From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/BladeX-Tool/blade-starter-api-crypto/src/main/java/org/springblade/core/api/crypto/core/ApiDecryptParamResolver.java | 67 +++++++++++++++++++++++++++++++++
1 files changed, 67 insertions(+), 0 deletions(-)
diff --git a/Source/BladeX-Tool/blade-starter-api-crypto/src/main/java/org/springblade/core/api/crypto/core/ApiDecryptParamResolver.java b/Source/BladeX-Tool/blade-starter-api-crypto/src/main/java/org/springblade/core/api/crypto/core/ApiDecryptParamResolver.java
new file mode 100644
index 0000000..b208380
--- /dev/null
+++ b/Source/BladeX-Tool/blade-starter-api-crypto/src/main/java/org/springblade/core/api/crypto/core/ApiDecryptParamResolver.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2018-2028, DreamLu All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the dreamlu.net developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: DreamLu 鍗㈡槬姊� (596392912@qq.com)
+ */
+
+package org.springblade.core.api.crypto.core;
+
+import lombok.RequiredArgsConstructor;
+import org.springblade.core.api.crypto.annotation.decrypt.ApiDecrypt;
+import org.springblade.core.api.crypto.bean.CryptoInfoBean;
+import org.springblade.core.api.crypto.config.ApiCryptoProperties;
+import org.springblade.core.api.crypto.util.ApiCryptoUtil;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.utils.Charsets;
+import org.springblade.core.tool.utils.StringUtil;
+import org.springframework.core.MethodParameter;
+import org.springframework.core.annotation.AnnotatedElementUtils;
+import org.springframework.lang.Nullable;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+import java.lang.reflect.Parameter;
+
+/**
+ * param 鍙傛暟 瑙f瀽
+ *
+ * @author L.cm
+ */
+@RequiredArgsConstructor
+public class ApiDecryptParamResolver implements HandlerMethodArgumentResolver {
+ private final ApiCryptoProperties properties;
+
+ @Override
+ public boolean supportsParameter(MethodParameter parameter) {
+ return AnnotatedElementUtils.hasAnnotation(parameter.getParameter(), ApiDecrypt.class);
+ }
+
+ @Nullable
+ @Override
+ public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer mavContainer,
+ NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+ Parameter parameter = methodParameter.getParameter();
+ ApiDecrypt apiDecrypt = AnnotatedElementUtils.getMergedAnnotation(parameter, ApiDecrypt.class);
+ String text = webRequest.getParameter(properties.getParamName());
+ if (StringUtil.isBlank(text)) {
+ return null;
+ }
+ CryptoInfoBean infoBean = new CryptoInfoBean(apiDecrypt.value(), apiDecrypt.secretKey());
+ byte[] textBytes = text.getBytes(Charsets.UTF_8);
+ byte[] decryptData = ApiCryptoUtil.decryptData(properties, textBytes, infoBean);
+ return JsonUtil.readValue(decryptData, parameter.getType());
+ }
+}
--
Gitblit v1.9.3