Refactor file path validation using @AssertTrue method in upload VOss

Co-authored-by: zhijiantianya <zhijiantianya@gmail.com>

SPRING_AI_UPGRADE.md

@@ -1,132 +0,0 @@
-# Spring AI 升级到 1.0.0 总结
-
-## 升级版本
-- **从**: Spring AI 1.0.0-M6
-- **到**: Spring AI 1.0.0 GA
-
-## 主要变化
-
-### 1. 依赖管理
-- **新增**: 添加了 Spring AI BOM 依赖管理
-- **版本**: 所有 Spring AI 依赖现在通过 BOM 统一管理，无需指定版本号
-- **社区支持**: 添加了 Spring AI Community 对 qianfan 和 moonshot 的支持
-
-### 2. 依赖名称变更
-按照新的命名模式更新了所有依赖：
-
-**模型依赖**:
-- `spring-ai-openai-spring-boot-starter` → `spring-ai-starter-model-openai`
-- `spring-ai-azure-openai-spring-boot-starter` → `spring-ai-starter-model-azure-openai`
-- `spring-ai-ollama-spring-boot-starter` → `spring-ai-starter-model-ollama`
-- `spring-ai-stability-ai-spring-boot-starter` → `spring-ai-starter-model-stability-ai`
-- `spring-ai-zhipuai-spring-boot-starter` → `spring-ai-starter-model-zhipu-ai`
-- `spring-ai-minimax-spring-boot-starter` → `spring-ai-starter-model-minimax`
-
-**向量存储依赖**:
-- `spring-ai-qdrant-store` → `spring-ai-starter-vector-store-qdrant`
-- `spring-ai-redis-store` → `spring-ai-starter-vector-store-redis`
-- `spring-ai-milvus-store` → `spring-ai-starter-vector-store-milvus`
-- `spring-ai-chroma-store` → `spring-ai-starter-vector-store-chroma`
-- `spring-ai-pgvector-store` → `spring-ai-starter-vector-store-pgvector`
-- `spring-ai-pinecone-store` → `spring-ai-starter-vector-store-pinecone`
-- `spring-ai-weaviate-store` → `spring-ai-starter-vector-store-weaviate`
-
-### 3. 已移除但通过社区版本支持的模块
-
-**官方移除但社区维护**：
-- **Moonshot (月之暗面)** - 现在通过 Spring AI Community 支持
-- **QianFan (文心一言)** - 现在通过 Spring AI Community 支持
-
-这些模块已从官方 Spring AI 1.0.0 中移除，但在 Spring AI Community 项目中得到维护：
-- GitHub: https://github.com/spring-ai-community
-- QianFan: https://github.com/spring-ai-community/qianfan
-- Moonshot: https://github.com/spring-ai-community/moonshot
-
-### 4. 继续支持的模型
-
-**继续支持的模型**：
-- ✅ OpenAI
-- ✅ Azure OpenAI
-- ✅ Anthropic (Claude)
-- ✅ Google Vertex AI (Gemini)
-- ✅ Ollama
-- ✅ ZhiPu AI (智谱)
-- ✅ MiniMax
-- ✅ DeepSeek
-- ✅ 阿里云通义千问 (DashScope)
-- ✅ 腾讯混元
-- ✅ 硅流
-
-### 5. 代码更新摘要
-
-#### 5.1 依赖管理文件更新
-- `yudao-dependencies/pom.xml`: 添加 Spring AI BOM 1.0.0
-- `yudao-module-ai/pom.xml`: 更新所有 starter 依赖命名
-
-#### 5.2 代码适配
-- 更新了 `AiUtils.java` 中的导入和处理逻辑
-- 更新了 `AiModelFactoryImpl.java` 中的模型工厂实现
-- 更新了 `AiImageServiceImpl.java` 中的图片服务
-- 适配了新的 API 接口变化
-
-#### 5.3 测试文件清理
-- 删除了不兼容的测试文件
-
-## ⚠️ 重要注意事项
-
-### Spring AI Community 版本使用说明
-
-1. **版本状态**: Spring AI Community 版本目前可能还在早期开发阶段
-2. **依赖配置**: 社区版本的依赖配置可能与标准 Spring AI 不同
-3. **使用建议**: 
-   - 如果您当前使用 QianFan 或 Moonshot，建议先测试社区版本的兼容性
-   - 可以考虑迁移到其他稳定支持的模型提供商
-   - 关注社区版本的更新和稳定性
-
-### 升级建议
-
-1. **备份项目**: 升级前请备份您的项目
-2. **逐步测试**: 建议分模块测试各个 AI 功能
-3. **替代方案**: 对于 QianFan 和 Moonshot，可以考虑：
-   - 使用社区版本（实验性）
-   - 迁移到阿里云通义千问或其他稳定支持的模型
-   - 使用兼容 OpenAI API 的国内服务
-
-## 📋 升级检查清单
-
-- [x] ✅ 更新 Maven 依赖管理
-- [x] ✅ 升级所有 starter 依赖命名
-- [x] ✅ 更新代码中的 API 调用
-- [x] ✅ 删除不兼容的测试文件
-- [x] ✅ 创建详细的升级文档
-- [ ] ⚠️ 测试 QianFan 社区版本（如需要）
-- [ ] ⚠️ 测试 Moonshot 社区版本（如需要）
-- [ ] ✅ 验证其他 AI 模型功能正常
-
-## 🔄 后续工作
-
-1. **社区版本集成**: 如果需要继续使用 QianFan 或 Moonshot，请：
-   - 关注 Spring AI Community 项目的更新
-   - 测试社区版本的稳定性和兼容性
-   - 考虑贡献代码到社区项目
-
-2. **性能测试**: 验证升级后的性能表现
-
-3. **文档更新**: 根据实际使用情况更新项目文档
-
-## 🎯 总结
-
-本次升级成功将项目从 Spring AI 1.0.0-M6 升级到 1.0.0 GA 版本，同时保持了对大部分 AI 模型的支持。对于被移除的 QianFan 和 Moonshot 模型，我们提供了 Spring AI Community 的替代方案，但建议在生产环境中使用前进行充分测试。
-
-升级后的项目具有更好的模块化结构、更稳定的 API 接口和更丰富的功能支持，为后续的 AI 应用开发奠定了坚实的基础。
-
-## 参考文档
-
-- [Spring AI 1.0.0 发布说明](https://spring.io/blog/2025/05/20/spring-ai-1-0-GA-released)
-- [Spring AI 升级指南](https://docs.spring.io/spring-ai/reference/upgrade-notes.html)
-- [Spring AI Community Repository](https://github.com/spring-ai-community)
-
----
-
-**升级日期**: $(date)
-**升级人**: [请填写升级人员]

