ak/file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

文件预览安全加固

Browse Source
This commit is contained in:
马超 2021-06-02 16:59:27 +08:00
parent 382a46c79a
commit d34e0f9b6e
4 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/qiwenshare/file/controller/FiletransferController.java
View File

@ -145,7 +145,12 @@ public class FiletransferController {
@GetMapping("/preview")
public void preview(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PreviewDTO previewDTO){
String token = previewDTO.getToken();
UserBean sessionUserBean = userService.getUserBeanByToken(token);
UserFile userFile = userFileService.getById(previewDTO.getUserFileId());
if (userFile.getUserId() != sessionUserBean.getUserId()) {
return;
}
FileBean fileBean = fileService.getById(userFile.getFileId());
String mime= MimeUtils.getMime(userFile.getExtendName());
httpServletResponse.setHeader("Content-Type", mime);

1
src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java
View File

@ -7,4 +7,5 @@ import lombok.Data;
@Schema(name = "预览文件DTO",required = true)
public class PreviewDTO {
private Long userFileId;
private String token;
}

6
src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java
View File

@ -33,9 +33,9 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
if ("undefined".equals(token) || StringUtils.isEmpty(token)) {
throw new NotLoginException("token不存在");
}
if (!token.startsWith("Bearer ")) {
throw new NotLoginException("token格式错误");
}
// if (!token.startsWith("Bearer ")) {
// throw new NotLoginException("token格式错误");
// }
token = token.replace("Bearer ", "");
UserBean userBean = userService.getUserBeanByToken(token);
if (userBean == null) {

4
src/main/java/com/qiwenshare/file/service/UserService.java
View File

@ -3,6 +3,7 @@ package com.qiwenshare.file.service;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.qiwenshare.common.exception.NotLoginException;
import com.qiwenshare.common.util.DateUtil;
import com.qiwenshare.common.result.RestResult;
import com.qiwenshare.common.util.JjwtUtil;
@ -39,6 +40,9 @@ public class UserService extends ServiceImpl<UserMapper, UserBean> implements IU
if (StringUtils.isEmpty(token)) {
return null;
}
// if (!token.startsWith("Bearer ")) {
// throw new NotLoginException("token格式错误");
// }
token = token.replace("Bearer ", "");
try {
c = JjwtUtil.parseJWT(token);