backend/internal/service/sora_cache_service.go

package service

import (
	"context"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"os"
	"path"
	"path/filepath"
	"strings"
	"time"

	"github.com/Wei-Shaw/sub2api/internal/config"
	"github.com/Wei-Shaw/sub2api/internal/pkg/uuidv7"
	"github.com/Wei-Shaw/sub2api/internal/util/urlvalidator"
)

// SoraCacheService 提供 Sora 视频缓存能力。
type SoraCacheService struct {
	cfg            *config.Config
	cacheRepo      SoraCacheFileRepository
	settingService *SettingService
	accountRepo    AccountRepository
	httpUpstream   HTTPUpstream
}

// NewSoraCacheService 创建 SoraCacheService。
func NewSoraCacheService(cfg *config.Config, cacheRepo SoraCacheFileRepository, settingService *SettingService, accountRepo AccountRepository, httpUpstream HTTPUpstream) *SoraCacheService {
	return &SoraCacheService{
		cfg:            cfg,
		cacheRepo:      cacheRepo,
		settingService: settingService,
		accountRepo:    accountRepo,
		httpUpstream:   httpUpstream,
	}
}

func (s *SoraCacheService) CacheVideo(ctx context.Context, accountID, userID int64, taskID, mediaURL string) (*SoraCacheFile, error) {
	cfg := s.getSoraConfig(ctx)
	if !cfg.Cache.Enabled {
		return nil, nil
	}
	trimmed := strings.TrimSpace(mediaURL)
	if trimmed == "" {
		return nil, nil
	}

	allowedHosts := cfg.Cache.AllowedHosts
	useAllowlist := true
	if len(allowedHosts) == 0 {
		if s.cfg != nil {
			allowedHosts = s.cfg.Security.URLAllowlist.UpstreamHosts
			useAllowlist = s.cfg.Security.URLAllowlist.Enabled
		} else {
			useAllowlist = false
		}
	}

	if useAllowlist {
		if _, err := urlvalidator.ValidateHTTPSURL(trimmed, urlvalidator.ValidationOptions{
			AllowedHosts:     allowedHosts,
			RequireAllowlist: true,
			AllowPrivate:     s.cfg != nil && s.cfg.Security.URLAllowlist.AllowPrivateHosts,
		}); err != nil {
			return nil, fmt.Errorf("缓存下载地址不合法: %w", err)
		}
	} else {
		allowInsecure := false
		if s.cfg != nil {
			allowInsecure = s.cfg.Security.URLAllowlist.AllowInsecureHTTP
		}
		if _, err := urlvalidator.ValidateURLFormat(trimmed, allowInsecure); err != nil {
			return nil, fmt.Errorf("缓存下载地址不合法: %w", err)
		}
	}

	videoDir := strings.TrimSpace(cfg.Cache.VideoDir)
	if videoDir == "" {
		return nil, nil
	}

	if cfg.Cache.MaxBytes > 0 {
		size, err := dirSize(videoDir)
		if err != nil {
			return nil, err
		}
		if size >= cfg.Cache.MaxBytes {
			return nil, nil
		}
	}

	relativeDir := ""
	if cfg.Cache.UserDirEnabled && userID > 0 {
		relativeDir = fmt.Sprintf("u_%d", userID)
	}

	targetDir := filepath.Join(videoDir, relativeDir)
	if err := os.MkdirAll(targetDir, 0o755); err != nil {
		return nil, err
	}

	uuid, err := uuidv7.New()
	if err != nil {
		return nil, err
	}

	name := deriveFileName(trimmed)
	if name == "" {
		name = "video.mp4"
	}
	name = sanitizeFileName(name)
	filename := uuid + "_" + name
	cachePath := filepath.Join(targetDir, filename)

	resp, err := s.downloadMedia(ctx, accountID, trimmed, time.Duration(cfg.Timeout)*time.Second)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()
	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
		return nil, fmt.Errorf("缓存下载失败: %d", resp.StatusCode)
	}

	out, err := os.Create(cachePath)
	if err != nil {
		return nil, err
	}
	defer out.Close()

	written, err := io.Copy(out, resp.Body)
	if err != nil {
		return nil, err
	}

	cacheURL := buildCacheURL(relativeDir, filename)

