内容安全

pom.xml

@@ -451,6 +451,12 @@
             <artifactId>tea</artifactId>
             <version>1.1.14</version>
         </dependency>
+
+        <dependency>
+            <groupId>com.aliyun</groupId>
+            <artifactId>aliyun-java-sdk-green</artifactId>
+            <version>3.6.5</version>
+        </dependency>
     </dependencies>
 
 </project>

src/main/java/com/izouma/nineth/converter/EncryptConverter.java

@@ -0,0 +1,37 @@
+package com.izouma.nineth.converter;
+
+import com.izouma.nineth.utils.AESEncryptUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+@Converter
+@Slf4j
+public class EncryptConverter implements AttributeConverter<String, String> {
+
+    @Override
+    public String convertToDatabaseColumn(String s) {
+        if (StringUtils.isNotBlank(s)) {
+            try {
+                return AESEncryptUtil.encrypt(s);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        return s;
+    }
+
+    @Override
+    public String convertToEntityAttribute(String s) {
+        if (StringUtils.isNotBlank(s)) {
+            try {
+                return AESEncryptUtil.decrypt(s);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        return s;
+    }
+}

src/main/java/com/izouma/nineth/service/ContentAuditService.java

@@ -0,0 +1,90 @@
+package com.izouma.nineth.service;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.aliyuncs.DefaultAcsClient;
+import com.aliyuncs.IAcsClient;
+import com.aliyuncs.green.model.v20180509.TextScanRequest;
+import com.aliyuncs.http.FormatType;
+import com.aliyuncs.http.HttpResponse;
+import com.aliyuncs.profile.DefaultProfile;
+import com.aliyuncs.profile.IClientProfile;
+import com.izouma.nineth.config.AliyunProperties;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+
+@Service
+@Slf4j
+@AllArgsConstructor
+public class ContentAuditService {
+    private AliyunProperties aliyunProperties;
+
+    public boolean auditText(String content) {
+        if (StringUtils.isBlank(content)) return true;
+        IClientProfile profile = DefaultProfile.getProfile("cn-shenzhen",
+                aliyunProperties.getAccessKeyId(), aliyunProperties.getAccessKeySecret());
+        DefaultProfile.addEndpoint("cn-shenzhen", "Green", "green.cn-shenzhen.aliyuncs.com");
+        IAcsClient client = new DefaultAcsClient(profile);
+        TextScanRequest textScanRequest = new TextScanRequest();
+        textScanRequest.setAcceptFormat(FormatType.JSON);
+        textScanRequest.setHttpContentType(FormatType.JSON);
+        textScanRequest.setMethod(com.aliyuncs.http.MethodType.POST);
+        textScanRequest.setEncoding("UTF-8");
+        textScanRequest.setRegionId("cn-shenzhen");
+        List<Map<String, Object>> tasks = new ArrayList<>();
+        Map<String, Object> task1 = new LinkedHashMap<>();
+        task1.put("dataId", UUID.randomUUID().toString());
+
+
+        task1.put("content", content);
+        tasks.add(task1);
+        JSONObject data = new JSONObject();
+
+        data.put("scenes", List.of("antispam"));
+        data.put("tasks", tasks);
+        textScanRequest.setHttpContent(data.toJSONString().getBytes(StandardCharsets.UTF_8), "UTF-8", FormatType.JSON);
+        textScanRequest.setConnectTimeout(3000);
+        textScanRequest.setReadTimeout(6000);
+        try {
+            HttpResponse httpResponse = client.doAction(textScanRequest);
+            if (httpResponse.isSuccess()) {
+                JSONObject scrResponse = JSON.parseObject(new String(httpResponse.getHttpContent(), StandardCharsets.UTF_8));
+                log.info(JSON.toJSONString(scrResponse, true));
+                if (200 == scrResponse.getInteger("code")) {
+                    JSONArray taskResults = scrResponse.getJSONArray("data");
+                    for (Object taskResult : taskResults) {
+                        if (200 == ((JSONObject) taskResult).getInteger("code")) {
+                            JSONArray sceneResults = ((JSONObject) taskResult).getJSONArray("results");
+                            for (Object sceneResult : sceneResults) {
+                                String scene = ((JSONObject) sceneResult).getString("scene");
+                                String suggestion = ((JSONObject) sceneResult).getString("suggestion");
+                                // 根据scene和suggetion做相关处理。
+                                // suggestion为pass表示未命中垃圾。suggestion为block表示命中了垃圾，可以通过label字段查看命中的垃圾分类。
+                                log.info("scene = [" + scene + "]");
+                                log.info("suggestion = [" + suggestion + "]");
+                                if ("block".equals(suggestion)) {
+                                    return false;
+                                }
+                            }
+                        } else {
+                            log.info("task process fail:" + ((JSONObject) taskResult).getInteger("code"));
+                        }
+                    }
+                } else {
+                    log.info("detect not success. code:" + scrResponse.getInteger("code"));
+                }
+            } else {
+                log.info("response not success. status:" + httpResponse.getStatus());
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return true;
+    }
+}

src/main/java/com/izouma/nineth/service/UserService.java

@@ -89,6 +89,7 @@ public class UserService {
     private PasswordEncoder               passwordEncoder;
     private WeakPassRepo                  weakPassRepo;
     private UserBalanceRepo               userBalanceRepo;
+    private ContentAuditService           contentAuditService;
 
