From 04ad3c29f4cdeb1279b61c0771d699259362a240 Mon Sep 17 00:00:00 2001 From: Wu Qing <3184394176@qq.com> Date: Wed, 27 May 2026 00:49:27 +0800 Subject: [PATCH] =?UTF-8?q?feat(verify):=20=E9=AA=8C=E8=AF=81=E6=B5=81?= =?UTF-8?q?=E7=A8=8B=E5=90=8C=E6=A0=B7=E6=AF=94=E5=AF=B9=E5=A4=87=E4=BB=BD?= =?UTF-8?q?=20SHA-256=EF=BC=8C=E5=AF=B9=E9=BD=90=E6=81=A2=E5=A4=8D?= =?UTF-8?q?=E8=B7=AF=E5=BE=84=E5=BC=BA=E5=BA=A6=20(#77)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 验证流程在解压前比对下载对象的 SHA-256(复用恢复路径实现),移除 verifyByType 失效的 checksum 形参。备份/恢复/验证三路径完整性校验一致。 --- .../internal/service/verification_service.go | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/server/internal/service/verification_service.go b/server/internal/service/verification_service.go index d8cdcc2..4350d8c 100644 --- a/server/internal/service/verification_service.go +++ b/server/internal/service/verification_service.go @@ -316,14 +316,26 @@ func (s *VerificationService) executeLocally(ctx context.Context, verID uint, ta logger.Errorf("写入沙箱失败:%v", err) return } + // 完整性校验:先比对下载对象的 SHA-256(外层对象,与备份记录一致),再做结构校验。 + // 与恢复路径保持一致的强度;早期无 checksum 的备份跳过(向后兼容)。 + if backupRecord.Checksum != "" { + logger.Infof("校验备份完整性(SHA-256)") + if csErr := verifyArtifactChecksum(artifactPath, backupRecord.Checksum); csErr != nil { + errMessage = csErr.Error() + summary = "完整性校验失败" + logger.Errorf("完整性校验失败:%v", csErr) + return + } + logger.Infof("完整性校验通过") + } preparedPath, err := s.prepareArtifact(artifactPath, logger) if err != nil { errMessage = err.Error() logger.Errorf("准备归档失败:%v", err) return } - // 按任务类型分派校验 - report, verifyErr := s.verifyByType(task.Type, preparedPath, backupRecord.Checksum, logger) + // 按任务类型做结构校验(外层 SHA-256 已在上方单独校验)。 + report, verifyErr := s.verifyByType(task.Type, preparedPath, logger) if verifyErr != nil { errMessage = verifyErr.Error() if report != nil && report.Detail != "" { @@ -344,8 +356,8 @@ func (s *VerificationService) prepareArtifact(artifactPath string, logger *backu return prepareBackupArtifact(s.cipher, artifactPath, logger) } -// verifyByType 按任务类型分派到对应 Verify* 策略。 -func (s *VerificationService) verifyByType(taskType, artifactPath, checksum string, logger *backup.ExecutionLogger) (*backup.VerifyReport, error) { +// verifyByType 按任务类型分派到对应 Verify* 结构校验策略(不含 SHA-256 比对)。 +func (s *VerificationService) verifyByType(taskType, artifactPath string, logger *backup.ExecutionLogger) (*backup.VerifyReport, error) { switch strings.ToLower(strings.TrimSpace(taskType)) { case "file": logger.Infof("执行文件归档校验")