From 3e09ee08d36c100da55183908c1efd08d65f67f4 Mon Sep 17 00:00:00 2001 From: xxq250 Date: Thu, 17 Oct 2024 16:21:19 +0800 Subject: [PATCH] =?UTF-8?q?fixed=20get=5Ffile=20request.referer=20?= =?UTF-8?q?=E9=98=B2=E7=9B=97=E9=93=BE=E4=BC=98=E5=8C=96=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 43 ++++++++++------------- 1 file changed, 18 insertions(+), 25 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 0746f3d1b..e4038fafa 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -30,40 +30,33 @@ class AttachmentsController < ApplicationController def get_file + Rails.logger.info("request.host===#{request.host},request.referer===#{request.referer}") tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.","")) normal_status(-1, "参数缺失") if params[:download_url].blank? url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s md5_file = Digest::MD5.hexdigest(params[:download_url]) FileUtils.mkdir_p("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/") unless Dir.exists?("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/") tmp_path = "#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/#{Time.now.strftime('%Y%m%d')}-#{md5_file}" - cache_key ="get_file:#{Time.now.strftime('%Y%m%d')}:#{md5_file}" - value = Rails.cache.read(cache_key) - if value.to_i >= 5 && File.exist?(tmp_path) + if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo") + domain = GiteaService.gitea_config[:domain] + api_url = GiteaService.gitea_config[:base_url] + url = ("/repos"+url.split(base_url + "/api")[1]) filepath, ref = url.split("/")[-1].split("?") - send_file(tmp_path, filename: filepath, stream:false, type: 'application/octet-stream') + url.gsub!(url.split("/")[-1], '') + # Rails.logger.info("url===#{url}") + Rails.logger.info(filepath) + ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1]) + request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join + Rails.logger.info("request_url===#{request_url}") + File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件 + Util.download_file(request_url, tmp_path) + filename = filepath else - if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo") - domain = GiteaService.gitea_config[:domain] - api_url = GiteaService.gitea_config[:base_url] - url = ("/repos"+url.split(base_url + "/api")[1]) - filepath, ref = url.split("/")[-1].split("?") - url.gsub!(url.split("/")[-1], '') - Rails.logger.info("url===#{url}") - Rails.logger.info(filepath) - ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1]) - request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join - Rails.logger.info("request_url===#{request_url}") - file = Util.download_file(request_url, tmp_path) - filename = filepath - else - file = Util.download_file(URI.encode(url), tmp_path) - filename = params[:download_url].to_s.split("/").pop() - end - value = value.to_i + 1 - Rails.cache.write(cache_key, value, expires_in: 1.day) - # send_data(response.body.force_encoding("UTF-8"), filename: filename, type: "application/octet-stream", disposition: 'attachment') - send_file(tmp_path, filename: filename, type: "application/octet-stream", disposition: 'attachment') + File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件 + Util.download_file(URI.encode(url), tmp_path) + filename = params[:download_url].to_s.split("/").pop() end + send_file(tmp_path, filename: filename, type: "application/octet-stream", disposition: 'attachment') end def create