From 6cfc2e4258089c953b67054229170c1178585590 Mon Sep 17 00:00:00 2001
From: rk <94314517@qq.com>
Date: 星期一, 23 三月 2026 14:19:33 +0800
Subject: [PATCH] 小程序   接口开发

---
 server/dmmall_web/src/main/java/com/doumee/api/common/PublicController.java |   51 +++++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/server/dmmall_web/src/main/java/com/doumee/api/common/PublicController.java b/server/dmmall_web/src/main/java/com/doumee/api/common/PublicController.java
index bb0a3f1..c985442 100644
--- a/server/dmmall_web/src/main/java/com/doumee/api/common/PublicController.java
+++ b/server/dmmall_web/src/main/java/com/doumee/api/common/PublicController.java
@@ -7,11 +7,13 @@
 import com.doumee.core.utils.Constants;
 import com.doumee.core.utils.DateUtil;
 import com.doumee.core.utils.aliyun.ALiYunUtil;
+import com.doumee.core.wx.WxMiniConfig;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
+import me.chanjar.weixin.common.error.WxErrorException;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -23,6 +25,7 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.HashMap;
@@ -98,17 +101,14 @@
             MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
             Iterator<String> it = multipartRequest.getFileNames();
             while (it.hasNext()) {
-                MultipartFile file = multipartRequest.getFile((String) it.next());// file
-                // multipartRequest.getFile((String)
-                // it.next());
+                MultipartFile file = multipartRequest.getFile((String) it.next());
                 if (file != null) {
-                    // 1銆佷笂浼犲埌鏈嶅姟鍣ㄤ复鏃舵枃浠跺す
                     String uploadFileName = file.getOriginalFilename();
                     String originname = uploadFileName;
                     if (originname.lastIndexOf("/") >= 0) {
                         originname = originname.substring(originname.lastIndexOf("/") + 1);
                     }
-                    String nfix = "";// 鍚庣紑鍚�
+                    String nfix = "";
                     if (StringUtils.isNotBlank(uploadFileName)) {
                         nfix = uploadFileName.substring(uploadFileName.lastIndexOf("."));
                     }
@@ -122,14 +122,36 @@
                         context.put("message", "瀵逛笉璧凤紝鏂囦欢鏍煎紡\".dll\"涓婁紶鏈夎锛�");
                         return;
                     }
-                    String nowDate = DateUtil.getNowShortDate();// 褰撳墠鏃堕棿锛堝勾鏈堟棩锛�
+
+                    if (isImageFile(nfix)) {
+                        File tempFile = null;
+                        try {
+                            tempFile = File.createTempFile("wx_check_", nfix);
+                            java.io.FileOutputStream fos = new java.io.FileOutputStream(tempFile);
+                            fos.write(file.getBytes());
+                            fos.close();
+                            boolean isSafe = WxMiniConfig.wxMaService.getSecurityService().checkImage(tempFile);
+                            if (!isSafe) {
+                                context.put("code", 4001);
+                                context.put("message", "鍥剧墖鍐呭涓嶅悎瑙勶紝璇锋洿鎹㈠浘鐗囧悗閲嶈瘯");
+                                writerJson(response, context);
+                                return;
+                            }
+                        } catch (WxErrorException e) {
+                            log.warn("寰俊鍥剧墖瀹夊叏妫�娴嬪け璐�: {}", e.getMessage());
+                        } finally {
+                            if (tempFile != null && tempFile.exists()) {
+                                tempFile.delete();
+                            }
+                        }
+                    }
+
+                    String nowDate = DateUtil.getNowShortDate();
                     String fileName = UUID.randomUUID().toString() + nfix;
                     String tempFileName = nowDate + "/" + fileName;
-                    String key = folder + tempFileName;// 鏂囦欢鍚�
+                    String key = folder + tempFileName;
                     ALiYunUtil obs = new ALiYunUtil(endpoint,access_id, access_key);
                     if (obs.uploadOnlineObject(file.getInputStream(),bucketName, key,null)) {
-                        // 绉诲姩鎴愬姛,杩斿洖鏂囦欢鍚�
-                        // sendSuccessMessage(response, resourcePath+key);
                         context.put("success", true);
                         context.put("code", 200);
                         context.put("errno",0);
@@ -143,7 +165,6 @@
                         writerJson(response, context);
                         return;
                     } else {
-                        // 绉诲姩澶辫触
                         context.put("code", 0);
                         context.put("message", "涓婁紶澶辫触");
                         writerJson(response, context);
@@ -160,6 +181,16 @@
         return;
     }
 
+    private boolean isImageFile(String suffix) {
+        if (StringUtils.isBlank(suffix)) {
+            return false;
+        }
+        String lowerSuffix = suffix.toLowerCase();
+        return lowerSuffix.equals(".jpg") || lowerSuffix.equals(".jpeg") 
+            || lowerSuffix.equals(".png") || lowerSuffix.equals(".gif") 
+            || lowerSuffix.equals(".bmp") || lowerSuffix.equals(".webp");
+    }
+
     public static void writerJson(HttpServletResponse response, Object object) {
         response.setContentType("application/json");
         writer(response, JSONObject.toJSONString(object));

--
Gitblit v1.9.3