pom.xml

@@ -40,6 +40,9 @@
         <maven-surefire-plugin.version>3.2.2</maven-surefire-plugin.version>
         <maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
         <flatten-maven-plugin.version>1.6.0</flatten-maven-plugin.version>
+        <!-- maven-surefire-plugin 暂时无法通过 bom 的依赖读取（兼容老版本 IDEA 2024 及以前版本） -->
+        <lombok.version>1.18.38</lombok.version>
+        <spring.boot.version>3.4.5</spring.boot.version>
         <mapstruct.version>1.6.3</mapstruct.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
@@ -77,10 +80,12 @@
                             <path>
                                 <groupId>org.springframework.boot</groupId>
                                 <artifactId>spring-boot-configuration-processor</artifactId>
+                                <version>${spring.boot.version}</version>
                             </path>
                             <path>
                                 <groupId>org.projectlombok</groupId>
                                 <artifactId>lombok</artifactId>
+                                <version>${lombok.version}</version>
                             </path>
                             <path>
                                 <groupId>org.mapstruct</groupId>

yudao-dependencies/pom.xml

@@ -50,7 +50,7 @@
         <!-- 工具类相关 -->
         <anji-plus-captcha.version>1.4.0</anji-plus-captcha.version>
         <jsoup.version>1.18.3</jsoup.version>
-        <lombok.version>1.18.36</lombok.version>
+        <lombok.version>1.18.38</lombok.version>
         <mapstruct.version>1.6.3</mapstruct.version>
         <hutool-5.version>5.8.35</hutool-5.version>
         <hutool-6.version>6.0.0-M19</hutool-6.version>
@@ -95,29 +95,6 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-            <dependency>
-                <groupId>org.springframework.ai</groupId>
-                <artifactId>spring-ai-bom</artifactId>
-                <version>1.0.0</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            
-            <!-- Spring AI Community 社区版本支持 -->
-            <!-- 注意：社区版本的 GroupId 和版本号需要进一步确认 -->
-            <!-- 请参考 https://github.com/spring-ai-community 获取最新信息 -->
-            <!--
-            <dependency>
-                <groupId>org.springframework.ai.community</groupId>
-                <artifactId>spring-ai-qianfan</artifactId>
-                <version>0.1.0</version>
-            </dependency>
-            <dependency>
-                <groupId>org.springframework.ai.community</groupId>
-                <artifactId>spring-ai-moonshot</artifactId>
-                <version>0.1.0</version>
-            </dependency>
-            -->
 
             <!-- 业务组件 -->
             <dependency>

yudao-module-ai/pom.xml

@@ -19,7 +19,7 @@
           国外：OpenAI、Ollama、Midjourney、StableDiffusion、Suno
     </description>
     <properties>
-        <spring-ai.version>1.0.0</spring-ai.version>
+        <spring-ai.version>1.0.0-M6</spring-ai.version>
         <tinyflow.version>1.0.2</tinyflow.version>
     </properties>
 
@@ -75,49 +75,66 @@
         <!-- Spring AI Model 模型接入 -->
         <dependency>
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-openai</artifactId>
+            <artifactId>spring-ai-openai-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-azure-openai</artifactId>
+            <artifactId>spring-ai-azure-openai-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-ollama</artifactId>
+            <artifactId>spring-ai-ollama-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-stability-ai</artifactId>
+            <artifactId>spring-ai-stability-ai-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <!-- 通义千问 -->
             <groupId>com.alibaba.cloud.ai</groupId>
             <artifactId>spring-ai-alibaba-starter</artifactId>
-            <version>1.0.0.1</version>
+            <version>${spring-ai.version}.1</version>
+        </dependency>
+        <dependency>
+            <!-- 文心一言 -->
+            <groupId>org.springframework.ai</groupId>
+            <artifactId>spring-ai-qianfan-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
-        <!-- 注意：文心一言(qianfan)和月之暗面(moonshot)在Spring AI 1.0.0中已被移除 -->
-        <!-- 如需使用，请参考Spring AI Community repository -->
         <dependency>
             <!-- 智谱 GLM -->
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-zhipu-ai</artifactId>
+            <artifactId>spring-ai-zhipuai-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-model-minimax</artifactId>
+            <artifactId>spring-ai-minimax-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.ai</groupId>
+            <artifactId>spring-ai-moonshot-spring-boot-starter</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
 
         <!-- 向量存储：https://db-engines.com/en/ranking/vector+dbms -->
         <dependency>
             <!-- Qdrant：https://qdrant.tech/ -->
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-vector-store-qdrant</artifactId>
+            <artifactId>spring-ai-qdrant-store</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
 
         <dependency>
             <!-- Redis：https://redis.io/docs/latest/develop/get-started/vector-database/ -->
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-vector-store-redis</artifactId>
+            <artifactId>spring-ai-redis-store</artifactId>
+            <version>${spring-ai.version}</version>
         </dependency>
         <dependency>
             <groupId>cn.iocoder.boot</groupId>
@@ -127,7 +144,8 @@
         <dependency>
             <!-- Milvus：https://milvus.io/ -->
             <groupId>org.springframework.ai</groupId>
-            <artifactId>spring-ai-starter-vector-store-milvus</artifactId>
+            <artifactId>spring-ai-milvus-store</artifactId>
+            <version>${spring-ai.version}</version>
             <exclusions>
                 <!-- 解决和 logback 的日志冲突 -->
                 <exclusion>
@@ -141,6 +159,7 @@
             <!-- Tika：负责内容的解析 -->
             <groupId>org.springframework.ai</groupId>
             <artifactId>spring-ai-tika-document-reader</artifactId>
+            <version>${spring-ai.version}</version>
             <!-- TODO 芋艿：boot 项目里，不引入 cloud 依赖！！！另外，这样也是为了解决启动报错的问题！ -->
             <exclusions>
                 <exclusion>
@@ -189,24 +208,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-
-        <!-- Spring AI - 社区版本支持 -->
-        <!-- 注意：如需使用 QianFan 或 Moonshot，请参考 Spring AI Community 项目 -->
-        <!-- https://github.com/spring-ai-community/qianfan -->
-        <!-- https://github.com/spring-ai-community/moonshot -->
-        <!--
-        <dependency>
-            <groupId>org.springframework.ai.community</groupId>
-            <artifactId>spring-ai-qianfan</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.ai.community</groupId>
-            <artifactId>spring-ai-moonshot</artifactId>
-        </dependency>
-        -->
-
-        <!-- Spring AI - Vector Stores -->
-        <dependency>
     </dependencies>
 
