-fix:修复了oss解析泄漏问题

package-lock.json

@@ -16,6 +16,7 @@
         "axios": "^1.11.0",
         "docx": "^9.5.1",
         "docx-pdf": "^0.0.1",
+        "dompurify": "^3.3.0",
         "element-plus": "^2.11.1",
         "file-saver": "^2.0.5",
         "html-docx-js": "^0.3.1",
@@ -23,9 +24,11 @@
         "html2canvas": "^1.4.1",
         "js-yaml": "^4.1.0",
         "jszip": "^3.10.1",
+        "katex": "^0.16.25",
         "lodash": "^4.17.21",
         "mammoth": "^1.10.0",
         "marked": "^16.4.0",
+        "marked-katex-extension": "^5.1.5",
         "nanoid": "^5.1.5",
         "officegen": "^0.6.5",
         "pdf-lib": "^1.17.1",
@@ -141,6 +144,7 @@
       "integrity": "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
         "@babel/code-frame": "^7.27.1",
@@ -1586,6 +1590,7 @@
       "resolved": "https://registry.npmmirror.com/@types/lodash-es/-/lodash-es-4.17.12.tgz",
       "integrity": "sha512-0NgftHUcV4v34VhXm8QBSftKVXtbkBG3ViCjs6+eJ5a6y6Mi/jiFGPc1sC7QK+9BFhWrURE3EOggmWaSxL9OzQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@types/lodash": "*"
       }
@@ -1614,6 +1619,13 @@
         "undici-types": "~6.21.0"
       }
     },
+    "node_modules/@types/trusted-types": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+      "license": "MIT",
+      "optional": true
+    },
     "node_modules/@types/unist": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
@@ -1647,6 +1659,7 @@
       "resolved": "https://registry.npmmirror.com/@uppy/core/-/core-2.3.4.tgz",
       "integrity": "sha512-iWAqppC8FD8mMVqewavCz+TNaet6HPXitmGXpGGREGrakZ4FeuWytVdrelydzTdXx6vVKkOmI2FLztGg73sENQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@transloadit/prettier-bytes": "0.0.7",
         "@uppy/store-default": "^2.1.1",
@@ -1696,6 +1709,7 @@
       "resolved": "https://registry.npmmirror.com/@uppy/xhr-upload/-/xhr-upload-2.1.3.tgz",
       "integrity": "sha512-YWOQ6myBVPs+mhNjfdWsQyMRWUlrDLMoaG7nvf/G6Y3GKZf8AyjFDjvvJ49XWQ+DaZOftGkHmF1uh/DBeGivJQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@uppy/companion-client": "^2.2.2",
         "@uppy/utils": "^4.1.2",
@@ -2129,6 +2143,7 @@
       "resolved": "https://registry.npmmirror.com/@wangeditor/basic-modules/-/basic-modules-1.1.7.tgz",
       "integrity": "sha512-cY9CPkLJaqF05STqfpZKWG4LpxTMeGSIIF1fHvfm/mz+JXatCagjdkbxdikOuKYlxDdeqvOeBmsUBItufDLXZg==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "is-url": "^1.2.4"
       },
@@ -2161,6 +2176,7 @@
       "resolved": "https://registry.npmmirror.com/@wangeditor/core/-/core-1.1.19.tgz",
       "integrity": "sha512-KevkB47+7GhVszyYF2pKGKtCSj/YzmClsD03C3zTt+9SR2XWT5T0e3yQqg8baZpcMvkjs1D8Dv4fk8ok/UaS2Q==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@types/event-emitter": "^0.3.3",
         "event-emitter": "^0.3.5",
@@ -2255,6 +2271,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "bin": {
         "nanoid": "bin/nanoid.cjs"
       },
@@ -2671,6 +2688,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "caniuse-lite": "^1.0.30001733",
         "electron-to-chromium": "^1.5.199",
@@ -2942,6 +2960,15 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/commander": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
+      "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
     "node_modules/compress-commons": {
       "version": "4.1.2",
       "resolved": "https://registry.npmmirror.com/compress-commons/-/compress-commons-4.1.2.tgz",
@@ -3426,10 +3453,20 @@
       "resolved": "https://registry.npmmirror.com/dom7/-/dom7-3.0.0.tgz",
       "integrity": "sha512-oNlcUdHsC4zb7Msx7JN3K0Nro1dzJ48knvBOnDPKJ2GV9wl1i5vydJZUSyOfrkKFDZEud/jBsTk92S/VGSAe/g==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "ssr-window": "^3.0.0-alpha.1"
       }
     },
+    "node_modules/dompurify": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.0.tgz",
+      "integrity": "sha512-r+f6MYR1gGN1eJv0TVQbhA7if/U7P87cdPl3HN5rikqaBSBxLiCb/b9O+2eG0cxz0ghyU+mU1QkbsOwERMYlWQ==",
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
+    },
     "node_modules/duck": {
       "version": "0.1.12",
       "resolved": "https://registry.npmmirror.com/duck/-/duck-0.1.12.tgz",
@@ -4650,7 +4687,8 @@
       "version": "0.2.0",
       "resolved": "https://registry.npmmirror.com/is-hotkey/-/is-hotkey-0.2.0.tgz",
       "integrity": "sha512-UknnZK4RakDmTgz4PI1wIph5yxSs/mvChWs9ifnlXsKuXgWmOkY/hAE0H/k2MIqH0RlRye0i1oC07MCRSD28Mw==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/is-inside-container": {
       "version": "1.0.0",
@@ -4911,6 +4949,23 @@
         "setimmediate": "^1.0.5"
       }
     },
+    "node_modules/katex": {
+      "version": "0.16.25",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.25.tgz",
+      "integrity": "sha512-woHRUZ/iF23GBP1dkDQMh1QBad9dmr8/PAwNA54VrSOVYgI12MAcE14TqnDdQOdzyEonGzMepYnqBMYdsoAr8Q==",
+      "funding": [
+        "https://opencollective.com/katex",
+        "https://github.com/sponsors/katex"
+      ],
