fix(Sora): 加固直连安全与下载限制

补充图片输入 SSRF 防护与重定向限制\n增加媒体下载超时/大小上限配置并更新示例\n完善 recent_tasks 轮询回退策略与相关测试\n\n测试: go test ./... -tags=unit
2026-02-01 22:10:15 +08:00
parent dcf5f60237
commit 99250ec527
8 changed files with 301 additions and 13 deletions
--- a/backend/internal/service/sora_gateway_service_test.go
+++ b/backend/internal/service/sora_gateway_service_test.go
@@ -97,3 +97,16 @@ func TestSoraGatewayService_BuildSoraMediaURLSigned(t *testing.T) {
 	require.Contains(t, url, "expires=")
 	require.Contains(t, url, "sig=")
 }
+
+func TestDecodeSoraImageInput_BlockPrivateURL(t *testing.T) {
+	_, _, err := decodeSoraImageInput(context.Background(), "http://127.0.0.1/internal.png")
+	require.Error(t, err)
+}
+
+func TestDecodeSoraImageInput_DataURL(t *testing.T) {
+	encoded := "data:image/png;base64,aGVsbG8="
+	data, filename, err := decodeSoraImageInput(context.Background(), encoded)
+	require.NoError(t, err)
+	require.NotEmpty(t, data)
+	require.Contains(t, filename, ".png")
+}