fix(oss): preview image passes token in URL

apps/vue/src/api/oss-management/oss.ts

@@ -48,6 +48,8 @@ export const downloadBlob = (bucket: string, path: string, object: string) => {
       accept: 'application/json',
     },
     responseType: 'blob',
+  }, {
+    apiUrl: '/api'
   });
 };
 

apps/vue/src/views/oss-management/objects/components/OssPreviewModal.vue

@@ -15,7 +15,8 @@
   import { ImagePreview } from '/@/components/Preview';
   import { BasicModal, useModalInner } from '/@/components/Modal';
   import { OssObject } from '/@/api/oss-management/model/ossModel';
-  import { downloadBlob } from '/@/api/oss-management/oss';
+  import { generateOssUrl } from '/@/api/oss-management/oss';
+  import { useUserStoreWithOut } from '/@/store/modules/user';
 
   export default defineComponent({
     name: 'OssPreviewModal',
@@ -29,21 +30,14 @@
         bucket.value = data.bucket;
         objects.value = data.objects;
       });
+      const userStore = useUserStoreWithOut();
 
       watch(
         () => unref(objects),
-        async (objs) => {
-          previewImages.value = [];
-          const images: any[] = [];
-          for (let i = 0; i < objs.length; i++) {
-            const blob = await downloadBlob(unref(bucket), objs[i].path, objs[i].name);
-            images.push({
-              src: URL.createObjectURL(blob),
-              width: '100%',
-              height: '100%',
-            });
-          }
-          previewImages.value = images;
+        (objs) => {
+          previewImages.value = objs.map(x => {
+            return generateOssUrl(unref(bucket), x.path, x.name) + "?access_token=" + userStore.getToken;
+          });
         },
       );
 

aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs

@@ -15,6 +15,7 @@ using System;
 using System.IO;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
+using System.Threading.Tasks;
 using Volo.Abp;
 using Volo.Abp.Auditing;
 using Volo.Abp.BlobStoring;
@@ -258,6 +259,20 @@ public partial class PlatformManagementHttpApiHostModule
                 options.Authority = configuration["AuthServer:Authority"];
                 options.RequireHttpsMetadata = false;
                 options.Audience = configuration["AuthServer:ApiName"];
+                options.Events = new JwtBearerEvents
+                {
+                    OnMessageReceived = context =>
+                    {
+                        var accessToken = context.Request.Query["access_token"];
+                        var path = context.HttpContext.Request.Path;
+                        if (!string.IsNullOrEmpty(accessToken) &&
+                            (path.StartsWithSegments("/api/files")))
+                        {
+                            context.Token = accessToken;
+                        }
+                        return Task.CompletedTask;
+                    }
+                };
             });
 
         if (!isDevelopment)