From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java | 50 ++++++++++++++++----------------------------------
1 files changed, 16 insertions(+), 34 deletions(-)
diff --git a/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java b/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
index 1bdefc5..909f7f1 100644
--- a/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
+++ b/Source/UBCS/ubcs-ops/ubcs-resource/src/main/java/com/vci/ubcs/resource/endpoint/OssEndpoint.java
@@ -17,6 +17,7 @@
package com.vci.ubcs.resource.endpoint;
import com.vci.ubcs.resource.entity.Attach;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import io.swagger.annotations.Api;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
@@ -31,8 +32,6 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
-
-import javax.servlet.http.HttpServletResponse;
/**
* 瀵硅薄瀛樺偍绔偣
@@ -59,6 +58,11 @@
*/
private final IAttachService attachService;
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
/**
* 鍒涘缓瀛樺偍妗�
@@ -150,6 +154,11 @@
@SneakyThrows
@PostMapping("/put-file")
public R<BladeFile> putFile(@RequestParam MultipartFile file) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
BladeFile bladeFile = ossBuilder.template().putFile(file.getOriginalFilename(), file.getInputStream());
return R.data(bladeFile);
}
@@ -164,41 +173,14 @@
@SneakyThrows
@PostMapping("/put-file-by-name")
public R<BladeFile> putFile(@RequestParam String fileName, @RequestParam MultipartFile file) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
return R.data(bladeFile);
}
-
-// /**
-// * 涓婁紶鏂囦欢骞朵繚瀛樿嚦闄勪欢琛�
-// *
-// * @param file 鏂囦欢
-// * @return ObjectStat
-// */
-// @SneakyThrows
-// @PostMapping("/put-file-attach")
-// public R<BladeFile> putFileAttach(@RequestParam MultipartFile file) {
-// String fileName = file.getOriginalFilename();
-// BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
-// Long attachId = buildAttach(fileName, file.getSize(), bladeFile);
-// bladeFile.setAttachId(attachId);
-// return R.data(bladeFile);
-// }
-
-// /**
-// * 涓婁紶鏂囦欢骞朵繚瀛樿嚦闄勪欢琛�
-// *
-// * @param fileName 瀛樺偍妗跺璞″悕绉�
-// * @param file 鏂囦欢
-// * @return ObjectStat
-// */
-// @SneakyThrows
-// @PostMapping("/put-file-attach-by-name")
-// public R<BladeFile> putFileAttach(@RequestParam String fileName, @RequestParam MultipartFile file) {
-// BladeFile bladeFile = ossBuilder.template().putFile(fileName, file.getInputStream());
-// Long attachId = buildAttach(fileName, file.getSize(), bladeFile);
-// bladeFile.setAttachId(attachId);
-// return R.data(bladeFile);
-// }
/**
* 鏋勫缓闄勪欢琛�
--
Gitblit v1.9.3