Merge branch 'dev/2024/0528/update-app-Y' of feifan/mall-backend-app into master

添加获取图片的接口的验证

feifan-module-infra/feifan-module-infra-api/src/main/java/cn/newfeifan/mall/module/infra/enums/AppFileConstants.java

@@ -0,0 +1,12 @@
+package cn.newfeifan.mall.module.infra.enums;
+
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 获取图片的地址域名前缀
+ */
+public interface AppFileConstants {
+    List<String> DOMAIN_LIST = Arrays.asList("https://thirdwx.qlogo.cn", "https://mall-ffkj.oss-cn-guangzhou.aliyuncs.com", "https://pt.letcgo.com");
+}

feifan-module-infra/feifan-module-infra-api/src/main/java/cn/newfeifan/mall/module/infra/enums/ErrorCodeConstants.java

@@ -69,5 +69,6 @@ public interface ErrorCodeConstants {
     ErrorCode DEMO03_STUDENT_NOT_EXISTS = new ErrorCode(1_001_201_007, "学生不存在");
     ErrorCode DEMO03_GRADE_NOT_EXISTS = new ErrorCode(1_001_201_008, "学生班级不存在");
     ErrorCode DEMO03_GRADE_EXISTS = new ErrorCode(1_001_201_009, "学生班级已存在");
+    ErrorCode URL_DOMAIN_NOT_EXISTS = new ErrorCode(1_001_201_010, "url中的域名非指定域名");
 
 }

feifan-module-infra/feifan-module-infra-biz/src/main/java/cn/newfeifan/mall/module/infra/controller/app/file/AppFileController.java

@@ -1,7 +1,6 @@
 package cn.newfeifan.mall.module.infra.controller.app.file;
 
 import cn.hutool.core.io.IoUtil;
-import cn.hutool.core.io.resource.InputStreamResource;
 import cn.newfeifan.mall.framework.common.pojo.CommonResult;
 import cn.newfeifan.mall.module.infra.controller.app.file.vo.AppFileUploadReqVO;
 import cn.newfeifan.mall.module.infra.service.file.FileService;
@@ -10,7 +9,6 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.util.StreamUtils;
@@ -21,11 +19,12 @@ import org.springframework.web.multipart.MultipartFile;
 
 import javax.annotation.Resource;
 
+import static cn.newfeifan.mall.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static cn.newfeifan.mall.framework.common.pojo.CommonResult.success;
+import static cn.newfeifan.mall.module.infra.enums.AppFileConstants.DOMAIN_LIST;
+import static cn.newfeifan.mall.module.infra.enums.ErrorCodeConstants.URL_DOMAIN_NOT_EXISTS;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.URL;
 import java.net.URLConnection;
 
@@ -54,6 +53,11 @@ public class AppFileController {
     @GetMapping("/downloadByUrl")
     @Operation(summary = "通过链接下载文件流")
     public ResponseEntity<ByteArrayResource> downloadByUrl(@RequestParam("fileUrl") String fileUrl) throws Exception {
+
+        if(!checkPrefix(fileUrl)){
+            throw exception(URL_DOMAIN_NOT_EXISTS);
+        }
+
         try {
             URL url = new URL(fileUrl);
             URLConnection connection = url.openConnection();
@@ -86,6 +90,17 @@ public class AppFileController {
         }
     }
 
+    private boolean checkPrefix(String fileUrl) {
+        // 遍历DOMAIN_LIST中的每个域名
+        for (String domain : DOMAIN_LIST) {
+            // 检查传入的字符串是否以当前域名为前缀
+            if (fileUrl.startsWith(domain)) {
+                return true; // 如果找到匹配的前缀，返回true
+            }
+        }
+        return false; // 如果没有找到匹配的前缀，返回false
+    }
+
 
 
 }