diff --git a/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java b/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java index 98f9028..badc957 100644 --- a/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java +++ b/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java @@ -62,7 +62,8 @@ public enum CodeEnum implements EnumBase { FILE_APP_IS_EMPTY(505, "app is empty"), BUCKET_TYPE_IS_EMPTY(506, "bucketType is empty"), GET_OBJECT_META_FAIL(507, "获取元文件失败"), - URL_BUCKET_NAME_KEY_ALL_EMPTY(508, "url-bucketName-key同时为空") + URL_BUCKET_NAME_KEY_ALL_EMPTY(508, "url-bucketName-key同时为空"), + SIGN_URL_DOWNLOAD_FILEKEYS_EXCEEDS_MAXSIZE(509, "fileKeys exceeds the maximum size"), ; private final Integer code; diff --git a/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java b/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java index 72afce4..b0b894d 100644 --- a/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java +++ b/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java @@ -6,7 +6,6 @@ import lombok.Data; import lombok.NoArgsConstructor; import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.Size; import java.util.List; /** @@ -24,7 +23,6 @@ public class ApiSignUrlDownloadRequest { * 文件uuid */ @NotEmpty(message = "fileKeys not empty") - @Size(min = 1, max = 1000, message = "超过指定范围1-1000") private List fileKeys; /** diff --git a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java index 683b767..d34af1b 100644 --- a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java +++ b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java @@ -141,6 +141,9 @@ public class FileServiceImpl implements FileService { @Value("${sign.url.download.expire.second:2000}") private Long SIGN_URL_DOWNLOAD_EXPIRE_SECOND; + @Value("${sign.url.download.maxsize:10000}") + private Integer SIGN_URL_DOWNLOAD_MAXSIZE; + @Autowired private WithFileFactory withFileFactory; @@ -859,6 +862,9 @@ public class FileServiceImpl implements FileService { */ @Override public List signUrlDownload(SignUrlDownloadDto dto) { + //临时授权下载校验 + this.checkSignUrlDownload(dto); + log.info("signUrl download dto = {}", JsonUtil.obj2Str(dto)); Long start = System.currentTimeMillis(); //是否代文件名称 @@ -884,6 +890,18 @@ public class FileServiceImpl implements FileService { return httpUrlResList; } + /** + * 临时授权下载校验 + */ + private void checkSignUrlDownload(SignUrlDownloadDto dto) { + if (dto.getFileKeys().size() > SIGN_URL_DOWNLOAD_MAXSIZE) { + throw new BizException(CodeEnum.SIGN_URL_DOWNLOAD_FILEKEYS_EXCEEDS_MAXSIZE, "signUrlDownload fileKeys 大小超过" + SIGN_URL_DOWNLOAD_MAXSIZE); + } + if (dto.getFileKeys().size() > 1000) { + log.info("fileservice#signUrlDownload,fileKeys-size > 1000"); + } + } + /** * 构建fileKey(非http的入参)的返回对象 */ @@ -1221,6 +1239,8 @@ public class FileServiceImpl implements FileService { */ @Override public List signUrlDownloadNoFile(SignUrlDownloadDto dto) { + //临时授权下载校验 + this.checkSignUrlDownload(dto); // 通过appcode获取文件渠道桶信息 AppChannelBucket appChannelBucket = appChannelBucketManager.getByAppCode(dto.getAppCode(), null);