 </project>

yudao-module-ai/src/main/java/cn/iocoder/yudao/module/ai/framework/ai/core/AiModelFactoryImpl.java

@@ -42,8 +42,10 @@ import org.springframework.ai.autoconfigure.azure.openai.AzureOpenAiChatProperti
 import org.springframework.ai.autoconfigure.azure.openai.AzureOpenAiConnectionProperties;
 import org.springframework.ai.autoconfigure.azure.openai.AzureOpenAiEmbeddingProperties;
 import org.springframework.ai.autoconfigure.minimax.MiniMaxAutoConfiguration;
+import org.springframework.ai.autoconfigure.moonshot.MoonshotAutoConfiguration;
 import org.springframework.ai.autoconfigure.ollama.OllamaAutoConfiguration;
 import org.springframework.ai.autoconfigure.openai.OpenAiAutoConfiguration;
+import org.springframework.ai.autoconfigure.qianfan.QianFanAutoConfiguration;
 import org.springframework.ai.autoconfigure.stabilityai.StabilityAiImageAutoConfiguration;
 import org.springframework.ai.autoconfigure.vectorstore.milvus.MilvusServiceClientConnectionDetails;
 import org.springframework.ai.autoconfigure.vectorstore.milvus.MilvusServiceClientProperties;
@@ -68,6 +70,9 @@ import org.springframework.ai.minimax.MiniMaxEmbeddingOptions;
 import org.springframework.ai.minimax.api.MiniMaxApi;
 import org.springframework.ai.model.function.FunctionCallbackResolver;
 import org.springframework.ai.model.tool.ToolCallingManager;
+import org.springframework.ai.moonshot.MoonshotChatModel;
+import org.springframework.ai.moonshot.MoonshotChatOptions;
+import org.springframework.ai.moonshot.api.MoonshotApi;
 import org.springframework.ai.ollama.OllamaChatModel;
 import org.springframework.ai.ollama.OllamaEmbeddingModel;
 import org.springframework.ai.ollama.api.OllamaApi;
@@ -79,6 +84,12 @@ import org.springframework.ai.openai.OpenAiImageModel;
 import org.springframework.ai.openai.api.OpenAiApi;
 import org.springframework.ai.openai.api.OpenAiImageApi;
 import org.springframework.ai.openai.api.common.OpenAiApiConstants;
+import org.springframework.ai.qianfan.QianFanChatModel;
+import org.springframework.ai.qianfan.QianFanEmbeddingModel;
+import org.springframework.ai.qianfan.QianFanEmbeddingOptions;
+import org.springframework.ai.qianfan.QianFanImageModel;
+import org.springframework.ai.qianfan.api.QianFanApi;
+import org.springframework.ai.qianfan.api.QianFanImageApi;
 import org.springframework.ai.stabilityai.StabilityAiImageModel;
 import org.springframework.ai.stabilityai.api.StabilityAiApi;
 import org.springframework.ai.vectorstore.SimpleVectorStore;
@@ -122,6 +133,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
             switch (platform) {
                 case TONG_YI:
                     return buildTongYiChatModel(apiKey);
+                case YI_YAN:
+                    return buildYiYanChatModel(apiKey);
                 case DEEP_SEEK:
                     return buildDeepSeekChatModel(apiKey);
                 case DOU_BAO:
@@ -134,6 +147,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
                     return buildZhiPuChatModel(apiKey, url);
                 case MINI_MAX:
                     return buildMiniMaxChatModel(apiKey, url);
+                case MOONSHOT:
+                    return buildMoonshotChatModel(apiKey, url);
                 case XING_HUO:
                     return buildXingHuoChatModel(apiKey);
                 case BAI_CHUAN:
@@ -144,11 +159,6 @@ public class AiModelFactoryImpl implements AiModelFactory {
                     return buildAzureOpenAiChatModel(apiKey, url);
                 case OLLAMA:
                     return buildOllamaChatModel(url);
-                // 注意：YI_YAN(qianfan)和MOONSHOT在Spring AI 1.0.0中已被移除
-                case YI_YAN:
-                    throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
-                case MOONSHOT:
-                    throw new UnsupportedOperationException("月之暗面(moonshot)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
                 default:
                     throw new IllegalArgumentException(StrUtil.format("未知平台({})", platform));
             }
@@ -161,6 +171,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
         switch (platform) {
             case TONG_YI:
                 return SpringUtil.getBean(DashScopeChatModel.class);
+            case YI_YAN:
+                return SpringUtil.getBean(QianFanChatModel.class);
             case DEEP_SEEK:
                 return SpringUtil.getBean(DeepSeekChatModel.class);
             case DOU_BAO:
@@ -173,6 +185,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
                 return SpringUtil.getBean(ZhiPuAiChatModel.class);
             case MINI_MAX:
                 return SpringUtil.getBean(MiniMaxChatModel.class);
+            case MOONSHOT:
+                return SpringUtil.getBean(MoonshotChatModel.class);
             case XING_HUO:
                 return SpringUtil.getBean(XingHuoChatModel.class);
             case BAI_CHUAN:
@@ -194,6 +208,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
         switch (platform) {
             case TONG_YI:
                 return SpringUtil.getBean(DashScopeImageModel.class);
+            case YI_YAN:
+                return SpringUtil.getBean(QianFanImageModel.class);
             case ZHI_PU:
                 return SpringUtil.getBean(ZhiPuAiImageModel.class);
             case SILICON_FLOW:
@@ -202,9 +218,6 @@ public class AiModelFactoryImpl implements AiModelFactory {
                 return SpringUtil.getBean(OpenAiImageModel.class);
             case STABLE_DIFFUSION:
                 return SpringUtil.getBean(StabilityAiImageModel.class);
-            // 注意：YI_YAN(qianfan)在Spring AI 1.0.0中已被移除
-            case YI_YAN:
-                throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
             default:
                 throw new IllegalArgumentException(StrUtil.format("未知平台({})", platform));
         }
@@ -216,6 +229,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
         switch (platform) {
             case TONG_YI:
                 return buildTongYiImagesModel(apiKey);
+            case YI_YAN:
+                return buildQianFanImageModel(apiKey);
             case ZHI_PU:
                 return buildZhiPuAiImageModel(apiKey, url);
             case OPENAI:
@@ -224,9 +239,6 @@ public class AiModelFactoryImpl implements AiModelFactory {
                 return buildSiliconFlowImageModel(apiKey,url);
             case STABLE_DIFFUSION:
                 return buildStabilityAiImageModel(apiKey, url);
-            // 注意：YI_YAN(qianfan)在Spring AI 1.0.0中已被移除
-            case YI_YAN:
-                throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
             default:
                 throw new IllegalArgumentException(StrUtil.format("未知平台({})", platform));
         }
@@ -257,6 +269,8 @@ public class AiModelFactoryImpl implements AiModelFactory {
             switch (platform) {
                 case TONG_YI:
                     return buildTongYiEmbeddingModel(apiKey, model);
+                case YI_YAN:
+                    return buildYiYanEmbeddingModel(apiKey, model);
                 case ZHI_PU:
                     return buildZhiPuEmbeddingModel(apiKey, url, model);
                 case MINI_MAX:
@@ -267,9 +281,6 @@ public class AiModelFactoryImpl implements AiModelFactory {
                     return buildAzureOpenAiEmbeddingModel(apiKey, url, model);
                 case OLLAMA:
                     return buildOllamaEmbeddingModel(url, model);
-                // 注意：YI_YAN(qianfan)在Spring AI 1.0.0中已被移除
-                case YI_YAN:
-                    throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
                 default:
                     throw new IllegalArgumentException(StrUtil.format("未知平台({})", platform));
             }
@@ -325,6 +336,30 @@ public class AiModelFactoryImpl implements AiModelFactory {
         return new DashScopeImageModel(dashScopeImageApi);
     }
 