	record := &SoraCacheFile{
		TaskID:      taskID,
		AccountID:   accountID,
		UserID:      userID,
		MediaType:   "video",
		OriginalURL: trimmed,
		CachePath:   cachePath,
		CacheURL:    cacheURL,
		SizeBytes:   written,
		CreatedAt:   time.Now(),
	}
	if s.cacheRepo != nil {
		if err := s.cacheRepo.Create(ctx, record); err != nil {
			return nil, err
		}
	}
	return record, nil
}

func buildCacheURL(relativeDir, filename string) string {
	base := "/data/video"
	if relativeDir != "" {
		return path.Join(base, relativeDir, filename)
	}
	return path.Join(base, filename)
}

func (s *SoraCacheService) getSoraConfig(ctx context.Context) config.SoraConfig {
	if s.settingService != nil {
		return s.settingService.GetSoraConfig(ctx)
	}
	if s.cfg != nil {
		return s.cfg.Sora
	}
	return config.SoraConfig{}
}

func (s *SoraCacheService) downloadMedia(ctx context.Context, accountID int64, mediaURL string, timeout time.Duration) (*http.Response, error) {
	if timeout <= 0 {
		timeout = 120 * time.Second
	}
	ctx, cancel := context.WithTimeout(ctx, timeout)
	defer cancel()

	req, err := http.NewRequestWithContext(ctx, "GET", mediaURL, nil)
	if err != nil {
		return nil, err
	}
	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36")

	if s.httpUpstream == nil {
		client := &http.Client{Timeout: timeout}
		return client.Do(req)
	}

	var accountConcurrency int
	proxyURL := ""
	if s.accountRepo != nil && accountID > 0 {
		account, err := s.accountRepo.GetByID(ctx, accountID)
		if err == nil && account != nil {
			accountConcurrency = account.Concurrency
			if account.Proxy != nil {
				proxyURL = account.Proxy.URL()
			}
		}
	}
	enableTLS := false
	if s.cfg != nil {
		enableTLS = s.cfg.Gateway.TLSFingerprint.Enabled
	}
	return s.httpUpstream.DoWithTLS(req, proxyURL, accountID, accountConcurrency, enableTLS)
}

func deriveFileName(rawURL string) string {
	parsed, err := url.Parse(rawURL)
	if err != nil {
		return ""
	}
	name := path.Base(parsed.Path)
	if name == "/" || name == "." {
		return ""
	}
	return name
}

func sanitizeFileName(name string) string {
	name = strings.TrimSpace(name)
	if name == "" {
		return ""
	}
	sanitized := strings.Map(func(r rune) rune {
		switch {
		case r >= 'a' && r <= 'z':
			return r
		case r >= 'A' && r <= 'Z':
			return r
		case r >= '0' && r <= '9':
			return r
		case r == '-' || r == '_' || r == '.':
			return r
		case r == ' ': // 空格替换为下划线
			return '_'
		default:
			return -1
		}
	}, name)
	return strings.TrimLeft(sanitized, ".")
}
feat(sora): 新增 Sora 平台支持并修复高危安全和性能问题新增功能： - 新增 Sora 账号管理和 OAuth 认证 - 新增 Sora 视频/图片生成 API 网关 - 新增 Sora 任务调度和缓存机制 - 新增 Sora 使用统计和计费支持 - 前端增加 Sora 平台配置界面安全修复（代码审核）： - [SEC-001] 限制媒体下载响应体大小（图片 20MB、视频 200MB），防止 DoS 攻击 - [SEC-002] 限制 SDK API 响应大小（1MB），防止内存耗尽 - [SEC-003] 修复 SSRF 风险，添加 URL 验证并强制使用代理配置 BUG 修复（代码审核）： - [BUG-001] 修复 for 循环内 defer 累积导致的资源泄漏 - [BUG-002] 修复图片并发槽位获取失败时已持有锁未释放的永久泄漏性能优化（代码审核）： - [PERF-001] 添加 Sentinel Token 缓存（3 分钟有效期），减少 PoW 计算开销技术细节： - 使用 io.LimitReader 限制所有外部输入的大小 - 添加 urlvalidator 验证防止 SSRF 攻击 - 使用 sync.Map 实现线程安全的包级缓存 - 优化并发槽位管理，添加 releaseAll 模式防止泄漏影响范围： - 后端：新增 Sora 相关数据模型、服务、网关和管理接口 - 前端：新增 Sora 平台配置、账号管理和监控界面 - 配置：新增 Sora 相关配置项和环境变量 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-01-29 16:18:38 +08:00			`package service`

