wangxy
/
hyp-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix:参数类型查询权限

Browse Source
dev
wangxy 12 months ago
parent 7ba1e8dea5
commit 302cfbd79e
2 changed files with 146 additions and 6 deletions
Show Stats Download Patch File Download Diff File

23
hyp-admin/src/main/java/com/hyp/web/controller/reward/FileRelationController.java
Unescape View File

@ -2,10 +2,12 @@ package com.hyp.web.controller.reward;
import com.hyp.common.annotation.Log;
import com.hyp.common.config.HypConfig;
import com.hyp.common.constant.Constants;
import com.hyp.common.core.controller.BaseController;
import com.hyp.common.core.domain.AjaxResult;
import com.hyp.common.enums.BusinessType;
import com.hyp.common.exception.ServiceException;
import com.hyp.common.utils.HypFileUtil;
import com.hyp.common.utils.file.FileUploadUtils;
import com.hyp.common.utils.file.FileUtils;
import com.hyp.framework.config.ServerConfig;
@ -179,19 +181,26 @@ public class FileRelationController extends BaseController {
if(Objects.isNull(rewFileRelation)){
throw new ServiceException("下载文件不存在");
}
String fileName = rewFileRelation.getFileName();
String fileName = rewFileRelation.getFilePath();
if (!FileUtils.checkAllowDownload(fileName)) {
throw new Exception(com.hyp.common.utils.StringUtils.format("文件名称({})非法,不允许下载。 ", fileName));
}
String realFileName = System.currentTimeMillis() + fileName.substring(fileName.indexOf("_") + 1);
String filePath = HypConfig.getDownloadPath() + fileName;
throw new Exception(com.hyp.common.utils.StringUtils.format("资源文件({})非法,不允许下载。 ", fileName));
}
// 本地资源路径
String localPath = HypConfig.getProfile();
// 数据库资源地址
String downloadPath = localPath + com.hyp.common.utils.StringUtils.substringAfter(fileName, Constants.RESOURCE_PREFIX);
// 下载名称
String downloadName = com.hyp.common.utils.StringUtils.substringAfterLast(downloadPath, "/");
response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
FileUtils.setAttachmentResponseHeader(response, realFileName);
FileUtils.writeBytes(filePath, response.getOutputStream());
FileUtils.setAttachmentResponseHeader(response, downloadName);
FileUtils.writeBytes(downloadPath, response.getOutputStream());
} catch (Exception e) {
log.error("下载文件失败", e);
}
}
}

131
hyp-common/src/main/java/com/hyp/common/utils/HypFileUtil.java
Unescape View File

@ -0,0 +1,131 @@
package com.hyp.common.utils;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.io.FileUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.RandomUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@Slf4j
public class HypFileUtil extends FileUtil {
public static final String IE_FLAG_MISE = "msie";
public static final String IE_FLAG_TRIDENT = "trident";
public static final String IE_FLAG_EDGE = "edge";
/**
* MultipartFileFile
*/
public static File toFile(MultipartFile multipartFile) {
// 获取文件名
String fileName = multipartFile.getOriginalFilename();
// 获取文件后缀
String prefix = "." + getExtensionName(fileName);
File file = null;
try {
// 用uuid作为文件名防止生成的临时文件重复
file = File.createTempFile(IdUtil.simpleUUID(), prefix);
// MultipartFile to File
multipartFile.transferTo(file);
} catch (IOException e) {
e.printStackTrace();
}
return file;
}
/**
* .
*/
public static String getExtensionName(String filename) {
if ((filename != null) && (filename.length() > 0)) {
int dot = filename.lastIndexOf('.');
if ((dot > -1) && (dot < (filename.length() - 1))) {
return filename.substring(dot + 1);
}
}
return filename;
}
/**
*
*/
public static String getFileNameNoEx(String filename) {
if ((filename != null) && (filename.length() > 0)) {
int dot = filename.lastIndexOf('.');
if ((dot > -1) && (dot < (filename.length()))) {
return filename.substring(0, dot);
}
}
return filename;
}
public static File upload(MultipartFile file, String uploadDir, String applyId){
String suffix = getExtensionName(file.getOriginalFilename());
String fileId = RandomUtil.randomNumbers(32);
String dateDir = DateUtil.format(DateUtil.date(),"yyyyMMdd");
//上传文件以后的存储路径
String separator = File.separator;
String filePath = uploadDir + separator + dateDir + separator + applyId + separator + fileId + "." + suffix;
try {
File upFile = new File(filePath).getCanonicalFile();
// 检测是否存在目录
if (!upFile.getParentFile().exists()) {
upFile.getParentFile().mkdirs();
}
log.info("上传文件路径:{}", filePath);
// 文件写入
file.transferTo(upFile);
return upFile;
} catch (IOException e) {
throw new RuntimeException("上传失败");
}
}
public static void downLoadFile(String filePath, String fileName, HttpServletRequest request, HttpServletResponse response) {
File f = null;
try {
f = FileUtil.newFile(filePath);
if (!f.exists()) {
response.sendError(404, "File not found!");
return;
}
} catch (IOException e) {
log.error(e.getMessage(), e);
}
try (BufferedInputStream br = new BufferedInputStream(new FileInputStream(f));
OutputStream out = response.getOutputStream();) {
byte[] buf = new byte[1024];
int len = 0;
// 在线打开方式
String userAgent = request.getHeader("User-Agent").toLowerCase();
fileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name());
response.reset();
// 解决申报系统异步下载跨域问题
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET");
response.setHeader("Access-Control-Expose-Headers", "Content-Disposition");
// 纯下载方式
response.setHeader("Content-disposition", String.format("attachment; filename=\"%s\"", fileName));
response.setContentType("application/x-msdownload;charset=UTF-8");
response.setCharacterEncoding(StandardCharsets.UTF_8.name());
while ((len = br.read(buf)) > 0) {
out.write(buf, 0, len);
}
} catch (IOException e) {
log.error(e.getMessage(), e);
}
}
}
Write Preview
Loading…
Cancel
Save