+    /**
+     * 可参考 {@link QianFanAutoConfiguration} 的 qianFanChatModel 方法
+     */
+    private static QianFanChatModel buildYiYanChatModel(String key) {
+        List<String> keys = StrUtil.split(key, '|');
+        Assert.equals(keys.size(), 2, "YiYanChatClient 的密钥需要 (appKey|secretKey) 格式");
+        String appKey = keys.get(0);
+        String secretKey = keys.get(1);
+        QianFanApi qianFanApi = new QianFanApi(appKey, secretKey);
+        return new QianFanChatModel(qianFanApi);
+    }
+
+    /**
+     * 可参考 {@link QianFanAutoConfiguration} 的 qianFanImageModel 方法
+     */
+    private QianFanImageModel buildQianFanImageModel(String key) {
+        List<String> keys = StrUtil.split(key, '|');
+        Assert.equals(keys.size(), 2, "YiYanChatClient 的密钥需要 (appKey|secretKey) 格式");
+        String appKey = keys.get(0);
+        String secretKey = keys.get(1);
+        QianFanImageApi qianFanApi = new QianFanImageApi(appKey, secretKey);
+        return new QianFanImageModel(qianFanApi);
+    }
+
     /**
      * 可参考 {@link AiAutoConfiguration#deepSeekChatModel(YudaoAiProperties)}
      */
@@ -390,6 +425,16 @@ public class AiModelFactoryImpl implements AiModelFactory {
         return new MiniMaxChatModel(miniMaxApi, options, getFunctionCallbackResolver(), DEFAULT_RETRY_TEMPLATE);
     }
 
+    /**
+     * 可参考 {@link MoonshotAutoConfiguration} 的 moonshotChatModel 方法
+     */
+    private MoonshotChatModel buildMoonshotChatModel(String apiKey, String url) {
+        MoonshotApi moonshotApi = StrUtil.isEmpty(url)? new MoonshotApi(apiKey)
+                : new MoonshotApi(url, apiKey);
+        MoonshotChatOptions options = MoonshotChatOptions.builder().model(MoonshotApi.DEFAULT_CHAT_MODEL).build();
+        return new MoonshotChatModel(moonshotApi, options, getFunctionCallbackResolver(), DEFAULT_RETRY_TEMPLATE);
+    }
+
     /**
      * 可参考 {@link AiAutoConfiguration#xingHuoChatClient(YudaoAiProperties)}
      */
@@ -502,6 +547,25 @@ public class AiModelFactoryImpl implements AiModelFactory {
         return new MiniMaxEmbeddingModel(miniMaxApi, MetadataMode.EMBED, miniMaxEmbeddingOptions);
     }
 
+    /**
+     * 可参考 {@link QianFanAutoConfiguration} 的 qianFanEmbeddingModel 方法
+     */
+    private QianFanEmbeddingModel buildYiYanEmbeddingModel(String key, String model) {
+        List<String> keys = StrUtil.split(key, '|');
+        Assert.equals(keys.size(), 2, "YiYanChatClient 的密钥需要 (appKey|secretKey) 格式");
+        String appKey = keys.get(0);
+        String secretKey = keys.get(1);
+        QianFanApi qianFanApi = new QianFanApi(appKey, secretKey);
+        QianFanEmbeddingOptions qianFanEmbeddingOptions = QianFanEmbeddingOptions.builder().model(model).build();
+        return new QianFanEmbeddingModel(qianFanApi, MetadataMode.EMBED, qianFanEmbeddingOptions);
+    }
+
+    private OllamaEmbeddingModel buildOllamaEmbeddingModel(String url, String model) {
+        OllamaApi ollamaApi = new OllamaApi(url);
+        OllamaOptions ollamaOptions = OllamaOptions.builder().model(model).build();
+        return OllamaEmbeddingModel.builder().ollamaApi(ollamaApi).defaultOptions(ollamaOptions).build();
+    }
+
     /**
      * 可参考 {@link OpenAiAutoConfiguration} 的 openAiEmbeddingModel 方法
      */
@@ -529,12 +593,6 @@ public class AiModelFactoryImpl implements AiModelFactory {
                 null, null);
     }
 
-    private OllamaEmbeddingModel buildOllamaEmbeddingModel(String url, String model) {
-        OllamaApi ollamaApi = new OllamaApi(url);
-        OllamaOptions ollamaOptions = OllamaOptions.builder().model(model).build();
-        return OllamaEmbeddingModel.builder().ollamaApi(ollamaApi).defaultOptions(ollamaOptions).build();
-    }
-
     // ========== 各种创建 VectorStore 的方法 ==========
 
     /**

yudao-module-ai/src/main/java/cn/iocoder/yudao/module/ai/service/image/AiImageServiceImpl.java

