Skip to content

Commit a146e3f

Browse files
fanyinbofanyinbo
committed
Upload, file address whitelist restriction
Signed-off-by: fanyinbo <[email protected]>
1 parent d49e75a commit a146e3f

File tree

3 files changed

+29
-0
lines changed

3 files changed

+29
-0
lines changed

backend/src/main/java/ai/basic/x1/usecase/UploadDataUseCase.java

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,9 @@ public class UploadDataUseCase {
134134
@Value("${file.prefix.small:small}")
135135
private String small;
136136

137+
@Value("${upload.url.whitelist}")
138+
private String whitelist;
139+
137140
private static final ExecutorService executorService = ThreadUtil.newExecutor(2);
138141
private static final ExecutorService parseExecutorService = ThreadUtil.newExecutor(5);
139142

@@ -156,6 +159,11 @@ public class UploadDataUseCase {
156159
@Transactional(rollbackFor = RuntimeException.class)
157160
public Long upload(DataInfoUploadBO dataInfoUploadBO) {
158161
var uploadRecordBO = uploadUseCase.createUploadRecord(dataInfoUploadBO.getFileUrl());
162+
if(!checkUrlIsValid(whitelist,dataInfoUploadBO.getFileUrl())){
163+
uploadUseCase.updateUploadRecordStatus(uploadRecordBO.getId(), FAILED, DATASET_DATA_FILE_URL_ILLEGAL.getMessage());
164+
log.error("File url illegal,datasetId:{},userId:{},fileUrl:{}", dataInfoUploadBO.getDatasetId(), dataInfoUploadBO.getUserId(), dataInfoUploadBO.getFileUrl());
165+
return uploadRecordBO.getSerialNumber();
166+
}
159167
var boo = DecompressionFileUtils.validateUrl(dataInfoUploadBO.getFileUrl());
160168
if (!boo) {
161169
uploadUseCase.updateUploadRecordStatus(uploadRecordBO.getId(), FAILED, DATASET_DATA_FILE_URL_ERROR.getMessage());
@@ -195,6 +203,20 @@ public Long upload(DataInfoUploadBO dataInfoUploadBO) {
195203
return uploadRecordBO.getSerialNumber();
196204
}
197205

206+
207+
public static boolean checkUrlIsValid(String whitelist, String url) {
208+
if(StrUtil.isEmpty(whitelist)){
209+
return true;
210+
}
211+
String[] substrings = whitelist.split(",");
212+
for (String substring : substrings) {
213+
if (url.contains(substring.trim())) {
214+
return true;
215+
}
216+
}
217+
return false;
218+
}
219+
198220
/**
199221
* Download the file and unzip the file
200222
*

backend/src/main/java/ai/basic/x1/usecase/exception/UsecaseCode.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ public enum UsecaseCode {
3131

3232
DATASET_DATA_FILE_URL_ERROR("DATASET_DATA_FILE_URL_ERROR", "File url error"),
3333

34+
DATASET_DATA_FILE_URL_ILLEGAL("DATASET_DATA_FILE_URL_ILLEGAL", "File url illegal"),
35+
3436
DATASET_DATA_FILE_FORMAT_ERROR("DATASET_DATA_FILE_FORMAT_ERROR", "Incorrect file format"),
3537

3638
DATASET_NOT_FOUND("DATASET_NOT_FOUND", "Dataset not found"),

backend/src/main/resources/application.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,3 +146,8 @@ pointCloud:
146146
dataset:
147147
similarity:
148148
url: http://image-vect-visualization:5000/api/v1/calcSimilarity
149+
150+
upload:
151+
url:
152+
# If not set, no check is performed. Multiple commas separated
153+
whitelist:

0 commit comments

Comments
 (0)