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "commander": "^8.3.0"
+      },
+      "bin": {
+        "katex": "cli.js"
+      }
+    },
     "node_modules/kew": {
       "version": "0.7.0",
       "resolved": "https://registry.npmmirror.com/kew/-/kew-0.7.0.tgz",
@@ -5007,13 +5062,15 @@
       "version": "4.17.21",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
       "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash-es": {
       "version": "4.17.21",
       "resolved": "https://registry.npmmirror.com/lodash-es/-/lodash-es-4.17.21.tgz",
       "integrity": "sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash-unified": {
       "version": "1.0.3",
@@ -5089,19 +5146,22 @@
       "version": "4.3.0",
       "resolved": "https://registry.npmmirror.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
       "integrity": "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.clonedeep": {
       "version": "4.5.0",
       "resolved": "https://registry.npmmirror.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
       "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.debounce": {
       "version": "4.0.8",
       "resolved": "https://registry.npmmirror.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
       "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.defaults": {
       "version": "4.2.0",
@@ -5134,7 +5194,8 @@
       "version": "4.5.0",
       "resolved": "https://registry.npmmirror.com/lodash.foreach/-/lodash.foreach-4.5.0.tgz",
       "integrity": "sha512-aEXTF4d+m05rVOAUG3z4vZZ4xVexLKZGF0lIxuHZ1Hplpk/3B6Z1+/ICICYRLm7c41Z2xiejbkCkJoTlypoXhQ==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.isarguments": {
       "version": "3.1.0",
@@ -5153,7 +5214,8 @@
       "resolved": "https://registry.npmmirror.com/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
       "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==",
       "deprecated": "This package is deprecated. Use require('node:util').isDeepStrictEqual instead.",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.isplainobject": {
       "version": "4.0.6",
@@ -5228,13 +5290,15 @@
       "version": "4.1.1",
       "resolved": "https://registry.npmmirror.com/lodash.throttle/-/lodash.throttle-4.1.1.tgz",
       "integrity": "sha512-wIkUCfVKpVsWo3JSZlc+8MB5it+2AN5W8J7YVMST30UrvcQNZ1Okbj+rbVniijTWE6FGYy4XJq/rHkas8qJMLQ==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.toarray": {
       "version": "4.4.0",
       "resolved": "https://registry.npmmirror.com/lodash.toarray/-/lodash.toarray-4.4.0.tgz",
       "integrity": "sha512-QyffEA3i5dma5q2490+SgCvDN0pXLmRGSyAANuVi0HQ01Pkfr9fuoKQW8wm1wGBnJITs/mS7wQvS6VshUEBFCw==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/lodash.toplainobject": {
       "version": "3.0.0",
@@ -5359,6 +5423,7 @@
       "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.0.tgz",
       "integrity": "sha512-CTPAcRBq57cn3R8n3hwc2REddc28hjR7RzDXQ+lXLmMJYqn20BaI2cGw6QjgZGIgVfp2Wdfw4aMzgNteQ6qJgQ==",
       "license": "MIT",
+      "peer": true,
       "bin": {
         "marked": "bin/marked.js"
       },
@@ -5366,6 +5431,16 @@
         "node": ">= 20"
       }
     },
+    "node_modules/marked-katex-extension": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/marked-katex-extension/-/marked-katex-extension-5.1.6.tgz",
+      "integrity": "sha512-vYpLXwmlIDKILIhJtiRTgdyZRn5sEYdFBuTmbpjD7lbCIzg0/DWyK3HXIntN3Tp8zV6hvOUgpZNLWRCgWVc24A==",
+      "license": "MIT",
+      "peerDependencies": {
+        "katex": ">=0.16 <0.17",
+        "marked": ">=4 <18"
+      }
+    },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -6629,6 +6704,7 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "nanoid": "^3.3.11",
         "picocolors": "^1.1.1",
@@ -7520,6 +7596,7 @@
       "resolved": "https://registry.npmmirror.com/slate/-/slate-0.72.8.tgz",
       "integrity": "sha512-/nJwTswQgnRurpK+bGJFH1oM7naD5qDmHd89JyiKNT2oOKD8marW0QSBtuFnwEbL5aGCS8AmrhXQgNOsn4osAw==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "immer": "^9.0.6",
         "is-plain-object": "^5.0.0",
@@ -7561,6 +7638,7 @@
       "resolved": "https://registry.npmmirror.com/snabbdom/-/snabbdom-3.6.3.tgz",
       "integrity": "sha512-W2lHLLw2qR2Vv0DcMmcxXqcfdBaIcoN+y/86SmHv8fn4DazEQSH6KN3TjZcWvwujW56OHiiirsbHWZb4vx/0fg==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=12.17.0"
       }
@@ -8203,6 +8281,7 @@
       "integrity": "sha512-OOUi5zjkDxYrKhTV3V7iKsoS37VUM7v40+HuwEmcrsf11Cdx9y3DIr2Px6liIcZFwt3XSRpQvFpL3WVy7ApkGw==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "esbuild": "^0.25.0",
         "fdir": "^6.5.0",
@@ -8408,6 +8487,7 @@
       "resolved": "https://registry.npmmirror.com/vue/-/vue-3.5.18.tgz",
       "integrity": "sha512-7W4Y4ZbMiQ3SEo+m9lnoNpV9xG7QVMLa+/0RFwwiAVkeYoyGXqWE85jabU4pllJNUzqfLShJ5YLptewhCWUgNA==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@vue/compiler-dom": "3.5.18",
         "@vue/compiler-sfc": "3.5.18",

