diff --git a/src/main/java/com/qiwenshare/file/component/FileDealComp.java b/src/main/java/com/qiwenshare/file/component/FileDealComp.java index baceb6f..dc8dbc2 100644 --- a/src/main/java/com/qiwenshare/file/component/FileDealComp.java +++ b/src/main/java/com/qiwenshare/file/component/FileDealComp.java @@ -214,18 +214,18 @@ public class FileDealComp { * @param nodeNameQueue * @return */ - public TreeNode insertTreeNode(TreeNode treeNode, long id, String filePath, Queue nodeNameQueue){ + public TreeNode insertTreeNode(TreeNode treeNode, long id, String filePath, Queue nodeNameQueue) { List childrenTreeNodes = treeNode.getChildren(); String currentNodeName = nodeNameQueue.peek(); - if (currentNodeName == null){ + if (currentNodeName == null) { return treeNode; } QiwenFile qiwenFile = new QiwenFile(filePath, currentNodeName, true); filePath = qiwenFile.getPath(); - if (!isExistPath(childrenTreeNodes, currentNodeName)){ //1、判断有没有该子节点,如果没有则插入 + if (!isExistPath(childrenTreeNodes, currentNodeName)) { //1、判断有没有该子节点,如果没有则插入 //插入 TreeNode resultTreeNode = new TreeNode(); @@ -235,7 +235,7 @@ public class FileDealComp { childrenTreeNodes.add(resultTreeNode); - }else{ //2、如果有,则跳过 + } else { //2、如果有,则跳过 nodeNameQueue.poll(); } @@ -243,7 +243,7 @@ public class FileDealComp { for (int i = 0; i < childrenTreeNodes.size(); i++) { TreeNode childrenTreeNode = childrenTreeNodes.get(i); - if (currentNodeName.equals(childrenTreeNode.getLabel())){ + if (currentNodeName.equals(childrenTreeNode.getLabel())) { childrenTreeNode = insertTreeNode(childrenTreeNode, id * 10, filePath, nodeNameQueue); childrenTreeNodes.remove(i); childrenTreeNodes.add(childrenTreeNode); @@ -251,7 +251,7 @@ public class FileDealComp { } } - }else{ + } else { treeNode.setChildren(childrenTreeNodes); } @@ -313,7 +313,7 @@ public class FileDealComp { } public void deleteESByUserFileId(String userFileId) { - exec.execute(()->{ + exec.execute(() -> { try { elasticsearchClient.delete(d -> d .index("filesearch") @@ -328,54 +328,60 @@ public class FileDealComp { /** * 根据用户传入的参数,判断是否有下载或者预览权限 + * * @return */ public boolean checkAuthDownloadAndPreview(String shareBatchNum, String extractionCode, String token, - String userFileId, + String userFileIds, Integer platform) { - log.debug("权限检查开始:shareBatchNum:{}, extractionCode:{}, token:{}, userFileId{}" , shareBatchNum, extractionCode, token, userFileId); + log.debug("权限检查开始:shareBatchNum:{}, extractionCode:{}, token:{}, userFileIds{}", shareBatchNum, extractionCode, token, userFileIds); if (platform != null && platform == 2) { return true; } - UserFile userFile = userFileMapper.selectById(userFileId); - log.debug(JSON.toJSONString(userFile)); - if ("undefined".equals(shareBatchNum) || StringUtils.isEmpty(shareBatchNum)) { + String[] userFileIdArr = userFileIds.split(","); + for (String userFileId : userFileIdArr) { - String userId = userService.getUserIdByToken(token); - log.debug(JSON.toJSONString("当前登录session用户id:" + userId)); - if (userId == null) { - return false; - } - log.debug("文件所属用户id:" + userFile.getUserId()); - log.debug("登录用户id:" + userId); - if (!userFile.getUserId().equals(userId)) { - log.info("用户id不一致,权限校验失败"); - return false; - } - } else { - Map param = new HashMap<>(); - param.put("shareBatchNum", shareBatchNum); - List shareList = shareService.listByMap(param); - //判断批次号 - if (shareList.size() <= 0) { - log.info("分享批次号不存在,权限校验失败"); - return false; - } - Integer shareType = shareList.get(0).getShareType(); - if (1 == shareType) { - //判断提取码 - if (!shareList.get(0).getExtractionCode().equals(extractionCode)) { - log.info("提取码错误,权限校验失败"); + UserFile userFile = userFileMapper.selectById(userFileId); + log.debug(JSON.toJSONString(userFile)); + if ("undefined".equals(shareBatchNum) || StringUtils.isEmpty(shareBatchNum)) { + + String userId = userService.getUserIdByToken(token); + log.debug(JSON.toJSONString("当前登录session用户id:" + userId)); + if (userId == null) { return false; } - } - param.put("userFileId", userFileId); - List shareFileList = shareFileService.listByMap(param); - if (shareFileList.size() <= 0) { - log.info("用户id和分享批次号不匹配,权限校验失败"); - return false; + log.debug("文件所属用户id:" + userFile.getUserId()); + log.debug("登录用户id:" + userId); + if (!userFile.getUserId().equals(userId)) { + log.info("用户id不一致,权限校验失败"); + return false; + } + } else { + Map param = new HashMap<>(); + param.put("shareBatchNum", shareBatchNum); + List shareList = shareService.listByMap(param); + //判断批次号 + if (shareList.size() <= 0) { + log.info("分享批次号不存在,权限校验失败"); + return false; + } + Integer shareType = shareList.get(0).getShareType(); + if (1 == shareType) { + //判断提取码 + if (!shareList.get(0).getExtractionCode().equals(extractionCode)) { + log.info("提取码错误,权限校验失败"); + return false; + } + } + param.put("userFileId", userFileId); + List shareFileList = shareFileService.listByMap(param); + if (shareFileList.size() <= 0) { + log.info("用户id和分享批次号不匹配,权限校验失败"); + return false; + } + } } @@ -385,6 +391,7 @@ public class FileDealComp { /** * 拷贝文件 * 场景:修改的文件被多处引用时,需要重新拷贝一份,然后在新的基础上修改 + * * @param fileBean * @param userFile * @return diff --git a/src/main/java/com/qiwenshare/file/config/security/filter/JwtAuthenticationTokenFilter.java b/src/main/java/com/qiwenshare/file/config/security/filter/JwtAuthenticationTokenFilter.java index 51871e5..9f1ee55 100644 --- a/src/main/java/com/qiwenshare/file/config/security/filter/JwtAuthenticationTokenFilter.java +++ b/src/main/java/com/qiwenshare/file/config/security/filter/JwtAuthenticationTokenFilter.java @@ -32,6 +32,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { "/user/login", "/user/checkuserlogininfo", "/filetransfer/downloadfile", + "/filetransfer/batchDownloadFile", "/filetransfer/preview", "/share/sharefileList", "/share/sharetype", diff --git a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java index f5f13e0..6b2bc41 100644 --- a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java +++ b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java @@ -146,7 +146,24 @@ public class FiletransferController { @RequestMapping(value = "/batchDownloadFile", method = RequestMethod.GET) @MyLog(operation = "批量下载文件", module = CURRENT_MODULE) @ResponseBody - public void batchDownloadFile(HttpServletResponse httpServletResponse, BatchDownloadFileDTO batchDownloadFileDTO) { + public void batchDownloadFile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BatchDownloadFileDTO batchDownloadFileDTO) { + Cookie[] cookieArr = httpServletRequest.getCookies(); + String token = ""; + if (cookieArr != null) { + for (Cookie cookie : cookieArr) { + if ("token".equals(cookie.getName())) { + token = cookie.getValue(); + } + } + } + boolean authResult = fileDealComp.checkAuthDownloadAndPreview(batchDownloadFileDTO.getShareBatchNum(), + batchDownloadFileDTO.getExtractionCode(), + token, + batchDownloadFileDTO.getUserFileIds(), null); + if (!authResult) { + log.error("没有权限下载!!!"); + return; + } String files = batchDownloadFileDTO.getUserFileIds(); String[] userFileIdStrs = files.split(","); diff --git a/src/main/java/com/qiwenshare/file/dto/file/BatchDownloadFileDTO.java b/src/main/java/com/qiwenshare/file/dto/file/BatchDownloadFileDTO.java index c4f92bf..2a31bfc 100644 --- a/src/main/java/com/qiwenshare/file/dto/file/BatchDownloadFileDTO.java +++ b/src/main/java/com/qiwenshare/file/dto/file/BatchDownloadFileDTO.java @@ -8,5 +8,9 @@ import lombok.Data; public class BatchDownloadFileDTO { @Schema(description="文件集合", required = true) private String userFileIds; + @Schema(description="批次号") + private String shareBatchNum; + @Schema(description="提取码") + private String extractionCode; }