuth.value();
+		if (StringUtil.isNotBlank(condition)) {
+			Expression expression = EXPRESSION_PARSER.parseExpression(condition);
+			// 鏂规硶鍙傛暟鍊�
+			Object[] args = point.getArgs();
+			StandardEvaluationContext context = getEvaluationContext(method, args);
+			return expression.getValue(context, Boolean.class);
+		}
+		return false;
+	}
+
+	/**
+	 * 鑾峰彇鏂规硶涓婄殑鍙傛暟
+	 *
+	 * @param method 鏂规硶
+	 * @param args   鍙橀噺
+	 * @return {SimpleEvaluationContext}
+	 */
+	private StandardEvaluationContext getEvaluationContext(Method method, Object[] args) {
+		// 鍒濆鍖朣p el琛ㄨ揪寮忎笂涓嬫枃锛屽苟璁剧疆 AuthFun
+		StandardEvaluationContext context = new StandardEvaluationContext(new AuthFun());
+		// 璁剧疆琛ㄨ揪寮忔敮鎸乻pring bean
+		context.setBeanResolver(new BeanFactoryResolver(applicationContext));
+		for (int i = 0; i < args.length; i++) {
+			// 璇诲彇鏂规硶鍙傛暟
+			MethodParameter methodParam = ClassUtil.getMethodParameter(method, i);
+			// 璁剧疆鏂规硶 鍙傛暟鍚嶅拰鍊� 涓簊p el鍙橀噺
+			context.setVariable(methodParam.getParameterName(), args[i]);
+		}
+		return context;
+	}
+
+	private ApplicationContext applicationContext;
+
+	@Override
+	public void setApplicationContext(@NonNull ApplicationContext applicationContext) throws BeansException {
+		this.applicationContext = applicationContext;
+	}
+
+}

--
Gitblit v1.9.3