From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/UBCS/ubcs-ops/ubcs-flow/src/main/java/com/vci/ubcs/flow/engine/controller/FlowManagerController.java |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/Source/UBCS/ubcs-ops/ubcs-flow/src/main/java/com/vci/ubcs/flow/engine/controller/FlowManagerController.java b/Source/UBCS/ubcs-ops/ubcs-flow/src/main/java/com/vci/ubcs/flow/engine/controller/FlowManagerController.java
index 6c41ebc..c46518a 100644
--- a/Source/UBCS/ubcs-ops/ubcs-flow/src/main/java/com/vci/ubcs/flow/engine/controller/FlowManagerController.java
+++ b/Source/UBCS/ubcs-ops/ubcs-flow/src/main/java/com/vci/ubcs/flow/engine/controller/FlowManagerController.java
@@ -18,6 +18,7 @@
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
 import com.vci.ubcs.flow.engine.entity.FlowProcess;
 import com.vci.ubcs.flow.engine.service.FlowEngineService;
 import io.swagger.annotations.Api;
@@ -31,6 +32,7 @@
 import org.springblade.core.tool.support.Kv;
 import org.springblade.core.tool.utils.Func;
 import com.vci.ubcs.flow.engine.constant.FlowEngineConstant;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -47,10 +49,15 @@
 @RequestMapping("manager")
 @AllArgsConstructor
 @Api(value = "娴佺▼绠＄悊鎺ュ彛", tags = "娴佺▼绠＄悊鎺ュ彛")
-//@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
 public class FlowManagerController {
 
 	private final FlowEngineService flowEngineService;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	@Autowired
+	private ComprehensiveFileValidator fileValidator;
 
 	/**
 	 * 鍒嗛〉
@@ -98,6 +105,11 @@
 	@ApiOperationSupport(order = 4)
 	@ApiOperation(value = "涓婁紶閮ㄧ讲娴佺▼鏂囦欢", notes = "浼犲叆鏂囦欢")
 	public R checkUpload(@RequestParam MultipartFile file) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
 		boolean temp = Objects.requireNonNull(file.getOriginalFilename()).endsWith(FlowEngineConstant.SUFFIX);
 		return R.data(Kv.create().set("name", file.getOriginalFilename()).set("success", temp));
 	}
@@ -114,6 +126,11 @@
 	public R deployUpload(@RequestParam List<MultipartFile> files,
 						  @RequestParam String category,
 						  @RequestParam(required = false, defaultValue = "") String tenantIds) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.MultiUploadValidationResult result = fileValidator.validateFiles(files,true);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
 		return R.status(flowEngineService.deployUpload(files, category, Func.toStrList(tenantIds)));
 	}
 

--
Gitblit v1.9.3