     public User update(User user) {
         if (!SecurityUtils.hasRole(AuthorityName.ROLE_ADMIN)) {
@@ -122,6 +123,11 @@ public class UserService {
                        Boolean useCollectionPic, Boolean riskWarning, Integer level) {
         User user = userRepo.findById(userId).orElseThrow(new BusinessException("用户不存在"));
         if (StringUtils.isNotBlank(nickname)) {
+            if (!user.getNickname().equals(nickname)) {
+                if (!contentAuditService.auditText(nickname)) {
+                    throw new BusinessException("昵称包含非法内容");
+                }
+            }
             user.setNickname(nickname);
         }
         if (StringUtils.isNotBlank(avatar)) {
@@ -134,6 +140,11 @@ public class UserService {
             user.setBg(bg);
         }
         if (StringUtils.isNotBlank(intro)) {
+            if (!user.getIntro().equals(intro)) {
+                if (!contentAuditService.auditText(nickname)) {
+                    throw new BusinessException("简介包含非法内容");
+                }
+            }
             user.setIntro(intro);
         }
         if (useCollectionPic != null) {

src/test/java/com/izouma/nineth/ContentAuditTest.java

@@ -0,0 +1,89 @@
+package com.izouma.nineth;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.aliyuncs.DefaultAcsClient;
+import com.aliyuncs.IAcsClient;
+import com.aliyuncs.exceptions.ClientException;
+import com.aliyuncs.exceptions.ServerException;
+import com.aliyuncs.green.model.v20180509.TextScanRequest;
+import com.aliyuncs.http.FormatType;
+import com.aliyuncs.http.HttpResponse;
+import com.aliyuncs.profile.DefaultProfile;
+import com.aliyuncs.profile.IClientProfile;
+import org.junit.Test;
+
+import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+
+public class ContentAuditTest {
+
+    @Test
+    public void testText() {
+        IClientProfile profile = DefaultProfile
+                .getProfile("cn-shenzhen", "LTAI5tPoBCiEMSDaS1Q4HKr9", "F8ZNiqdH35T7gikBkn6Fq8tgbvdY88");
+        DefaultProfile
+                .addEndpoint("cn-shenzhen", "Green", "green.cn-shanghai.aliyuncs.com");
+        IAcsClient client = new DefaultAcsClient(profile);
+        TextScanRequest textScanRequest = new TextScanRequest();
+        textScanRequest.setAcceptFormat(FormatType.JSON); // 指定API返回格式。
+        textScanRequest.setHttpContentType(FormatType.JSON);
+        textScanRequest.setMethod(com.aliyuncs.http.MethodType.POST); // 指定请求方法。
+        textScanRequest.setEncoding("UTF-8");
+        textScanRequest.setRegionId("cn-shenzhen");
+        List<Map<String, Object>> tasks = new ArrayList<>();
+        Map<String, Object> task1 = new LinkedHashMap<>();
+        task1.put("dataId", UUID.randomUUID().toString());
+        /**
+         * 待检测的文本，长度不超过10000个字符。
+         */
+        task1.put("content", "我操你妈逼");
+        tasks.add(task1);
+        JSONObject data = new JSONObject();
+
+        /**
+         * 检测场景。文本垃圾检测请传递antispam。
+         **/
+        data.put("scenes", Arrays.asList("antispam"));
+        data.put("tasks", tasks);
+        data.put("bizType", "recommend_standard_template_01");
+        System.out.println(JSON.toJSONString(data, true));
+        textScanRequest.setHttpContent(data.toJSONString().getBytes(StandardCharsets.UTF_8), "UTF-8", FormatType.JSON);
+        // 请务必设置超时时间。
+        textScanRequest.setConnectTimeout(3000);
+        textScanRequest.setReadTimeout(6000);
+        try {
+            HttpResponse httpResponse = client.doAction(textScanRequest);
+            if (httpResponse.isSuccess()) {
+                JSONObject scrResponse = JSON.parseObject(new String(httpResponse.getHttpContent(), StandardCharsets.UTF_8));
+                System.out.println(JSON.toJSONString(scrResponse, true));
+                if (200 == scrResponse.getInteger("code")) {
+                    JSONArray taskResults = scrResponse.getJSONArray("data");
+                    for (Object taskResult : taskResults) {
+                        if (200 == ((JSONObject) taskResult).getInteger("code")) {
+                            JSONArray sceneResults = ((JSONObject) taskResult).getJSONArray("results");
+                            for (Object sceneResult : sceneResults) {
+                                String scene = ((JSONObject) sceneResult).getString("scene");
+                                String suggestion = ((JSONObject) sceneResult).getString("suggestion");
+                                // 根据scene和suggetion做相关处理。
+                                // suggestion为pass表示未命中垃圾。suggestion为block表示命中了垃圾，可以通过label字段查看命中的垃圾分类。
+                                System.out.println("args = [" + scene + "]");
+                                System.out.println("args = [" + suggestion + "]");
+                            }
+                        } else {
+                            System.out.println("task process fail:" + ((JSONObject) taskResult).getInteger("code"));
+                        }
+                    }
+                } else {
+                    System.out.println("detect not success. code:" + scrResponse.getInteger("code"));
+                }
+            } else {
+                System.out.println("response not success. status:" + httpResponse.getStatus());
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}