From 33106201f6b84cd7e7a86381958e192aec324cfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A9=AC=E8=B6=85?= <1162714483@qq.com> Date: Sun, 18 Jul 2021 22:50:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/qiwenshare/file/component/FileDealComp.java | 7 +++++++ .../com/qiwenshare/file/controller/FileController.java | 2 +- .../qiwenshare/file/controller/FiletransferController.java | 3 ++- .../qiwenshare/file/controller/RecoveryFileController.java | 2 +- .../com/qiwenshare/file/controller/ShareController.java | 2 +- .../com/qiwenshare/file/controller/UserController.java | 2 +- .../com/qiwenshare/file/service/FiletransferService.java | 1 - src/main/resources/config/application.properties | 6 ++++-- src/main/resources/config/settings.properties | 2 +- 9 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/qiwenshare/file/component/FileDealComp.java b/src/main/java/com/qiwenshare/file/component/FileDealComp.java index b223f86..fd7e744 100644 --- a/src/main/java/com/qiwenshare/file/component/FileDealComp.java +++ b/src/main/java/com/qiwenshare/file/component/FileDealComp.java @@ -1,6 +1,7 @@ package com.qiwenshare.file.component; import cn.hutool.core.bean.BeanUtil; +import com.alibaba.fastjson.JSON; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.qiwenshare.common.constant.FileConstant; import com.qiwenshare.common.util.DateUtil; @@ -295,14 +296,20 @@ public class FileDealComp { String extractionCode, String token, long userFileId) { + log.info("权限检查开始:shareBatchNum:{}, extractionCode:{}, token:{}, userFileId{}" , shareBatchNum, extractionCode, token, userFileId); UserFile userFile = userFileService.getById(userFileId); + log.debug(JSON.toJSONString(userFile)); if ("undefined".equals(shareBatchNum) || StringUtils.isEmpty(shareBatchNum)) { UserBean sessionUserBean = userService.getUserBeanByToken(token); + log.debug(JSON.toJSONString("当前登录session用户:" + sessionUserBean)); if (sessionUserBean == null) { return false; } + log.debug("文件所属用户id:" + userFile.getUserId()); + log.debug("登录用户id:" + sessionUserBean.getUserId()); if (userFile.getUserId() != sessionUserBean.getUserId()) { + log.debug("用户id不一致,权限校验失败:"); return false; } } else { diff --git a/src/main/java/com/qiwenshare/file/controller/FileController.java b/src/main/java/com/qiwenshare/file/controller/FileController.java index 3f86e02..077d584 100644 --- a/src/main/java/com/qiwenshare/file/controller/FileController.java +++ b/src/main/java/com/qiwenshare/file/controller/FileController.java @@ -45,7 +45,7 @@ import static com.qiwenshare.common.util.FileUtil.getFileExtendsByType; @Tag(name = "file", description = "该接口为文件接口,主要用来做一些文件的基本操作,如创建目录,删除,移动,复制等。") @RestController @Slf4j -@RequestMapping({"/file", "/api/file"}) +@RequestMapping("/file") public class FileController { @Resource diff --git a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java index a4d12f4..881023b 100644 --- a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java +++ b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java @@ -39,7 +39,7 @@ import java.util.Map; @Slf4j @Tag(name = "filetransfer", description = "该接口为文件传输接口,主要用来做文件的上传和下载") @RestController -@RequestMapping({"/filetransfer", "/api/filetransfer"}) +@RequestMapping("/filetransfer") public class FiletransferController { @Resource @@ -180,6 +180,7 @@ public class FiletransferController { previewDTO.getExtractionCode(), previewDTO.getToken(), previewDTO.getUserFileId()); + if (!authResult) { log.error("没有权限预览!!!"); return; diff --git a/src/main/java/com/qiwenshare/file/controller/RecoveryFileController.java b/src/main/java/com/qiwenshare/file/controller/RecoveryFileController.java index 19155f2..3f10741 100644 --- a/src/main/java/com/qiwenshare/file/controller/RecoveryFileController.java +++ b/src/main/java/com/qiwenshare/file/controller/RecoveryFileController.java @@ -28,7 +28,7 @@ import