			`import (`
			`"context"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"net/url"`
			`"os"`
			`"path"`
			`"path/filepath"`
			`"strings"`
			`"time"`

			`"github.com/Wei-Shaw/sub2api/internal/config"`
			`"github.com/Wei-Shaw/sub2api/internal/pkg/uuidv7"`
			`"github.com/Wei-Shaw/sub2api/internal/util/urlvalidator"`
			`)`

			`// SoraCacheService 提供 Sora 视频缓存能力。`
			`type SoraCacheService struct {`
			`cfg *config.Config`
			`cacheRepo SoraCacheFileRepository`
			`settingService *SettingService`
			`accountRepo AccountRepository`
			`httpUpstream HTTPUpstream`
			`}`

			`// NewSoraCacheService 创建 SoraCacheService。`
			`func NewSoraCacheService(cfg config.Config, cacheRepo SoraCacheFileRepository, settingService SettingService, accountRepo AccountRepository, httpUpstream HTTPUpstream) *SoraCacheService {`
			`return &SoraCacheService{`
			`cfg: cfg,`
			`cacheRepo: cacheRepo,`
			`settingService: settingService,`
			`accountRepo: accountRepo,`
			`httpUpstream: httpUpstream,`
			`}`
			`}`

			`func (s SoraCacheService) CacheVideo(ctx context.Context, accountID, userID int64, taskID, mediaURL string) (SoraCacheFile, error) {`
			`cfg := s.getSoraConfig(ctx)`
			`if !cfg.Cache.Enabled {`
			`return nil, nil`
			`}`
			`trimmed := strings.TrimSpace(mediaURL)`
			`if trimmed == "" {`
			`return nil, nil`
			`}`

			`allowedHosts := cfg.Cache.AllowedHosts`
			`useAllowlist := true`
			`if len(allowedHosts) == 0 {`
			`if s.cfg != nil {`
			`allowedHosts = s.cfg.Security.URLAllowlist.UpstreamHosts`
			`useAllowlist = s.cfg.Security.URLAllowlist.Enabled`
			`} else {`
			`useAllowlist = false`
			`}`
			`}`

			`if useAllowlist {`
			`if _, err := urlvalidator.ValidateHTTPSURL(trimmed, urlvalidator.ValidationOptions{`
			`AllowedHosts: allowedHosts,`
			`RequireAllowlist: true,`
			`AllowPrivate: s.cfg != nil && s.cfg.Security.URLAllowlist.AllowPrivateHosts,`
			`}); err != nil {`
			`return nil, fmt.Errorf("缓存下载地址不合法: %w", err)`
			`}`
			`} else {`
			`allowInsecure := false`
			`if s.cfg != nil {`
			`allowInsecure = s.cfg.Security.URLAllowlist.AllowInsecureHTTP`
			`}`
			`if _, err := urlvalidator.ValidateURLFormat(trimmed, allowInsecure); err != nil {`
			`return nil, fmt.Errorf("缓存下载地址不合法: %w", err)`
			`}`
			`}`

			`videoDir := strings.TrimSpace(cfg.Cache.VideoDir)`
			`if videoDir == "" {`
			`return nil, nil`
			`}`

			`if cfg.Cache.MaxBytes > 0 {`
			`size, err := dirSize(videoDir)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if size >= cfg.Cache.MaxBytes {`
			`return nil, nil`
			`}`
			`}`

			`relativeDir := ""`
			`if cfg.Cache.UserDirEnabled && userID > 0 {`
			`relativeDir = fmt.Sprintf("u_%d", userID)`
			`}`

			`targetDir := filepath.Join(videoDir, relativeDir)`
			`if err := os.MkdirAll(targetDir, 0o755); err != nil {`
			`return nil, err`
			`}`

			`uuid, err := uuidv7.New()`
			`if err != nil {`
			`return nil, err`
			`}`

			`name := deriveFileName(trimmed)`
			`if name == "" {`
			`name = "video.mp4"`
			`}`
			`name = sanitizeFileName(name)`
			`filename := uuid + "_" + name`
			`cachePath := filepath.Join(targetDir, filename)`