shudao-chat-go/conf/app.conf

@@ -1,5 +1,5 @@
 appname = shudao-chat-go
-httpport = 22001
+httpport = 22000
 runmode = dev
 
 # 我们musql配置
@@ -13,7 +13,7 @@ runmode = dev
 # shudao-chat-go配置
 mysqluser = "root"
 mysqlpass = "88888888"
-mysqlurls = "172.16.35.57"
+mysqlurls = "172.16.29.101"
 mysqlhttpport = "21000"
 mysqldb = "shudao"
 
@@ -56,12 +56,9 @@ base_url = "https://aqai.shudaodsj.com:22000"
 auth_api_url = "https://aqai.shudaodsj.com:22000/api/auth/verify"
 
 # oss配置
-#OSS_ACCESS_KEY_ID="LTAI5tCXEHGzpEn5jPxY29ML"    #阿里云OSS的AccessKey ID
-#OSS_ACCESS_KEY_SECRET="NqfmJZUfQZ7FbXclPyjEW59AJguRej"  #阿里云OSS的AccessKey Secret
-#OSS_BUCKET="wubenbear"  #阿里云OSS的Bucket名称
-#OSS_END_POINT="oss-cn-chengdu.aliyuncs.com" #阿里云OSS的Endpoint
 
 OSS_ACCESS_KEY_ID="fnyfi2f368pbic74d8ll"
 OSS_ACCESS_KEY_SECRET="jgqwk7sirqlz2602x2k7yx2eor0vii19wah6ywlv"
 OSS_BUCKET="gdsc-ai-aqzs"
-OSS_END_POINT="172.16.17.52:8060"
+OSS_END_POINT="172.16.17.52:8060"
+OSS_PARSSE_ENCRYPT_KEY="jgqwk7sirqlz2602"

shudao-chat-go/controllers/shudaooss.go

@@ -452,20 +452,29 @@ func (c *ShudaoOssController) ParseOSS() {
 		return
 	}
 
-	// 获取URL参数
-	ossURL := c.GetString("url")
-	if ossURL == "" {
+	// 获取URL参数（加密的）
+	encryptedURL := c.GetString("url")
+	if encryptedURL == "" {
 		c.Ctx.ResponseWriter.WriteHeader(400)
 		c.Ctx.WriteString("缺少url参数")
 		return
 	}
 