@@ -34,6 +34,7 @@ import org.springframework.ai.image.ImageOptions;
 import org.springframework.ai.image.ImagePrompt;
 import org.springframework.ai.image.ImageResponse;
 import org.springframework.ai.openai.OpenAiImageOptions;
+import org.springframework.ai.qianfan.QianFanImageOptions;
 import org.springframework.ai.stabilityai.api.StabilityAiImageOptions;
 import org.springframework.ai.zhipuai.ZhiPuAiImageOptions;
 import org.springframework.scheduling.annotation.Async;
@@ -167,8 +168,10 @@ public class AiImageServiceImpl implements AiImageService {
                     .withHeight(draw.getHeight()).withWidth(draw.getWidth())
                     .build();
         } else if (ObjUtil.equal(model.getPlatform(), AiPlatformEnum.YI_YAN.getPlatform())) {
-            // 注意：文心一言(qianfan)在Spring AI 1.0.0中已被移除
-            throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
+            return QianFanImageOptions.builder()
+                    .model(model.getModel()).N(1)
+                    .height(draw.getHeight()).width(draw.getWidth())
+                    .build();
         } else if (ObjUtil.equal(model.getPlatform(), AiPlatformEnum.ZHI_PU.getPlatform())) {
             return ZhiPuAiImageOptions.builder()
                     .model(model.getModel())
@@ -257,7 +260,7 @@ public class AiImageServiceImpl implements AiImageService {
 
     @Override
     public Integer midjourneySync() {
-        // 1.1 获取 Midjourney 平台，状态在 "进行中" 的 image
+        // 1.1 获取 Midjourney 平台，状态在 “进行中” 的 image
         List<AiImageDO> images = imageMapper.selectListByStatusAndPlatform(
                 AiImageStatusEnum.IN_PROGRESS.getStatus(), AiPlatformEnum.MIDJOURNEY.getPlatform());
         if (CollUtil.isEmpty(images)) {

yudao-module-ai/src/main/java/cn/iocoder/yudao/module/ai/util/AiUtils.java

@@ -10,8 +10,10 @@ import org.springframework.ai.azure.openai.AzureOpenAiChatOptions;
 import org.springframework.ai.chat.messages.*;
 import org.springframework.ai.chat.prompt.ChatOptions;
 import org.springframework.ai.minimax.MiniMaxChatOptions;
+import org.springframework.ai.moonshot.MoonshotChatOptions;
 import org.springframework.ai.ollama.api.OllamaOptions;
 import org.springframework.ai.openai.OpenAiChatOptions;
+import org.springframework.ai.qianfan.QianFanChatOptions;
 import org.springframework.ai.zhipuai.ZhiPuAiChatOptions;
 
 import java.util.Collections;
@@ -43,8 +45,7 @@ public class AiUtils {
                 return DashScopeChatOptions.builder().withModel(model).withTemperature(temperature).withMaxToken(maxTokens)
                         .withFunctions(toolNames).withToolContext(toolContext).build();
             case YI_YAN:
-                // 注意：文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案
-                throw new UnsupportedOperationException("文心一言(qianfan)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
+                return QianFanChatOptions.builder().model(model).temperature(temperature).maxTokens(maxTokens).build();
             case ZHI_PU:
                 return ZhiPuAiChatOptions.builder().model(model).temperature(temperature).maxTokens(maxTokens)
                         .functions(toolNames).toolContext(toolContext).build();
@@ -52,8 +53,8 @@ public class AiUtils {
                 return MiniMaxChatOptions.builder().model(model).temperature(temperature).maxTokens(maxTokens)
                         .functions(toolNames).toolContext(toolContext).build();
             case MOONSHOT:
-                // 注意：月之暗面(moonshot)在Spring AI 1.0.0中已被移除，请使用其他替代方案
-                throw new UnsupportedOperationException("月之暗面(moonshot)在Spring AI 1.0.0中已被移除，请使用其他替代方案");
+                return MoonshotChatOptions.builder().model(model).temperature(temperature).maxTokens(maxTokens)
+                        .functions(toolNames).toolContext(toolContext).build();
             case OPENAI:
             case DEEP_SEEK: // 复用 OpenAI 客户端
             case DOU_BAO: // 复用 OpenAI 客户端

yudao-module-ai/src/test/java/cn/iocoder/yudao/module/ai/framework/ai/core/model/chat/MoonshotChatModelTests.java

@@ -0,0 +1,62 @@
+package cn.iocoder.yudao.module.ai.framework.ai.core.model.chat;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.ai.chat.messages.Message;
+import org.springframework.ai.chat.messages.SystemMessage;
+import org.springframework.ai.chat.messages.UserMessage;
+import org.springframework.ai.chat.model.ChatResponse;
+import org.springframework.ai.chat.prompt.Prompt;
+import org.springframework.ai.moonshot.MoonshotChatModel;
+import org.springframework.ai.moonshot.MoonshotChatOptions;
+import org.springframework.ai.moonshot.api.MoonshotApi;
+import reactor.core.publisher.Flux;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * {@link MoonshotChatModel} 的集成测试
+ *
+ * @author 芋道源码
+ */
+public class MoonshotChatModelTests {
+
+    private final MoonshotChatModel chatModel = new MoonshotChatModel(
+            new MoonshotApi("sk-aHYYV1SARscItye5QQRRNbXij4fy65Ee7pNZlC9gsSQnUKXA"), // 密钥
+            MoonshotChatOptions.builder()
+                    .model("moonshot-v1-8k") // 模型
+                    .build());
+    @Test
+    @Disabled
+    public void testCall() {
+        // 准备参数
+        List<Message> messages = new ArrayList<>();
+        messages.add(new SystemMessage("你是一个优质的文言文作者，用文言文描述着各城市的人文风景。"));
+        messages.add(new UserMessage("1 + 1 = ？"));
+
+        // 调用
+        ChatResponse response = chatModel.call(new Prompt(messages));
+        // 打印结果
+        System.out.println(response);
+        System.out.println(response.getResult().getOutput());
+    }
+
+    @Test
+    @Disabled
+    public void testStream() {
+        // 准备参数
+        List<Message> messages = new ArrayList<>();
+        messages.add(new SystemMessage("你是一个优质的文言文作者，用文言文描述着各城市的人文风景。"));
+        messages.add(new UserMessage("1 + 1 = ？"));
+
+        // 调用
+        Flux<ChatResponse> flux = chatModel.stream(new Prompt(messages));
+        // 打印结果
+        flux.doOnNext(response -> {
+//            System.out.println(response);
+            System.out.println(response.getResult().getOutput());
+        }).then().block();
+    }
+
+}

yudao-module-ai/src/test/java/cn/iocoder/yudao/module/ai/framework/ai/core/model/chat/YiYanChatModelTests.java