java.util.List; @Tag(name = "recoveryfile", description = "文件删除后会进入回收站,该接口主要是对回收站文件进行管理") @RestController @Slf4j -@RequestMapping({"/recoveryfile", "/api/recoveryfile"}) +@RequestMapping("/recoveryfile") public class RecoveryFileController { @Resource IRecoveryFileService recoveryFileService; diff --git a/src/main/java/com/qiwenshare/file/controller/ShareController.java b/src/main/java/com/qiwenshare/file/controller/ShareController.java index 13195fa..fe9f27b 100644 --- a/src/main/java/com/qiwenshare/file/controller/ShareController.java +++ b/src/main/java/com/qiwenshare/file/controller/ShareController.java @@ -32,7 +32,7 @@ import java.util.*; @Tag(name = "share", description = "该接口为文件分享接口") @RestController @Slf4j -@RequestMapping({"/share", "/api/share"}) +@RequestMapping("/api/share") public class ShareController { public static final String CURRENT_MODULE = "文件分享"; diff --git a/src/main/java/com/qiwenshare/file/controller/UserController.java b/src/main/java/com/qiwenshare/file/controller/UserController.java index d46ea64..97c8e55 100644 --- a/src/main/java/com/qiwenshare/file/controller/UserController.java +++ b/src/main/java/com/qiwenshare/file/controller/UserController.java @@ -28,7 +28,7 @@ import java.util.Map; @Tag(name = "user", description = "该接口为用户接口,主要做用户登录,注册和校验token") @RestController @Slf4j -@RequestMapping({"/user", "/api/user"}) +@RequestMapping("/user") public class UserController { @Resource diff --git a/src/main/java/com/qiwenshare/file/service/FiletransferService.java b/src/main/java/com/qiwenshare/file/service/FiletransferService.java index 998a4e1..b5270fd 100644 --- a/src/main/java/com/qiwenshare/file/service/FiletransferService.java +++ b/src/main/java/com/qiwenshare/file/service/FiletransferService.java @@ -72,7 +72,6 @@ public class FiletransferService implements IFiletransferService { @Override public void uploadFile(HttpServletRequest request, UploadFileDTO uploadFileDto, Long userId) { - UploadFile uploadFile = new UploadFile(); uploadFile.setChunkNumber(uploadFileDto.getChunkNumber()); uploadFile.setChunkSize(uploadFileDto.getChunkSize()); diff --git a/src/main/resources/config/application.properties b/src/main/resources/config/application.properties index 4ca4d35..df6f942 100644 --- a/src/main/resources/config/application.properties +++ b/src/main/resources/config/application.properties @@ -34,7 +34,7 @@ spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.Ph #静态资源指定 spring.mvc.static-path-pattern=/** -spring.web.resources.static-locations=classpath:/static,file:${qiwen-file.local-storage-path} +spring.web.resources.static-locations=classpath:/static #上传下载 spring.servlet.multipart.max-file-size=2048MB @@ -92,9 +92,11 @@ spring.redis.timeout=5000 spring.data.elasticsearch.client.reactive.endpoints=127.0.0.1:9200 spring.elasticsearch.rest.uris=127.0.0.1:9200 +spring.elasticsearch.rest.username= +spring.elasticsearch.rest.password= # 当前部署外网IP,用于office预览 -deployment.host: 172.17.242.97:${server.port} +deployment.host: 172.16.100.53:${server.port} diff --git a/src/main/resources/config/settings.properties b/src/main/resources/config/settings.properties index 7f91898..b2a1aff 100644 --- a/src/main/resources/config/settings.properties +++ b/src/main/resources/config/settings.properties @@ -6,7 +6,7 @@ files.docservice.edited-docs=.docx|.xlsx|.csv|.pptx|.txt files.docservice.convert-docs=.docm|.dotx|.dotm|.dot|.doc|.odt|.fodt|.ott|.xlsm|.xltx|.xltm|.xlt|.xls|.ods|.fods|.ots|.pptm|.ppt|.ppsx|.ppsm|.pps|.potx|.potm|.pot|.odp|.fodp|.otp|.rtf|.mht|.html|.htm|.xml|.epub|.fb2 files.docservice.timeout=120000 -files.docservice.url.site=http://172.17.242.97:80/ +files.docservice.url.site=http://172.16.100.53:80/ files.docservice.url.converter=ConvertService.ashx files.docservice.url.command=coauthoring/CommandService.ashx files.docservice.url.api=web-apps/apps/api/documents/api.js