From 1b242dc04eb566581abf6021c4cb0ba47fdd5111 Mon Sep 17 00:00:00 2001 From: kuaifan Date: Wed, 30 Jul 2025 20:33:27 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/Api/ApproveController.php | 4 ++-- app/Http/Controllers/Api/DialogController.php | 8 ++------ app/Http/Controllers/Api/FileController.php | 4 ++-- app/Http/Controllers/Api/ProjectController.php | 8 +++----- app/Http/Controllers/Api/SystemController.php | 4 ++-- app/Http/Controllers/IndexController.php | 14 ++++---------- app/Models/FileContent.php | 11 +++-------- app/Module/Base.php | 7 ++----- 8 files changed, 20 insertions(+), 40 deletions(-) diff --git a/app/Http/Controllers/Api/ApproveController.php b/app/Http/Controllers/Api/ApproveController.php index 0c2aa81fd..70e9d6d53 100755 --- a/app/Http/Controllers/Api/ApproveController.php +++ b/app/Http/Controllers/Api/ApproveController.php @@ -984,13 +984,13 @@ class ApproveController extends AbstractController { $userid = Session::get('approve::export:userid'); if (empty($userid)) { - return Base::ajaxError("请求已过期,请重新导出!", [], 0, 502); + return Base::ajaxError("请求已过期,请重新导出!", [], 0, 403); } // $array = Base::string2array(base64_decode(urldecode(Request::input('key')))); $file = $array['file']; if (empty($file) || !file_exists(storage_path($file))) { - return Base::ajaxError("文件不存在!", [], 0, 502); + return Base::ajaxError("文件不存在!", [], 0, 403); } return Response::download(storage_path($file)); } diff --git a/app/Http/Controllers/Api/DialogController.php b/app/Http/Controllers/Api/DialogController.php index 8f65a6b18..dc8d08c9d 100755 --- a/app/Http/Controllers/Api/DialogController.php +++ b/app/Http/Controllers/Api/DialogController.php @@ -1857,12 +1857,8 @@ class DialogController extends AbstractController $down = Request::input('down', 'yes'); // $msg = WebSocketDialogMsg::whereId($msg_id)->first(); - if (empty($msg)) { - abort(403, "This file not exist."); - } - if ($msg->type != 'file') { - abort(403, "This file not support download."); - } + abort_if(empty($msg), 403, "This file not exist."); + abort_if($msg->type != 'file', 403, "This file not support download."); $array = Base::json2array($msg->getRawOriginal('msg')); // if ($down === 'preview') { diff --git a/app/Http/Controllers/Api/FileController.php b/app/Http/Controllers/Api/FileController.php index 8fd80b63f..e4c88c037 100755 --- a/app/Http/Controllers/Api/FileController.php +++ b/app/Http/Controllers/Api/FileController.php @@ -1020,13 +1020,13 @@ class FileController extends AbstractController if ($key) { $userid = Session::get('file::pack:userid'); if (empty($userid)) { - return Base::ajaxError("请求已过期,请重新导出!", [], 0, 502); + return Base::ajaxError("请求已过期,请重新导出!", [], 0, 403); } // $array = Base::string2array(base64_decode(urldecode($key))); $file = $array['file']; if (empty($file) || !file_exists(storage_path($file))) { - return Base::ajaxError("文件不存在!", [], 0, 502); + return Base::ajaxError("文件不存在!", [], 0, 403); } return Response::download(storage_path($file)); } diff --git a/app/Http/Controllers/Api/ProjectController.php b/app/Http/Controllers/Api/ProjectController.php index d8b17a29b..97b9bcd27 100755 --- a/app/Http/Controllers/Api/ProjectController.php +++ b/app/Http/Controllers/Api/ProjectController.php @@ -1661,13 +1661,13 @@ class ProjectController extends AbstractController { $userid = Session::get('task::export:userid'); if (empty($userid)) { - return Base::ajaxError("请求已过期,请重新导出!", [], 0, 502); + return Base::ajaxError("请求已过期,请重新导出!", [], 0, 403); } // $array = Base::string2array(base64_decode(urldecode(Request::input('key')))); $file = $array['file']; if (empty($file) || !file_exists(storage_path($file))) { - return