fixed get_file request.referer 防盗链优化处理
This commit is contained in:
parent
c89493d6e9
commit
ba7f36c34c
|
|
@ -30,40 +30,33 @@ class AttachmentsController < ApplicationController
|
|||
|
||||
|
||||
def get_file
|
||||
Rails.logger.info("request.host===#{request.host},request.referer===#{request.referer}")
|
||||
tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
|
||||
normal_status(-1, "参数缺失") if params[:download_url].blank?
|
||||
url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s
|
||||
md5_file = Digest::MD5.hexdigest(params[:download_url])
|
||||
FileUtils.mkdir_p("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/") unless Dir.exists?("#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/")
|
||||
tmp_path = "#{Rails.root}#{EduSetting.get("attachment_folder")}gitea/#{Time.now.strftime('%Y%m%d')}-#{md5_file}"
|
||||
cache_key ="get_file:#{Time.now.strftime('%Y%m%d')}:#{md5_file}"
|
||||
value = Rails.cache.read(cache_key)
|
||||
if value.to_i >= 5 && File.exist?(tmp_path)
|
||||
if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo")
|
||||
domain = GiteaService.gitea_config[:domain]
|
||||
api_url = GiteaService.gitea_config[:base_url]
|
||||
url = ("/repos"+url.split(base_url + "/api")[1])
|
||||
filepath, ref = url.split("/")[-1].split("?")
|
||||
send_file(tmp_path, filename: filepath, stream:false, type: 'application/octet-stream')
|
||||
url.gsub!(url.split("/")[-1], '')
|
||||
# Rails.logger.info("url===#{url}")
|
||||
Rails.logger.info(filepath)
|
||||
ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1])
|
||||
request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join
|
||||
Rails.logger.info("request_url===#{request_url}")
|
||||
File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
|
||||
Util.download_file(request_url, tmp_path)
|
||||
filename = filepath
|
||||
else
|
||||
if url.starts_with?(base_url) && !url.starts_with?("#{base_url}/repo")
|
||||
domain = GiteaService.gitea_config[:domain]
|
||||
api_url = GiteaService.gitea_config[:base_url]
|
||||
url = ("/repos"+url.split(base_url + "/api")[1])
|
||||
filepath, ref = url.split("/")[-1].split("?")
|
||||
url.gsub!(url.split("/")[-1], '')
|
||||
Rails.logger.info("url===#{url}")
|
||||
Rails.logger.info(filepath)
|
||||
ref = ref.blank? ? "" : URI.escape(ref.split('ref=')[1])
|
||||
request_url = [domain, api_url, URI.encode(url), URI.escape(filepath), "?ref=#{ref}&access_token=#{User.where(admin: true).take&.gitea_token}"].join
|
||||
Rails.logger.info("request_url===#{request_url}")
|
||||
file = Util.download_file(request_url, tmp_path)
|
||||
filename = filepath
|
||||
else
|
||||
file = Util.download_file(URI.encode(url), tmp_path)
|
||||
filename = params[:download_url].to_s.split("/").pop()
|
||||
end
|
||||
value = value.to_i + 1
|
||||
Rails.cache.write(cache_key, value, expires_in: 1.day)
|
||||
# send_data(response.body.force_encoding("UTF-8"), filename: filename, type: "application/octet-stream", disposition: 'attachment')
|
||||
send_file(tmp_path, filename: filename, type: "application/octet-stream", disposition: 'attachment')
|
||||
File.delete(tmp_path) if File.exist?(tmp_path) # 删除之前的文件
|
||||
Util.download_file(URI.encode(url), tmp_path)
|
||||
filename = params[:download_url].to_s.split("/").pop()
|
||||
end
|
||||
send_file(tmp_path, filename: filename, type: "application/octet-stream", disposition: 'attachment')
|
||||
end
|
||||
|
||||
def create
|
||||
|
|
|
|||
Loading…
Reference in New Issue