xieyinlu/ruoyi-ai
1
0
Fork 0
mirror of https://gitcode.com/ageerle/ruoyi-ai.git synced 2026-04-13 11:53:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

add file extention check for upload

Browse Source
This commit is contained in:
Grimm
2025-03-14 22:19:02 +08:00
parent d67cd05ae2
commit 4e93ac86d4
3 changed files with 67 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java
View File

@@ -4,9 +4,13 @@ import cn.hutool.core.io.FileUtil;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import lombok.AccessLevel; import lombok.AccessLevel;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.multipart.MultipartFile;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.UUID;
/** /**
* 文件处理工具类 * 文件处理工具类
@@ -16,6 +20,8 @@ import java.nio.charset.StandardCharsets;
@NoArgsConstructor(access = AccessLevel.PRIVATE) @NoArgsConstructor(access = AccessLevel.PRIVATE)
public class FileUtils extends FileUtil { public class FileUtils extends FileUtil {
private static final String FILE_EXTENTION_SPLIT = ".";
/** /**
* 下载文件名重新编码 * 下载文件名重新编码
* *
@@ -40,4 +46,38 @@ public class FileUtils extends FileUtil {
String encode = URLEncoder.encode(s, StandardCharsets.UTF_8); String encode = URLEncoder.encode(s, StandardCharsets.UTF_8);
return encode.replaceAll("\\+", "%20"); return encode.replaceAll("\\+", "%20");
} }
/**
* 检查文件扩展名是否符合要求
*
* @param file
* @return
*/
public static boolean isValidFileExtention(MultipartFile file, String[] ALLOWED_EXTENSIONS) {
if (file == null || file.isEmpty()) {
return false;
}
final String filename = file.getOriginalFilename();
if (StringUtils.isBlank(filename) || !filename.contains(FILE_EXTENTION_SPLIT)) {
return false;
}
// 获取文件后缀
String fileExtension = filename.substring(filename.lastIndexOf('.') + 1).toLowerCase();
return Arrays.asList(ALLOWED_EXTENSIONS).contains(fileExtension);
}
/**
* 获取安全的文件路径
*
* @param originalFilename 原始文件名
* @param secureFilePath 安全路径
* @return 安全文件路径
*/
public static String getSecureFilePathForUpload(final String originalFilename, final String secureFilePath) {
String extension = originalFilename.substring(originalFilename.lastIndexOf(FILE_EXTENTION_SPLIT));
String newFileName = UUID.randomUUID() + extension;
return secureFilePath + newFileName; // 预定义安全路径
}
} }

26
ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/MimeTypeUtils.java
View File

@@ -24,17 +24,23 @@ public class MimeTypeUtils {
"asf", "rm", "rmvb"}; "asf", "rm", "rmvb"};
public static final String[] VIDEO_EXTENSION = {"mp4", "avi", "rmvb"}; public static final String[] VIDEO_EXTENSION = {"mp4", "avi", "rmvb"};
/**
* 音频扩展名
*/
public static final String[] AUDIO__EXTENSION = {"mp3", "mp4", "mpeg", "mpga", "m4a", "wav", "webm"};
public static final String[] DEFAULT_ALLOWED_EXTENSION = { public static final String[] DEFAULT_ALLOWED_EXTENSION = {
// 图片 // 图片
"bmp", "gif", "jpg", "jpeg", "png", "bmp", "gif", "jpg", "jpeg", "png",
// word excel powerpoint // word excel powerpoint
"doc", "docx", "xls", "xlsx", "ppt", "pptx", "html", "htm", "txt", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "html", "htm", "txt",
// 压缩文件 // 压缩文件
"rar", "zip", "gz", "bz2", "rar", "zip", "gz", "bz2",
// 视频格式 // 视频格式
"mp4", "avi", "rmvb", "mp4", "avi", "rmvb",
// pdf // 音频格式
"pdf"}; "mp3", "mp4", "mpeg", "mpga", "m4a", "wav", "webm",
// pdf
"pdf"};
} }

11
ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java
View File

@@ -37,6 +37,8 @@ import org.ruoyi.common.core.domain.model.LoginUser;
import org.ruoyi.common.core.exception.base.BaseException; import org.ruoyi.common.core.exception.base.BaseException;
import org.ruoyi.common.core.service.ConfigService; import org.ruoyi.common.core.service.ConfigService;
import org.ruoyi.common.core.utils.StringUtils; import org.ruoyi.common.core.utils.StringUtils;
import org.ruoyi.common.core.utils.file.FileUtils;
import org.ruoyi.common.core.utils.file.MimeTypeUtils;
import org.ruoyi.common.satoken.utils.LoginHelper; import org.ruoyi.common.satoken.utils.LoginHelper;
import org.ruoyi.system.domain.SysModel; import org.ruoyi.system.domain.SysModel;
import org.ruoyi.system.domain.bo.ChatMessageBo; import org.ruoyi.system.domain.bo.ChatMessageBo;
@@ -333,6 +335,9 @@ public class SseServiceImpl implements ISseService {
if (file.isEmpty()) { if (file.isEmpty()) {
throw new IllegalStateException("Cannot convert an empty MultipartFile"); throw new IllegalStateException("Cannot convert an empty MultipartFile");
} }
if (!FileUtils.isValidFileExtention(file, MimeTypeUtils.AUDIO__EXTENSION)) {
throw new IllegalStateException("File Extention not supported");
}
// 创建一个文件对象 // 创建一个文件对象
File fileA = new File(System.getProperty("java.io.tmpdir") + File.separator + file.getOriginalFilename()); File fileA = new File(System.getProperty("java.io.tmpdir") + File.separator + file.getOriginalFilename());
try { try {
@@ -422,6 +427,12 @@ public class SseServiceImpl implements ISseService {
@Override @Override
public UploadFileResponse upload(MultipartFile file) { public UploadFileResponse upload(MultipartFile file) {
if (file.isEmpty()) {
throw new IllegalStateException("Cannot upload an empty MultipartFile");
}
if (!FileUtils.isValidFileExtention(file, MimeTypeUtils.DEFAULT_ALLOWED_EXTENSION)) {
throw new IllegalStateException("File Extention not supported");
}
openAiStreamClient = chatConfig.getOpenAiStreamClient(); openAiStreamClient = chatConfig.getOpenAiStreamClient();
return openAiStreamClient.uploadFile("fine-tune", convertMultiPartToFile(file)); return openAiStreamClient.uploadFile("fine-tune", convertMultiPartToFile(file));
} }