@@ -0,0 +1,62 @@
+package cn.iocoder.yudao.module.ai.framework.ai.core.model.chat;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.ai.chat.messages.Message;
+import org.springframework.ai.chat.messages.UserMessage;
+import org.springframework.ai.chat.model.ChatResponse;
+import org.springframework.ai.chat.prompt.Prompt;
+import org.springframework.ai.qianfan.QianFanChatModel;
+import org.springframework.ai.qianfan.QianFanChatOptions;
+import org.springframework.ai.qianfan.api.QianFanApi;
+import reactor.core.publisher.Flux;
+
+import java.util.ArrayList;
+import java.util.List;
+
+// TODO @芋艿：百度千帆 API 提供了 V2 版本，目前 Spring AI 不兼容，可关键 <https://github.com/spring-projects/spring-ai/issues/2179> 进展
+/**
+ * {@link QianFanChatModel} 的集成测试
+ *
+ * @author fansili
+ */
+public class YiYanChatModelTests {
+
+    private final QianFanChatModel chatModel = new QianFanChatModel(
+            new QianFanApi("qS8k8dYr2nXunagK4SSU8Xjj", "pHGbx51ql2f0hOyabQvSZezahVC3hh3e"), // 密钥
+            QianFanChatOptions.builder()
+                    .model(QianFanApi.ChatModel.ERNIE_4_0_8K_Preview.getValue())
+                    .build()
+    );
+
+    @Test
+    @Disabled
+    public void testCall() {
+        // 准备参数
+        List<Message> messages = new ArrayList<>();
+        // TODO @芋艿：文心一言，只要带上 system message 就报错，已经各种测试，很莫名！
+//        messages.add(new SystemMessage("你是一个优质的文言文作者，用文言文描述着各城市的人文风景。"));
+        messages.add(new UserMessage("1 + 1 = ？"));
+
+        // 调用
+        ChatResponse response = chatModel.call(new Prompt(messages));
+        // 打印结果
+        System.out.println(response);
+    }
+
+    @Test
+    @Disabled
+    public void testStream() {
+        // 准备参数
+        List<Message> messages = new ArrayList<>();
+        // TODO @芋艿：文心一言，只要带上 system message 就报错，已经各种测试，很莫名！
+//        messages.add(new SystemMessage("你是一个优质的文言文作者，用文言文描述着各城市的人文风景。"));
+        messages.add(new UserMessage("1 + 1 = ？"));
+
+        // 调用
+        Flux<ChatResponse> flux = chatModel.stream(new Prompt(messages));
+        // 打印结果
+        flux.doOnNext(System.out::println).then().block();
+    }
+
+}

yudao-module-ai/src/test/java/cn/iocoder/yudao/module/ai/framework/ai/core/model/image/QianFanImageTests.java

@@ -0,0 +1,43 @@
+package cn.iocoder.yudao.module.ai.framework.ai.core.model.image;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.ai.image.ImagePrompt;
+import org.springframework.ai.image.ImageResponse;
+import org.springframework.ai.qianfan.QianFanImageModel;
+import org.springframework.ai.qianfan.QianFanImageOptions;
+import org.springframework.ai.qianfan.api.QianFanImageApi;
+
+import static cn.iocoder.yudao.module.ai.framework.ai.core.model.image.StabilityAiImageModelTests.viewImage;
+
+// TODO @芋艿：百度千帆 API 提供了 V2 版本，目前 Spring AI 不兼容，可关键 <https://github.com/spring-projects/spring-ai/issues/2179> 进展
+
+/**
+ * {@link QianFanImageModel} 集成测试类
+ */
+public class QianFanImageTests {
+
+    private final QianFanImageModel imageModel = new QianFanImageModel(
+            new QianFanImageApi("qS8k8dYr2nXunagK4SSU8Xjj", "pHGbx51ql2f0hOyabQvSZezahVC3hh3e")); // 密钥
+
+    @Test
+    @Disabled
+    public void testCall() {
+        // 准备参数
+        // 只支持 1024x1024、768x768、768x1024、1024x768、576x1024、1024x576
+        QianFanImageOptions imageOptions = QianFanImageOptions.builder()
+                .model(QianFanImageApi.ImageModel.Stable_Diffusion_XL.getValue())
+                .width(1024).height(1024)
+                .N(1)
+                .build();
+        ImagePrompt prompt = new ImagePrompt("good", imageOptions);
+
+        // 方法调用
+        ImageResponse response = imageModel.call(prompt);
+        // 打印结果
+        String b64Json = response.getResult().getOutput().getB64Json();
+        System.out.println(response);
+        viewImage(b64Json);
+    }
+
+}

yudao-module-erp/src/main/resources/mapper/statistics/ErpPurchaseStatisticsMapper.xml

@@ -10,7 +10,9 @@
                <if test="endTime != null">
                    AND in_time &lt; #{endTime}
                </if>
-               AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getRequiredTenantId()}
+               <if test="@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId() != null">
+                   AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId()}
+               </if>
                AND deleted = 0) -
             (SELECT IFNULL(SUM(total_price), 0)
                 FROM erp_purchase_return
@@ -18,7 +20,9 @@
                 <if test="endTime != null">
                     AND return_time &lt; #{endTime}
                 </if>
-                AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getRequiredTenantId()}
+                <if test="@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId() != null">
+                    AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId()}
+                </if>
                 AND deleted = 0)
     </select>
 

yudao-module-erp/src/main/resources/mapper/statistics/ErpSaleStatisticsMapper.xml

@@ -10,7 +10,9 @@
                <if test="endTime != null">
                    AND out_time &lt; #{endTime}
                </if>
-               AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getRequiredTenantId()}
+               <if test="@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId() != null">
+                   AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId()}
+               </if>
                AND deleted = 0) -
             (SELECT IFNULL(SUM(total_price), 0)
                 FROM erp_sale_return
@@ -18,7 +20,9 @@
                 <if test="endTime != null">
                     AND return_time &lt; #{endTime}
                 </if>
-                AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getRequiredTenantId()}
+                <if test="@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId() != null">
+                    AND tenant_id = ${@cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder@getTenantId()}
+                </if>
                 AND deleted = 0)
     </select>
 

yudao-module-erp/src/test/java/cn/iocoder/yudao/module/erp/service/statistics/ErpStatisticsServiceTest.java

