fix(Sora): 加固直连安全与下载限制

补充图片输入 SSRF 防护与重定向限制\n增加媒体下载超时/大小上限配置并更新示例\n完善 recent_tasks 轮询回退策略与相关测试\n\n测试: go test ./... -tags=unit
2026-02-01 22:10:15 +08:00
parent dcf5f60237
commit 99250ec527
8 changed files with 301 additions and 13 deletions
--- a/backend/internal/service/sora_media_storage_test.go
+++ b/backend/internal/service/sora_media_storage_test.go
@@ -67,3 +67,27 @@ func TestSoraMediaStorage_FallbackToUpstream(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, []string{url}, urls)
 }
+
+func TestSoraMediaStorage_MaxDownloadBytes(t *testing.T) {
+	tmpDir := t.TempDir()
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "image/png")
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("too-large"))
+	}))
+	defer server.Close()
+
+	cfg := &config.Config{
+		Sora: config.SoraConfig{
+			Storage: config.SoraStorageConfig{
+				Type:             "local",
+				LocalPath:        tmpDir,
+				MaxDownloadBytes: 1,
+			},
+		},
+	}
+
+	storage := NewSoraMediaStorage(cfg)
+	_, err := storage.StoreFromURLs(context.Background(), "image", []string{server.URL + "/img.png"})
+	require.Error(t, err)
+}