+	// 解密URL
+	decryptedURL, err := utils.DecryptURL(encryptedURL)
+	if err != nil {
+		fmt.Printf("URL解密失败: %v, 加密URL: %s\n", err, encryptedURL)
+		c.Ctx.ResponseWriter.WriteHeader(400)
+		c.Ctx.WriteString("URL解密失败: " + err.Error())
+		return
+	}
+
 	// URL解码，处理可能的编码问题
-	decodedURL, err := neturl.QueryUnescape(ossURL)
+	decodedURL, err := neturl.QueryUnescape(decryptedURL)
 	if err != nil {
-		fmt.Printf("URL解码失败: %v, 原始URL: %s\n", err, ossURL)
-		// 如果解码失败，使用原始URL
-		decodedURL = ossURL
+		fmt.Printf("URL解码失败: %v, 解密后URL: %s\n", err, decryptedURL)
+		// 如果解码失败，使用解密后的URL
+		decodedURL = decryptedURL
 	}
 
 	var actualOSSURL string
@@ -511,8 +520,8 @@ func (c *ShudaoOssController) ParseOSS() {
 		return
 	}
 
-	fmt.Printf("代理请求 - 原始URL: %s, 解码后URL: %s, 实际OSS URL: %s, 协议: %s\n",
-		ossURL, decodedURL, actualOSSURL, parsedOSSURL.Scheme)
+	fmt.Printf("代理请求 - 加密URL: %s, 解密后URL: %s, 解码后URL: %s, 实际OSS URL: %s, 协议: %s\n",
+		encryptedURL, decryptedURL, decodedURL, actualOSSURL, parsedOSSURL.Scheme)
 
 	// 创建HTTP客户端，设置超时时间
 	client := &http.Client{

shudao-chat-go/utils/config.go

@@ -9,12 +9,17 @@ func GetBaseURL() string {
 	return web.AppConfig.DefaultString("base_url", "https://172.16.29.101:22000")
 }
 
-// GetProxyURL 生成OSS代理URL
+// GetProxyURL 生成OSS代理URL（加密版本）
 func GetProxyURL(originalURL string) string {
 	if originalURL == "" {
 		return ""
 	}
 
+	encryptedURL, err := EncryptURL(originalURL)
+	if err != nil {
+		return ""
+	}
+
 	baseURL := GetBaseURL()
-	return baseURL + "/apiv1/oss/parse/?url=" + originalURL
+	return baseURL + "/apiv1/oss/parse/?url=" + encryptedURL
 }

shudao-chat-go/utils/crypto.go

@@ -0,0 +1,75 @@
+package utils
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+
+	"github.com/beego/beego/v2/server/web"
+)
+
+// GetEncryptKey 获取加密密钥
+func GetEncryptKey() string {
+	return web.AppConfig.DefaultString("OSS_PARSSE_ENCRYPT_KEY", "jgqwk7sirqlz2602")
+}
+
+// EncryptURL 加密URL
+func EncryptURL(plainURL string) (string, error) {
+	if plainURL == "" {
+		return "", nil
+	}
+
+	key := []byte(GetEncryptKey())
+	plaintext := []byte(plainURL)
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", fmt.Errorf("创建加密器失败: %v", err)
+	}
+
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return "", fmt.Errorf("生成IV失败: %v", err)
+	}
+
+	stream := cipher.NewCFBEncrypter(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+
+	return base64.URLEncoding.EncodeToString(ciphertext), nil
+}
+
+// DecryptURL 解密URL
+func DecryptURL(encryptedURL string) (string, error) {
+	if encryptedURL == "" {
+		return "", nil
+	}
+
+	key := []byte(GetEncryptKey())
+
+	ciphertext, err := base64.URLEncoding.DecodeString(encryptedURL)
+	if err != nil {
+		return "", fmt.Errorf("Base64解码失败: %v", err)
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", fmt.Errorf("创建解密器失败: %v", err)
+	}
+
+	if len(ciphertext) < aes.BlockSize {
+		return "", fmt.Errorf("密文长度不足")
+	}
+
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	stream := cipher.NewCFBDecrypter(block, iv)
+	stream.XORKeyStream(ciphertext, ciphertext)
+
+	return string(ciphertext), nil
+}
+