From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-starter-swagger/src/main/java/org/springblade/core/swagger/SwaggerAutoConfiguration.java |  152 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 152 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-starter-swagger/src/main/java/org/springblade/core/swagger/SwaggerAutoConfiguration.java b/Source/BladeX-Tool/blade-starter-swagger/src/main/java/org/springblade/core/swagger/SwaggerAutoConfiguration.java
new file mode 100644
index 0000000..1c17b1e
--- /dev/null
+++ b/Source/BladeX-Tool/blade-starter-swagger/src/main/java/org/springblade/core/swagger/SwaggerAutoConfiguration.java
@@ -0,0 +1,152 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.swagger;
+
+
+import com.github.xiaoymin.knife4j.spring.extension.OpenApiExtensionResolver;
+import com.google.common.collect.Lists;
+import lombok.AllArgsConstructor;
+import org.springblade.core.launch.props.BladeProperties;
+import org.springblade.core.secure.BladeUser;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
+import springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.PathSelectors;
+import springfox.documentation.service.*;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spi.service.contexts.SecurityContext;
+import springfox.documentation.spring.web.plugins.ApiSelectorBuilder;
+import springfox.documentation.spring.web.plugins.Docket;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * swagger閰嶇疆
+ *
+ * @author Chill
+ */
+@EnableSwagger
+@AutoConfiguration
+@AllArgsConstructor
+@Import(BeanValidatorPluginsConfiguration.class)
+public class SwaggerAutoConfiguration {
+
+	private static final String DEFAULT_BASE_PATH = "/**";
+	private static final List<String> DEFAULT_EXCLUDE_PATH = Arrays.asList("/error", "/actuator/**");
+
+	/**
+	 * 寮曞叆Knife4j鎵╁睍绫�
+	 */
+	private final OpenApiExtensionResolver openApiExtensionResolver;
+
+	/**
+	 * 寮曞叆Blade鐜鍙橀噺
+	 */
+	private final BladeProperties bladeProperties;
+
+	@Bean
+	@ConditionalOnMissingBean
+	public SwaggerProperties swaggerProperties() {
+		return new SwaggerProperties();
+	}
+
+	@Bean
+	@ConditionalOnMissingBean
+	public Docket api(SwaggerProperties swaggerProperties) {
+		if (swaggerProperties.getBasePath().size() == 0) {
+			swaggerProperties.getBasePath().add(DEFAULT_BASE_PATH);
+		}
+		if (swaggerProperties.getExcludePath().size() == 0) {
+			swaggerProperties.getExcludePath().addAll(DEFAULT_EXCLUDE_PATH);
+		}
+		ApiSelectorBuilder apis = new Docket(DocumentationType.SWAGGER_2)
+			.host(swaggerProperties.getHost())
+			.apiInfo(apiInfo(swaggerProperties)).ignoredParameterTypes(BladeUser.class).select()
+			.apis(SwaggerUtil.basePackages(swaggerProperties.getBasePackages()));
+		swaggerProperties.getBasePath().forEach(p -> apis.paths(PathSelectors.ant(p)));
+		swaggerProperties.getExcludePath().forEach(p -> apis.paths(PathSelectors.ant(p).negate()));
+		return apis.build().securityContexts(securityContexts(swaggerProperties)).securitySchemes(securitySchemas(swaggerProperties))
+			.extensions(openApiExtensionResolver.buildExtensions(bladeProperties.getName()));
+	}
+
+	/**
+	 * 閰嶇疆榛樿鐨勫叏灞�閴存潈绛栫暐鐨勫紑鍏筹紝閫氳繃姝ｅ垯琛ㄨ揪寮忚繘琛屽尮閰嶏紱榛樿鍖归厤鎵�鏈塙RL
+	 */
+	private List<SecurityContext> securityContexts(SwaggerProperties swaggerProperties) {
+		return Collections.singletonList(SecurityContext.builder()
+			.securityReferences(defaultAuth(swaggerProperties))
+			.forPaths(PathSelectors.regex(swaggerProperties.getAuthorization().getAuthRegex()))
+			.build());
+	}
+
+	/**
+	 * 榛樿鐨勫叏灞�閴存潈绛栫暐
+	 */
+	private List<SecurityReference> defaultAuth(SwaggerProperties swaggerProperties) {
+		List<AuthorizationScope> authorizationScopeList = new ArrayList<>();
+		List<SecurityReference> securityReferenceList = new ArrayList<>();
+		List<SwaggerProperties.AuthorizationScope> swaggerScopeList = swaggerProperties.getAuthorization().getAuthorizationScopeList();
+		swaggerScopeList.forEach(authorizationScope -> authorizationScopeList.add(new AuthorizationScope(authorizationScope.getScope(), authorizationScope.getDescription())));
+		if (authorizationScopeList.size() == 0) {
+			authorizationScopeList.add(new AuthorizationScope("global", "accessEverywhere"));
+		}
+		AuthorizationScope[] authorizationScopes = authorizationScopeList.toArray(new AuthorizationScope[0]);
+		swaggerScopeList.forEach(authorizationScope -> securityReferenceList.add(new SecurityReference(authorizationScope.getName(), authorizationScopes)));
+		if (securityReferenceList.size() == 0) {
+			securityReferenceList.add(new SecurityReference(SwaggerUtil.clientInfo().getName(), authorizationScopes));
+			securityReferenceList.add(new SecurityReference(SwaggerUtil.bladeAuth().getName(), authorizationScopes));
+			securityReferenceList.add(new SecurityReference(SwaggerUtil.bladeTenant().getName(), authorizationScopes));
+		}
+		return securityReferenceList;
+	}
+
+	/**
+	 * 閰嶇疆瀹夊叏绛栫暐
+	 */
+	private List<SecurityScheme> securitySchemas(SwaggerProperties swaggerProperties) {
+		List<SwaggerProperties.AuthorizationApiKey> swaggerApiKeyList = swaggerProperties.getAuthorization().getAuthorizationApiKeyList();
+		if (swaggerApiKeyList.size() == 0) {
+			return Lists.newArrayList(SwaggerUtil.clientInfo(), SwaggerUtil.bladeAuth(), SwaggerUtil.bladeTenant());
+		} else {
+			List<SecurityScheme> securitySchemeList = new ArrayList<>();
+			swaggerApiKeyList.forEach(authorizationApiKey -> securitySchemeList.add(new ApiKey(authorizationApiKey.getName(), authorizationApiKey.getKeyName(), authorizationApiKey.getPassAs())));
+			return securitySchemeList;
+		}
+	}
+
+	/**
+	 * 閰嶇疆鍩烘湰淇℃伅
+	 */
+	private ApiInfo apiInfo(SwaggerProperties swaggerProperties) {
+		return new ApiInfoBuilder()
+			.title(swaggerProperties.getTitle())
+			.description(swaggerProperties.getDescription())
+			.license(swaggerProperties.getLicense())
+			.licenseUrl(swaggerProperties.getLicenseUrl())
+			.termsOfServiceUrl(swaggerProperties.getTermsOfServiceUrl())
+			.contact(new Contact(swaggerProperties.getContact().getName(), swaggerProperties.getContact().getUrl(), swaggerProperties.getContact().getEmail()))
+			.version(swaggerProperties.getVersion())
+			.build();
+	}
+
+}

--
Gitblit v1.9.3