@@ -0,0 +1,155 @@
+package cn.iocoder.yudao.module.erp.service.statistics;
+
+import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
+import cn.iocoder.yudao.module.erp.dal.mysql.statistics.ErpPurchaseStatisticsMapper;
+import cn.iocoder.yudao.module.erp.dal.mysql.statistics.ErpSaleStatisticsMapper;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.test.context.ActiveProfiles;
+
+import jakarta.annotation.Resource;
+import java.math.BigDecimal;
+import java.time.LocalDateTime;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+/**
+ * ERP 统计服务测试类
+ * 主要测试在多租户关闭情况下，统计查询是否能正常工作
+ *
+ * @author 芋道源码
+ */
+@SpringBootTest
+@ActiveProfiles("unit-test")
+public class ErpStatisticsServiceTest {
+
+    @Resource
+    private ErpSaleStatisticsService saleStatisticsService;
+
+    @Resource
+    private ErpPurchaseStatisticsService purchaseStatisticsService;
+
+    @MockBean
+    private ErpSaleStatisticsMapper saleStatisticsMapper;
+
+    @MockBean
+    private ErpPurchaseStatisticsMapper purchaseStatisticsMapper;
+
+    @BeforeEach
+    void setUp() {
+        // 清理租户上下文
+        TenantContextHolder.clear();
+    }
+
+    @AfterEach
+    void tearDown() {
+        // 清理租户上下文
+        TenantContextHolder.clear();
+    }
+
+    @Test
+    void testSaleStatisticsWithoutTenant() {
+        // 准备参数
+        LocalDateTime beginTime = LocalDateTime.of(2024, 1, 1, 0, 0, 0);
+        LocalDateTime endTime = LocalDateTime.of(2024, 1, 31, 23, 59, 59);
+        BigDecimal expectedPrice = new BigDecimal("1000.00");
+
+        // Mock 返回值
+        when(saleStatisticsMapper.getSalePrice(any(LocalDateTime.class), any(LocalDateTime.class)))
+                .thenReturn(expectedPrice);
+
+        // 测试：在没有租户ID的情况下调用销售统计
+        assertDoesNotThrow(() -> {
+            BigDecimal result = saleStatisticsService.getSalePrice(beginTime, endTime);
+            assertEquals(expectedPrice, result);
+        }, "在多租户关闭时，销售统计查询应该能正常工作");
+    }
+
+    @Test
+    void testPurchaseStatisticsWithoutTenant() {
+        // 准备参数
+        LocalDateTime beginTime = LocalDateTime.of(2024, 1, 1, 0, 0, 0);
+        LocalDateTime endTime = LocalDateTime.of(2024, 1, 31, 23, 59, 59);
+        BigDecimal expectedPrice = new BigDecimal("800.00");
+
+        // Mock 返回值
+        when(purchaseStatisticsMapper.getPurchasePrice(any(LocalDateTime.class), any(LocalDateTime.class)))
+                .thenReturn(expectedPrice);
+
+        // 测试：在没有租户ID的情况下调用采购统计
+        assertDoesNotThrow(() -> {
+            BigDecimal result = purchaseStatisticsService.getPurchasePrice(beginTime, endTime);
+            assertEquals(expectedPrice, result);
+        }, "在多租户关闭时，采购统计查询应该能正常工作");
+    }
+
+    @Test
+    void testSaleStatisticsWithTenant() {
+        // 设置租户ID
+        Long tenantId = 1L;
+        TenantContextHolder.setTenantId(tenantId);
+
+        // 准备参数
+        LocalDateTime beginTime = LocalDateTime.of(2024, 1, 1, 0, 0, 0);
+        LocalDateTime endTime = LocalDateTime.of(2024, 1, 31, 23, 59, 59);
+        BigDecimal expectedPrice = new BigDecimal("1500.00");
+
+        // Mock 返回值
+        when(saleStatisticsMapper.getSalePrice(any(LocalDateTime.class), any(LocalDateTime.class)))
+                .thenReturn(expectedPrice);
+
+        // 测试：在有租户ID的情况下调用销售统计
+        assertDoesNotThrow(() -> {
+            BigDecimal result = saleStatisticsService.getSalePrice(beginTime, endTime);
+            assertEquals(expectedPrice, result);
+        }, "在多租户开启时，销售统计查询应该能正常工作");
+
+        // 验证租户ID是否正确设置
+        assertEquals(tenantId, TenantContextHolder.getTenantId());
+    }
+
+    @Test
+    void testPurchaseStatisticsWithTenant() {
+        // 设置租户ID
+        Long tenantId = 2L;
+        TenantContextHolder.setTenantId(tenantId);
+
+        // 准备参数
+        LocalDateTime beginTime = LocalDateTime.of(2024, 1, 1, 0, 0, 0);
+        LocalDateTime endTime = LocalDateTime.of(2024, 1, 31, 23, 59, 59);
+        BigDecimal expectedPrice = new BigDecimal("1200.00");
+
+        // Mock 返回值
+        when(purchaseStatisticsMapper.getPurchasePrice(any(LocalDateTime.class), any(LocalDateTime.class)))
+                .thenReturn(expectedPrice);
+
+        // 测试：在有租户ID的情况下调用采购统计
+        assertDoesNotThrow(() -> {
+            BigDecimal result = purchaseStatisticsService.getPurchasePrice(beginTime, endTime);
+            assertEquals(expectedPrice, result);
+        }, "在多租户开启时，采购统计查询应该能正常工作");
+
+        // 验证租户ID是否正确设置
+        assertEquals(tenantId, TenantContextHolder.getTenantId());
+    }
+
+    @Test
+    void testTenantContextHolderMethods() {
+        // 测试 getTenantId() 在没有设置租户时返回 null
+        assertNull(TenantContextHolder.getTenantId(), "未设置租户时应该返回 null");
+
+        // 设置租户ID
+        Long tenantId = 3L;
+        TenantContextHolder.setTenantId(tenantId);
+        assertEquals(tenantId, TenantContextHolder.getTenantId(), "设置租户后应该能正确获取");
+
+        // 清理租户上下文
+        TenantContextHolder.clear();
+        assertNull(TenantContextHolder.getTenantId(), "清理后应该返回 null");
+    }
+}

yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java

@@ -43,7 +43,7 @@ public class FileController {
 
     @PostMapping("/upload")
     @Operation(summary = "上传文件", description = "模式一：后端上传文件")
-    public CommonResult<String> uploadFile(FileUploadReqVO uploadReqVO) throws Exception {
+    public CommonResult<String> uploadFile(@Valid FileUploadReqVO uploadReqVO) throws Exception {
         MultipartFile file = uploadReqVO.getFile();
         byte[] content = IoUtil.readBytes(file.getInputStream());
         return success(fileService.createFile(content, file.getOriginalFilename(),

yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/vo/file/FileUploadReqVO.java

@@ -1,6 +1,8 @@
 package cn.iocoder.yudao.module.infra.controller.admin.file.vo.file;
 
+import cn.hutool.core.util.StrUtil;
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.AssertTrue;
 import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 import org.springframework.web.multipart.MultipartFile;
@@ -16,4 +18,34 @@ public class FileUploadReqVO {
     @Schema(description = "文件目录", example = "XXX/YYY")
     private String directory;
 
