From 90e4eb06ccd3638412ed2385820d6918cb2f9ad9 Mon Sep 17 00:00:00 2001 From: xudawei Date: Thu, 10 Oct 2024 10:38:15 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat:(hotfix1010)=20=E4=B8=B4=E6=97=B6?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E4=B8=8B=E8=BD=BD=E6=8E=A5=E5=8F=A3-?= =?UTF-8?q?=E6=89=A9=E5=A4=A7fileKeys=E5=B0=BA=E5=AF=B8=E5=A4=A7=E5=B0=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cn/axzo/oss/common/enums/CodeEnum.java | 3 ++- .../http/model/ApiSignUrlDownloadRequest.java | 2 -- .../oss/service/impl/FileServiceImpl.java | 20 +++++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java b/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java index 98f9028..badc957 100644 --- a/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java +++ b/oss-common/src/main/java/cn/axzo/oss/common/enums/CodeEnum.java @@ -62,7 +62,8 @@ public enum CodeEnum implements EnumBase { FILE_APP_IS_EMPTY(505, "app is empty"), BUCKET_TYPE_IS_EMPTY(506, "bucketType is empty"), GET_OBJECT_META_FAIL(507, "获取元文件失败"), - URL_BUCKET_NAME_KEY_ALL_EMPTY(508, "url-bucketName-key同时为空") + URL_BUCKET_NAME_KEY_ALL_EMPTY(508, "url-bucketName-key同时为空"), + SIGN_URL_DOWNLOAD_FILEKEYS_EXCEEDS_MAXSIZE(509, "fileKeys exceeds the maximum size"), ; private final Integer code; diff --git a/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java b/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java index 72afce4..b0b894d 100644 --- a/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java +++ b/oss-http-api/src/main/java/cn/axzo/oss/http/model/ApiSignUrlDownloadRequest.java @@ -6,7 +6,6 @@ import lombok.Data; import lombok.NoArgsConstructor; import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.Size; import java.util.List; /** @@ -24,7 +23,6 @@ public class ApiSignUrlDownloadRequest { * 文件uuid */ @NotEmpty(message = "fileKeys not empty") - @Size(min = 1, max = 1000, message = "超过指定范围1-1000") private List fileKeys; /** diff --git a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java index 683b767..d34af1b 100644 --- a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java +++ b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java @@ -141,6 +141,9 @@ public class FileServiceImpl implements FileService { @Value("${sign.url.download.expire.second:2000}") private Long SIGN_URL_DOWNLOAD_EXPIRE_SECOND; + @Value("${sign.url.download.maxsize:10000}") + private Integer SIGN_URL_DOWNLOAD_MAXSIZE; + @Autowired private WithFileFactory withFileFactory; @@ -859,6 +862,9 @@ public class FileServiceImpl implements FileService { */ @Override public List signUrlDownload(SignUrlDownloadDto dto) { + //临时授权下载校验 + this.checkSignUrlDownload(dto); + log.info("signUrl download dto = {}", JsonUtil.obj2Str(dto)); Long start = System.currentTimeMillis(); //是否代文件名称 @@ -884,6 +890,18 @@ public class FileServiceImpl implements FileService { return httpUrlResList; } + /** + * 临时授权下载校验 + */ + private void checkSignUrlDownload(SignUrlDownloadDto dto) { + if (dto.getFileKeys().size() > SIGN_URL_DOWNLOAD_MAXSIZE) { + throw new BizException(CodeEnum.SIGN_URL_DOWNLOAD_FILEKEYS_EXCEEDS_MAXSIZE, "signUrlDownload fileKeys 大小超过" + SIGN_URL_DOWNLOAD_MAXSIZE); + } + if (dto.getFileKeys().size() > 1000) { + log.info("fileservice#signUrlDownload,fileKeys-size > 1000"); + } + } + /** * 构建fileKey(非http的入参)的返回对象 */ @@ -1221,6 +1239,8 @@ public class FileServiceImpl implements FileService { */ @Override public List signUrlDownloadNoFile(SignUrlDownloadDto dto) { + //临时授权下载校验 + this.checkSignUrlDownload(dto); // 通过appcode获取文件渠道桶信息 AppChannelBucket appChannelBucket = appChannelBucketManager.getByAppCode(dto.getAppCode(), null); From 66828cb6c377633f87af896e1b26ed21a4818f62 Mon Sep 17 00:00:00 2001 From: xudawei Date: Thu, 10 Oct 2024 10:39:30 +0800 Subject: [PATCH 2/2] =?UTF-8?q?feat:(hotfix1010)=20=E4=B8=B4=E6=97=B6?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E4=B8=8B=E8=BD=BD=E6=8E=A5=E5=8F=A3-?= =?UTF-8?q?=E6=89=A9=E5=A4=A7fileKeys=E5=B0=BA=E5=AF=B8=E5=A4=A7=E5=B0=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/cn/axzo/oss/service/impl/FileServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java index d34af1b..d89782d 100644 --- a/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java +++ b/oss-service/src/main/java/cn/axzo/oss/service/impl/FileServiceImpl.java @@ -62,6 +62,7 @@ import cn.azxo.framework.common.model.CommonResponse; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.lang.Pair; +import com.alibaba.fastjson.JSON; import com.google.common.collect.Lists; import com.google.common.collect.Maps; import lombok.extern.slf4j.Slf4j; @@ -898,7 +899,7 @@ public class FileServiceImpl implements FileService { throw new BizException(CodeEnum.SIGN_URL_DOWNLOAD_FILEKEYS_EXCEEDS_MAXSIZE, "signUrlDownload fileKeys 大小超过" + SIGN_URL_DOWNLOAD_MAXSIZE); } if (dto.getFileKeys().size() > 1000) { - log.info("fileservice#signUrlDownload,fileKeys-size > 1000"); + log.info("fileservice#signUrlDownload,fileKeys-size > 1000,dto:{},size:{}", JSON.toJSONString(dto), dto.getFileKeys().size()); } }