From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/config/SecureConfiguration.java |  118 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 118 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/config/SecureConfiguration.java b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/config/SecureConfiguration.java
new file mode 100644
index 0000000..0566b8c
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/config/SecureConfiguration.java
@@ -0,0 +1,118 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.secure.config;
+
+
+import lombok.AllArgsConstructor;
+import org.springblade.core.secure.aspect.AuthAspect;
+import org.springblade.core.secure.handler.ISecureHandler;
+import org.springblade.core.secure.props.AuthSecure;
+import org.springblade.core.secure.props.BasicSecure;
+import org.springblade.core.secure.props.BladeSecureProperties;
+import org.springblade.core.secure.props.SignSecure;
+import org.springblade.core.secure.provider.ClientDetailsServiceImpl;
+import org.springblade.core.secure.provider.IClientDetailsService;
+import org.springblade.core.secure.registry.SecureRegistry;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.annotation.Order;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.lang.NonNull;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * 瀹夊叏閰嶇疆绫�
+ *
+ * @author Chill
+ */
+@Order
+@AutoConfiguration
+@AllArgsConstructor
+@EnableConfigurationProperties({BladeSecureProperties.class})
+public class SecureConfiguration implements WebMvcConfigurer {
+
+	private final SecureRegistry secureRegistry;
+
+	private final BladeSecureProperties secureProperties;
+
+	private final JdbcTemplate jdbcTemplate;
+
+	private final ISecureHandler secureHandler;
+
+	@Override
+	public void addInterceptors(@NonNull InterceptorRegistry registry) {
+		// 璁剧疆璇锋眰鎺堟潈
+		if (secureRegistry.isAuthEnabled() || secureProperties.getAuthEnabled()) {
+			List<AuthSecure> authSecures = this.secureRegistry.addAuthPatterns(secureProperties.getAuth()).getAuthSecures();
+			if (authSecures.size() > 0) {
+				registry.addInterceptor(secureHandler.authInterceptor(authSecures));
+				// 璁剧疆璺緞鏀捐
+				secureRegistry.excludePathPatterns(authSecures.stream().map(AuthSecure::getPattern).collect(Collectors.toList()));
+			}
+		}
+		// 璁剧疆鍩虹璁よ瘉鎺堟潈
+		if (secureRegistry.isBasicEnabled() || secureProperties.getBasicEnabled()) {
+			List<BasicSecure> basicSecures = this.secureRegistry.addBasicPatterns(secureProperties.getBasic()).getBasicSecures();
+			if (basicSecures.size() > 0) {
+				registry.addInterceptor(secureHandler.basicInterceptor(basicSecures));
+				// 璁剧疆璺緞鏀捐
+				secureRegistry.excludePathPatterns(basicSecures.stream().map(BasicSecure::getPattern).collect(Collectors.toList()));
+			}
+		}
+		// 璁剧疆绛惧悕璁よ瘉鎺堟潈
+		if (secureRegistry.isSignEnabled() || secureProperties.getSignEnabled()) {
+			List<SignSecure> signSecures = this.secureRegistry.addSignPatterns(secureProperties.getSign()).getSignSecures();
+			if (signSecures.size() > 0) {
+				registry.addInterceptor(secureHandler.signInterceptor(signSecures));
+				// 璁剧疆璺緞鏀捐
+				secureRegistry.excludePathPatterns(signSecures.stream().map(SignSecure::getPattern).collect(Collectors.toList()));
+			}
+		}
+		// 璁剧疆瀹㈡埛绔巿鏉�
+		if (secureRegistry.isClientEnabled() || secureProperties.getClientEnabled()) {
+			secureProperties.getClient().forEach(
+				clientSecure -> registry.addInterceptor(secureHandler.clientInterceptor(clientSecure.getClientId()))
+					.addPathPatterns(clientSecure.getPathPatterns())
+			);
+		}
+		// 璁剧疆璺緞鏀捐
+		if (secureRegistry.isEnabled() || secureProperties.getEnabled()) {
+			registry.addInterceptor(secureHandler.tokenInterceptor())
+				.excludePathPatterns(secureRegistry.getExcludePatterns())
+				.excludePathPatterns(secureRegistry.getDefaultExcludePatterns())
+				.excludePathPatterns(secureProperties.getSkipUrl());
+		}
+	}
+
+	@Bean
+	public AuthAspect authAspect() {
+		return new AuthAspect();
+	}
+
+	@Bean
+	@ConditionalOnMissingBean(IClientDetailsService.class)
+	public IClientDetailsService clientDetailsService() {
+		return new ClientDetailsServiceImpl(jdbcTemplate);
+	}
+
+}

--
Gitblit v1.9.3