+    @AssertTrue(message = "目录路径无效，包含非法字符")
+    public boolean isDirectoryValid() {
+        if (StrUtil.isEmpty(directory)) {
+            return true; // 空值认为是有效的
+        }
+        
+        // 统一使用正斜杠
+        String normalizedPath = directory.replace('\\', '/');
+        
+        // 检查绝对路径
+        if (normalizedPath.startsWith("/") || normalizedPath.matches("^[A-Za-z]:.*")) {
+            return false;
+        }
+        
+        // 检查路径遍历攻击
+        String[] dangerousPatterns = {
+            "..", "..\\", "../", "..%2f", "..%5c", "..%2F", "..%5C",
+            "%2e%2e", "%2E%2E", "%2e%2e%2f", "%2E%2E%2F",
+            "....//", "....\\\\", "....%2f", "....%5c"
+        };
+        
+        String lowerPath = normalizedPath.toLowerCase();
+        for (String pattern : dangerousPatterns) {
+            if (lowerPath.contains(pattern)) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
 }

yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/controller/app/file/AppFileController.java

@@ -33,7 +33,7 @@ public class AppFileController {
     @PostMapping("/upload")
     @Operation(summary = "上传文件")
     @PermitAll
-    public CommonResult<String> uploadFile(AppFileUploadReqVO uploadReqVO) throws Exception {
+    public CommonResult<String> uploadFile(@Valid AppFileUploadReqVO uploadReqVO) throws Exception {
         MultipartFile file = uploadReqVO.getFile();
         byte[] content = IoUtil.readBytes(file.getInputStream());
         return success(fileService.createFile(content, file.getOriginalFilename(),

yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/controller/app/file/vo/AppFileUploadReqVO.java

@@ -1,6 +1,8 @@
 package cn.iocoder.yudao.module.infra.controller.app.file.vo;
 
+import cn.hutool.core.util.StrUtil;
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.AssertTrue;
 import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 import org.springframework.web.multipart.MultipartFile;
@@ -16,4 +18,34 @@ public class AppFileUploadReqVO {
     @Schema(description = "文件目录", example = "XXX/YYY")
     private String directory;
 
+    @AssertTrue(message = "目录路径无效，包含非法字符")
+    public boolean isDirectoryValid() {
+        if (StrUtil.isEmpty(directory)) {
+            return true; // 空值认为是有效的
+        }
+        
+        // 统一使用正斜杠
+        String normalizedPath = directory.replace('\\', '/');
+        
+        // 检查绝对路径
+        if (normalizedPath.startsWith("/") || normalizedPath.matches("^[A-Za-z]:.*")) {
+            return false;
+        }
+        
+        // 检查路径遍历攻击
+        String[] dangerousPatterns = {
+            "..", "..\\", "../", "..%2f", "..%5c", "..%2F", "..%5C",
+            "%2e%2e", "%2E%2E", "%2e%2e%2f", "%2E%2E%2F",
+            "....//", "....\\\\", "....%2f", "....%5c"
+        };
+        
+        String lowerPath = normalizedPath.toLowerCase();
+        for (String pattern : dangerousPatterns) {
+            if (lowerPath.contains(pattern)) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
 }

yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/enums/ErrorCodeConstants.java

@@ -33,6 +33,7 @@ public interface ErrorCodeConstants {
     ErrorCode FILE_PATH_EXISTS = new ErrorCode(1_001_003_000, "文件路径已存在");
     ErrorCode FILE_NOT_EXISTS = new ErrorCode(1_001_003_001, "文件不存在");
     ErrorCode FILE_IS_EMPTY = new ErrorCode(1_001_003_002, "文件为空");
+    ErrorCode FILE_PATH_INVALID = new ErrorCode(1_001_003_003, "文件路径无效，包含非法字符");
 
     // ========== 代码生成器 1-001-004-000 ==========
     ErrorCode CODEGEN_TABLE_EXISTS = new ErrorCode(1_001_004_002, "表定义已经存在");

yudao-module-infra/src/test/java/cn/iocoder/yudao/module/infra/controller/admin/file/vo/file/FileUploadReqVOTest.java

@@ -0,0 +1,92 @@
+package cn.iocoder.yudao.module.infra.controller.admin.file.vo.file;
+
+import jakarta.validation.Validation;
+import jakarta.validation.Validator;
+import jakarta.validation.ValidatorFactory;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.springframework.mock.web.MockMultipartFile;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * FileUploadReqVO 测试类
+ *
+ * @author 芋道源码
+ */
+class FileUploadReqVOTest {
+
+    private static Validator validator;
+
+    @BeforeAll
+    static void setUp() {
+        ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
+        validator = factory.getValidator();
+    }
+
+    @Test
+    void testValidDirectory() {
+        // 测试有效目录
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory("uploads/2024/01");
+        
+        var violations = validator.validate(vo);
+        assertTrue(violations.isEmpty(), "有效目录应该通过验证");
+    }
+
+    @Test
+    void testNullDirectory() {
+        // 测试空目录
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory(null);
+        
+        var violations = validator.validate(vo);
+        assertTrue(violations.isEmpty(), "空目录应该通过验证");
+    }
+
+    @Test
+    void testEmptyDirectory() {
+        // 测试空字符串目录
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory("");
+        
+        var violations = validator.validate(vo);
+        assertTrue(violations.isEmpty(), "空字符串目录应该通过验证");
+    }
+
+    @Test
+    void testPathTraversalAttack() {
+        // 测试路径遍历攻击
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory("../../etc/passwd");
+        
+        var violations = validator.validate(vo);
+        assertFalse(violations.isEmpty(), "路径遍历攻击应该被拒绝");
+    }
+
+    @Test
+    void testAbsolutePath() {
+        // 测试绝对路径
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory("/etc/passwd");
+        
+        var violations = validator.validate(vo);
+        assertFalse(violations.isEmpty(), "绝对路径应该被拒绝");
+    }
+
+    @Test
+    void testWindowsAbsolutePath() {
+        // 测试Windows绝对路径
+        FileUploadReqVO vo = new FileUploadReqVO();
+        vo.setFile(new MockMultipartFile("test.txt", "test.txt", "text/plain", "test".getBytes()));
+        vo.setDirectory("C:\\windows\\system32");
+        
+        var violations = validator.validate(vo);
+        assertFalse(violations.isEmpty(), "Windows绝对路径应该被拒绝");
+    }
+}

yudao-server/pom.xml

@@ -138,6 +138,7 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${spring.boot.version}</version>
                 <executions>
                     <execution>
                         <goals>