fix: 【漏洞】修复导出中心公开下载链接有效期请求时未校验

core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java

@@ -17,6 +17,7 @@ import io.dataease.exportCenter.dao.auto.entity.CoreExportTask;
 import io.dataease.exportCenter.dao.auto.mapper.CoreExportDownloadTaskMapper;
 import io.dataease.exportCenter.dao.auto.mapper.CoreExportTaskMapper;
 import io.dataease.exportCenter.dao.ext.mapper.ExportTaskExtMapper;
+import io.dataease.i18n.Translator;
 import io.dataease.license.config.XpackInteract;
 import io.dataease.log.DeLog;
 import io.dataease.model.ExportTaskDTO;
@@ -357,6 +358,17 @@ public class ExportCenterManage implements BaseExportApi {
     }
 
 
+    public void validateDownloadTask(String id) {
+        CoreExportDownloadTask coreExportDownloadTask = coreExportDownloadTaskMapper.selectById(id);
+        if (coreExportDownloadTask != null) {
+            if (System.currentTimeMillis() - coreExportDownloadTask.getCreateTime() <= coreExportDownloadTask.getValidTime() * 60 * 1000) {
+                DEException.throwException(Translator.get("i18n_download_link_invalid"));
+            }
+        } else {
+            DEException.throwException(Translator.get("i18n_download_link_invalid"));
+        }
+    }
+
     @Scheduled(fixedRate = 60 * 60 * 1000)
     public void checkDownLoadInfos() {
         coreExportDownloadTaskMapper.selectList(null).forEach(downLoadInfo -> {
@@ -373,4 +385,3 @@ public class ExportCenterManage implements BaseExportApi {
         Long createTime;
     }
 }
-

core/core-backend/src/main/resources/i18n/core_en_US.properties

@@ -210,6 +210,7 @@ i18n_user_pwd_same_error=Old and new passwords cannot be the same
 i18n_copilot_ds=Only supports MySQL datasource
 
 i18n_file_download_failed=File download failed!
+i18n_download_link_invalid=The download link is invalid or has expired
 i18n_unsupported_file_format=Unsupported file format!
 i18n_invalid_address=Invalid address!
 i18n_unsupported_protocol=Unsupported protocol!

core/core-backend/src/main/resources/i18n/core_zh_CN.properties

@@ -209,6 +209,7 @@ i18n_user_pwd_same_error=\u65B0\u65E7\u5BC6\u7801\u4E0D\u80FD\u76F8\u540C
 i18n_copilot_ds=\u5F53\u524D\u4EC5\u652F\u6301MySQL\u6570\u636E\u6E90
 
 i18n_file_download_failed=\u4E0B\u8F7D\u6587\u4EF6\u5931\u8D25\uFF01
+i18n_download_link_invalid=\u4E0B\u8F7D\u94FE\u63A5\u65E0\u6548\u6216\u5DF2\u8FC7\u671F
 i18n_unsupported_file_format=\u4E0D\u652F\u6301\u7684\u6587\u4EF6\u683C\u5F0F\uFF01
 i18n_invalid_address=\u65E0\u6548\u7684\u5730\u5740\uFF01
 i18n_unsupported_protocol=\u4E0D\u652F\u6301\u7684\u534F\u8BAE\uFF01

core/core-backend/src/main/resources/i18n/core_zh_TW.properties

@@ -209,6 +209,7 @@ i18n_user_pwd_same_error=\u65B0\u820A\u5BC6\u78BC\u4E0D\u80FD\u76F8\u540C
 i18n_copilot_ds=\u7576\u524D\u50C5\u652F\u6301MySQL\u6578\u64DA\u6E90
 
 i18n_file_download_failed=\u6587\u4EF6\u4E0B\u8F09\u5931\u6557\uFF01
+i18n_download_link_invalid=\u4E0B\u8F09\u9023\u7D50\u7121\u6548\u6216\u5DF2\u904E\u671F
 i18n_unsupported_file_format=\u4E0D\u652F\u63F4\u7684\u6587\u4EF6\u683C\u5F0F\uFF01
 i18n_invalid_address=\u7121\u6548\u7684\u5730\u5740\uFF01
 i18n_unsupported_protocol=\u4E0D\u652F\u63F4\u7684\u5354\u8B70\uFF01