			`resp, err := s.downloadMedia(ctx, accountID, trimmed, time.Duration(cfg.Timeout)*time.Second)`
			`if err != nil {`
			`return nil, err`
			`}`
			`defer resp.Body.Close()`
			`if resp.StatusCode < 200 \|\| resp.StatusCode >= 300 {`
			`return nil, fmt.Errorf("缓存下载失败: %d", resp.StatusCode)`
			`}`

			`out, err := os.Create(cachePath)`
			`if err != nil {`
			`return nil, err`
			`}`
			`defer out.Close()`

			`written, err := io.Copy(out, resp.Body)`
			`if err != nil {`
			`return nil, err`
			`}`

			`cacheURL := buildCacheURL(relativeDir, filename)`

			`record := &SoraCacheFile{`
			`TaskID: taskID,`
			`AccountID: accountID,`
			`UserID: userID,`
			`MediaType: "video",`
			`OriginalURL: trimmed,`
			`CachePath: cachePath,`
			`CacheURL: cacheURL,`
			`SizeBytes: written,`
			`CreatedAt: time.Now(),`
			`}`
			`if s.cacheRepo != nil {`
			`if err := s.cacheRepo.Create(ctx, record); err != nil {`
			`return nil, err`
			`}`
			`}`
			`return record, nil`
			`}`

			`func buildCacheURL(relativeDir, filename string) string {`
			`base := "/data/video"`
			`if relativeDir != "" {`
			`return path.Join(base, relativeDir, filename)`
			`}`
			`return path.Join(base, filename)`
			`}`

			`func (s *SoraCacheService) getSoraConfig(ctx context.Context) config.SoraConfig {`
			`if s.settingService != nil {`
			`return s.settingService.GetSoraConfig(ctx)`
			`}`
			`if s.cfg != nil {`
			`return s.cfg.Sora`
			`}`
			`return config.SoraConfig{}`
			`}`

			`func (s SoraCacheService) downloadMedia(ctx context.Context, accountID int64, mediaURL string, timeout time.Duration) (http.Response, error) {`
			`if timeout <= 0 {`
			`timeout = 120 * time.Second`
			`}`
			`ctx, cancel := context.WithTimeout(ctx, timeout)`
			`defer cancel()`

			`req, err := http.NewRequestWithContext(ctx, "GET", mediaURL, nil)`
			`if err != nil {`
			`return nil, err`
			`}`
			`req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36")`

			`if s.httpUpstream == nil {`
			`client := &http.Client{Timeout: timeout}`
			`return client.Do(req)`
			`}`

			`var accountConcurrency int`
			`proxyURL := ""`
			`if s.accountRepo != nil && accountID > 0 {`
			`account, err := s.accountRepo.GetByID(ctx, accountID)`
			`if err == nil && account != nil {`
			`accountConcurrency = account.Concurrency`
			`if account.Proxy != nil {`
			`proxyURL = account.Proxy.URL()`
			`}`
			`}`
			`}`
			`enableTLS := false`
			`if s.cfg != nil {`
			`enableTLS = s.cfg.Gateway.TLSFingerprint.Enabled`
			`}`
			`return s.httpUpstream.DoWithTLS(req, proxyURL, accountID, accountConcurrency, enableTLS)`
			`}`

			`func deriveFileName(rawURL string) string {`
			`parsed, err := url.Parse(rawURL)`
			`if err != nil {`
			`return ""`
			`}`
			`name := path.Base(parsed.Path)`
			`if name == "/" \|\| name == "." {`
			`return ""`
			`}`
			`return name`
			`}`

			`func sanitizeFileName(name string) string {`
			`name = strings.TrimSpace(name)`
			`if name == "" {`
			`return ""`
			`}`
			`sanitized := strings.Map(func(r rune) rune {`
			`switch {`
			`case r >= 'a' && r <= 'z':`
			`return r`
			`case r >= 'A' && r <= 'Z':`
			`return r`
			`case r >= '0' && r <= '9':`
			`return r`
			`case r == '-' \|\| r == '_' \|\| r == '.':`
			`return r`
			`case r == ' ': // 空格替换为下划线`
			`return '_'`
			`default:`
			`return -1`
			`}`
			`}, name)`
			`return strings.TrimLeft(sanitized, ".")`
			`}`