fixed get_file request.referer 防盗链优化处理

2024-10-17 16:21:19 +08:00 · 2024-10-17 16:21:19 +08:00 · ba7f36c34c
parent c89493d6e9
commit ba7f36c34c
1 changed files with 18 additions and 25 deletions
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@ -30,41 +30,34 @@ class AttachmentsController < ApplicationController
  def get_file
    Rails.logger.info("request.host===#{request.host},request.referer===#{request.referer}")
    tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
    normal_status(-1, "参数缺失") if params[:download_url].blank?
    url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s
    md5_file  = Digest::MD5.hexdigest(params[:download_url])
    FileUtils.mkdir_p("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/") unless Dir.exists?("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/")
    tmp_path = "#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/#{Time.now.strftime('%Y%m%d')}-#{md5_file}"
    cache_key ="get_file:#{Time.now.strftime('%Y%m%d')}:#{md5_file}"
    value = Rails.cache.read(cache_key)
    if value.to_i >= 5 && File.exist?(tmp_path)
      filepath, ref = url.split("/")[-1].split("?")
      send_file(tmp_path, filename: filepath, stream:false, type: 'application/octet-stream')
    else
    if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo")
      domain  = GiteaService.gitea_config[:domain]
      api_url = GiteaService.gitea_config[:base_url]
      url = ("/repos"+url.split(base_url + "/api")[1])
      filepath, ref = url.split("/")[-1].split("?")
      url.gsub!(url.split("/")[-1], '')
-        Rails.logger.info("url===#{url}")
+      # Rails.logger.info("url===#{url}")
      Rails.logger.info(filepath)
      ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1])
      request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join
      Rails.logger.info("request_url===#{request_url}")
-        file = Util.download_file(request_url, tmp_path)
+      File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
      Util.download_file(request_url, tmp_path)
      filename = filepath
    else
-        file = Util.download_file(URI.encode(url), tmp_path)
+      File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
      Util.download_file(URI.encode(url), tmp_path)
      filename = params[:download_url].to_s.split("/").pop()
    end
      value = value.to_i + 1
      Rails.cache.write(cache_key, value, expires_in: 1.day)
      # send_data(response.body.force_encoding("UTF-8"),  filename: filename, type: "application/octet-stream", disposition: 'attachment')
    send_file(tmp_path,  filename: filename, type: "application/octet-stream", disposition: 'attachment')
  end
  end
  def create
    # 1. 本地存储