ak/file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

文件预览安全加固

Browse Source
This commit is contained in:
马超 2021-06-02 16:59:27 +08:00
parent 382a46c79a
commit d34e0f9b6e
4 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/qiwenshare/file/controller/FiletransferController.java
View File

@ -145,7 +145,12 @@ public class FiletransferController {
@GetMapping("/preview") @GetMapping("/preview")
public void preview(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PreviewDTO previewDTO){ public void preview(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PreviewDTO previewDTO){
String token = previewDTO.getToken();
UserBean sessionUserBean = userService.getUserBeanByToken(token);
UserFile userFile = userFileService.getById(previewDTO.getUserFileId()); UserFile userFile = userFileService.getById(previewDTO.getUserFileId());
if (userFile.getUserId() != sessionUserBean.getUserId()) {
return;
}
FileBean fileBean = fileService.getById(userFile.getFileId()); FileBean fileBean = fileService.getById(userFile.getFileId());
String mime= MimeUtils.getMime(userFile.getExtendName()); String mime= MimeUtils.getMime(userFile.getExtendName());
httpServletResponse.setHeader("Content-Type", mime); httpServletResponse.setHeader("Content-Type", mime);

1
src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java
View File

@ -7,4 +7,5 @@ import lombok.Data;
@Schema(name = "预览文件DTO",required = true) @Schema(name = "预览文件DTO",required = true)
public class PreviewDTO { public class PreviewDTO {
private Long userFileId; private Long userFileId;
private String token;
} }

6
src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java
View File

@ -33,9 +33,9 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
if ("undefined".equals(token) || StringUtils.isEmpty(token)) { if ("undefined".equals(token) || StringUtils.isEmpty(token)) {
throw new NotLoginException("token不存在"); throw new NotLoginException("token不存在");
} }
if (!token.startsWith("Bearer ")) { // if (!token.startsWith("Bearer ")) {
throw new NotLoginException("token格式错误"); // throw new NotLoginException("token格式错误");
} // }
token = token.replace("Bearer ", ""); token = token.replace("Bearer ", "");
UserBean userBean = userService.getUserBeanByToken(token); UserBean userBean = userService.getUserBeanByToken(token);
if (userBean == null) { if (userBean == null) {

4
src/main/java/com/qiwenshare/file/service/UserService.java
View File

@ -3,6 +3,7 @@ package com.qiwenshare.file.service;
import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.qiwenshare.common.exception.NotLoginException;
import com.qiwenshare.common.util.DateUtil; import com.qiwenshare.common.util.DateUtil;
import com.qiwenshare.common.result.RestResult; import com.qiwenshare.common.result.RestResult;
import com.qiwenshare.common.util.JjwtUtil; import com.qiwenshare.common.util.JjwtUtil;
@ -39,6 +40,9 @@ public class UserService extends ServiceImpl<UserMapper, UserBean> implements IU
if (StringUtils.isEmpty(token)) { if (StringUtils.isEmpty(token)) {
return null; return null;
} }
// if (!token.startsWith("Bearer ")) {
// throw new NotLoginException("token格式错误");
// }
token = token.replace("Bearer ", ""); token = token.replace("Bearer ", "");
try { try {
c = JjwtUtil.parseJWT(token); c = JjwtUtil.parseJWT(token);