From 1bb82af5aec0ed9dd4bc0994a7d4bc837ffb777c Mon Sep 17 00:00:00 2001
From: Darren Yu <YDL@YUDONGLING.NET>
Date: Sat, 13 Sep 2025 13:57:16 +0800
Subject: [PATCH] fix(blob path): validate save path to ensure unique physical
 save path

---
 pkg/filemanager/fs/dbfs/upload.go | 26 +++++++++++++++++++++++---
 service/explorer/file.go          |  2 +-
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/pkg/filemanager/fs/dbfs/upload.go b/pkg/filemanager/fs/dbfs/upload.go
index 6ede4076..8ce4d936 100644
--- a/pkg/filemanager/fs/dbfs/upload.go
+++ b/pkg/filemanager/fs/dbfs/upload.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"math"
 	"path"
+	"strings"
 	"time"
 
 	"github.com/cloudreve/Cloudreve/v4/ent"
@@ -139,7 +140,27 @@ func (f *DBFS) PrepareUpload(ctx context.Context, req *fs.UploadRequest, opts ..
 		return nil, err
 	}
 
-	// Generate save path by storage policy
+	// Check and generate save path by storage policy
+	mustContain := []string{"{randomkey16}", "{randomkey8}", "{uuid}"}
+	hasRandomElement := false
+	for _, c := range mustContain {
+		if strings.Contains(policy.FileNameRule, c) {
+			hasRandomElement = true
+			break
+		}
+
+		if strings.Contains(policy.DirNameRule, c) {
+			hasRandomElement = true
+			break
+		}
+	}
+	if !hasRandomElement {
+		if policy.DirNameRule == "" {
+			policy.DirNameRule = "uploads/{uid}/{path}"
+		}
+		policy.FileNameRule = "{uid}_{randomkey8}_{originname}"
+	}
+
 	isThumbnailAndPolicyNotAvailable := policy.ID != ancestor.Model.StoragePolicyFiles &&
 		(req.Props.EntityType != nil && *req.Props.EntityType == types.EntityTypeThumbnail) &&
 		req.ImportFrom == nil
@@ -147,9 +168,8 @@ func (f *DBFS) PrepareUpload(ctx context.Context, req *fs.UploadRequest, opts ..
 		req.Props.SavePath = generateSavePath(policy, req, f.user)
 		if isThumbnailAndPolicyNotAvailable {
 			req.Props.SavePath = fmt.Sprintf(
-				"%s.%s%s",
+				"%s%s",
 				req.Props.SavePath,
-				util.RandStringRunes(16),
 				f.settingClient.ThumbEntitySuffix(ctx))
 		}
 	}
diff --git a/service/explorer/file.go b/service/explorer/file.go
index 05120b84..0532c0d0 100644
--- a/service/explorer/file.go
+++ b/service/explorer/file.go
@@ -26,7 +26,7 @@ import (
 	"github.com/samber/lo"
 )
 
-// SingleFileService 对单文件进行操作的五福，path为文件完整路径
+// SingleFileService 对单文件进行操作的服务，path为文件完整路径
 type SingleFileService struct {
 	Path string `uri:"path" json:"path" binding:"required,min=1,max=65535"`
 }