fixed get_file request.referer 防盗链优化处理

2024-10-17 16:21:19 +08:00 · 2024-10-17 16:21:19 +08:00 · 3e09ee08d3
parent 84a46a1042
commit 3e09ee08d3
1 changed files with 18 additions and 25 deletions
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@ -30,40 +30,33 @@ class AttachmentsController < ApplicationController


  def get_file
+    Rails.logger.info("request.host===#{request.host},request.referer===#{request.referer}")
    tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
    normal_status(-1, "参数缺失") if params[:download_url].blank?
    url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s
    md5_file  = Digest::MD5.hexdigest(params[:download_url])
    FileUtils.mkdir_p("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/") unless Dir.exists?("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/")
    tmp_path = "#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/#{Time.now.strftime('%Y%m%d')}-#{md5_file}"
-    cache_key ="get_file:#{Time.now.strftime('%Y%m%d')}:#{md5_file}"
-    value = Rails.cache.read(cache_key)
-    if value.to_i >= 5 && File.exist?(tmp_path)
+    if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo")
+      domain  = GiteaService.gitea_config[:domain]
+      api_url = GiteaService.gitea_config[:base_url]
+      url = ("/repos"+url.split(base_url + "/api")[1])
      filepath, ref = url.split("/")[-1].split("?")
-      send_file(tmp_path, filename: filepath, stream:false, type: 'application/octet-stream')
+      url.gsub!(url.split("/")[-1], '')
+      # Rails.logger.info("url===#{url}")
+      Rails.logger.info(filepath)
+      ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1])
+      request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join
+      Rails.logger.info("request_url===#{request_url}")
+      File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
+      Util.download_file(request_url, tmp_path)
+      filename = filepath
    else
-      if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo")
-        domain  = GiteaService.gitea_config[:domain]
-        api_url = GiteaService.gitea_config[:base_url]
-        url = ("/repos"+url.split(base_url + "/api")[1])
-        filepath, ref = url.split("/")[-1].split("?")
-        url.gsub!(url.split("/")[-1], '')
-        Rails.logger.info("url===#{url}")
-        Rails.logger.info(filepath)
-        ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1])
-        request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join
-        Rails.logger.info("request_url===#{request_url}")
-        file = Util.download_file(request_url, tmp_path)
-        filename = filepath
-      else
-        file = Util.download_file(URI.encode(url), tmp_path)
-        filename = params[:download_url].to_s.split("/").pop()
-      end
-      value = value.to_i + 1
-      Rails.cache.write(cache_key, value, expires_in: 1.day)
-      # send_data(response.body.force_encoding("UTF-8"),  filename: filename, type: "application/octet-stream", disposition: 'attachment')
-      send_file(tmp_path,  filename: filename, type: "application/octet-stream", disposition: 'attachment')
+      File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
+      Util.download_file(URI.encode(url), tmp_path)
+      filename = params[:download_url].to_s.split("/").pop()
    end
+    send_file(tmp_path,  filename: filename, type: "application/octet-stream", disposition: 'attachment')
  end

  def create