Base::ajaxError("文件不存在!", [], 0, 502); + return Base::ajaxError("文件不存在!", [], 0, 403); } return Response::download(storage_path($file)); } @@ -1926,9 +1926,7 @@ class ProjectController extends AbstractController $down = Request::input('down', 'yes'); // $file = ProjectTaskFile::find($file_id); - if (empty($file)) { - abort(403, "This file not exist."); - } + abort_if(empty($file), 403, "This file not exist."); // try { ProjectTask::userTask($file->task_id, null); diff --git a/app/Http/Controllers/Api/SystemController.php b/app/Http/Controllers/Api/SystemController.php index e88a5938a..de44ab76d 100755 --- a/app/Http/Controllers/Api/SystemController.php +++ b/app/Http/Controllers/Api/SystemController.php @@ -1512,13 +1512,13 @@ class SystemController extends AbstractController { $userid = Session::get('checkin::export:userid'); if (empty($userid)) { - return Base::ajaxError("请求已过期,请重新导出!", [], 0, 502); + return Base::ajaxError("请求已过期,请重新导出!", [], 0, 403); } // $array = Base::string2array(base64_decode(urldecode(Request::input('key')))); $file = $array['file']; if (empty($file) || !file_exists(storage_path($file))) { - return Base::ajaxError("文件不存在!", [], 0, 502); + return Base::ajaxError("文件不存在!", [], 0, 403); } return Response::download(storage_path($file)); } diff --git a/app/Http/Controllers/IndexController.php b/app/Http/Controllers/IndexController.php index eb4cb7837..7a73a9421 100755 --- a/app/Http/Controllers/IndexController.php +++ b/app/Http/Controllers/IndexController.php @@ -352,9 +352,7 @@ class IndexController extends InvokeController break; } } - if (empty($avaiPath)) { - abort(404); - } + abort_if(empty($avaiPath), 404); $lists = Base::recursiveFiles($dirPath, false); $files = []; foreach ($lists as $file) { @@ -432,13 +430,9 @@ class IndexController extends InvokeController $path = Arr::get($data, 'path'); $file = public_path($path); // 防止 ../ 穿越获取到系统文件 - if (!str_starts_with(realpath($file), public_path())) { - abort(404); - } - // - if (!file_exists($file)) { - abort(404); - } + abort_if(!str_starts_with(realpath($file), public_path()), 404); + // 如果文件不存在,直接返回 404 + abort_if(!file_exists($file), 404); // parse_str($data['query'], $query); $name = Arr::get($query, 'name'); diff --git a/app/Models/FileContent.php b/app/Models/FileContent.php index 51d35b8da..96c49f9ac 100644 --- a/app/Models/FileContent.php +++ b/app/Models/FileContent.php @@ -129,9 +129,7 @@ class FileContent extends AbstractModel ], default => json_decode('{}'), }; - if ($download) { - abort(403, "This file is empty."); - } + abort_if($download, 403, "This file is empty."); } else { $path = $content['url']; if ($file->ext) { @@ -147,11 +145,8 @@ class FileContent extends AbstractModel } if ($download) { $filePath = public_path($path); - if (isset($filePath)) { - return Base::DownloadFileResponse($filePath, $name); - } else { - abort(403, "This file not support download."); - } + abort_if(!isset($filePath),403, "This file not support download."); + return Base::DownloadFileResponse($filePath, $name); } } return Base::retSuccess('success', [ 'content' => $content ]); diff --git a/app/Module/Base.php b/app/Module/Base.php index 45fc1f9e6..1eb402f41 100755 --- a/app/Module/Base.php +++ b/app/Module/Base.php @@ -1404,11 +1404,8 @@ class Base */ public static function ajaxError($msg, $data = [], $ret = 0, $abortCode = 404) { - if (Request::header('Content-Type') === 'application/json') { - return Base::retError($msg, $data, $ret); - } else { - abort($abortCode, $msg); - } + abort_if(Request::header('Content-Type') !== 'application/json', $abortCode, Doo::translate($msg)); + return Base::retError($msg, $data, $ret); } /**