From d87343d70cf60e438a04dda781119563db113529 Mon Sep 17 00:00:00 2001 From: YunaiV Date: Sat, 12 Nov 2022 19:37:07 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=90=E4=BF=AE=E5=A4=8D=E3=80=91=E8=AE=BF?= =?UTF-8?q?=E9=97=AE=E6=95=B0=E6=8D=AE=E5=BA=93=E5=AD=98=E5=82=A8=E7=9A=84?= =?UTF-8?q?=E6=96=87=E4=BB=B6=EF=BC=8Cpath=20=E5=A4=9A=E5=B1=82=E7=BA=A7?= =?UTF-8?q?=E6=97=B6=EF=BC=8C=E6=97=A0=E6=B3=95=E8=AE=BF=E9=97=AE=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/admin/file/FileController.java | 23 +++++++++++-------- .../config/SecurityConfiguration.java | 2 ++ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java index df224d6f6..3719bc31b 100644 --- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java +++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java @@ -1,6 +1,7 @@ package cn.iocoder.yudao.module.infra.controller.admin.file; import cn.hutool.core.io.IoUtil; +import cn.hutool.core.util.StrUtil; import cn.iocoder.yudao.framework.common.pojo.CommonResult; import cn.iocoder.yudao.framework.common.pojo.PageResult; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; @@ -13,7 +14,6 @@ import cn.iocoder.yudao.module.infra.dal.dataobject.file.FileDO; import cn.iocoder.yudao.module.infra.service.file.FileService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; -import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; @@ -24,6 +24,7 @@ import org.springframework.web.multipart.MultipartFile; import javax.annotation.Resource; import javax.annotation.security.PermitAll; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.validation.Valid; @@ -57,16 +58,20 @@ public class FileController { return success(true); } - @GetMapping("/{configId}/get/{path}") + @GetMapping("/{configId}/get/**") @PermitAll @ApiOperation("下载文件") - @ApiImplicitParams({ - @ApiImplicitParam(name = "configId", value = "配置编号", required = true, dataTypeClass = Long.class), - @ApiImplicitParam(name = "path", value = "文件路径", required = true, dataTypeClass = String.class) - }) - public void getFileContent(HttpServletResponse response, - @PathVariable("configId") Long configId, - @PathVariable("path") String path) throws Exception { + @ApiImplicitParam(name = "configId", value = "配置编号", required = true, dataTypeClass = Long.class) + public void getFileContent(HttpServletRequest request, + HttpServletResponse response, + @PathVariable("configId") Long configId) throws Exception { + // 获取请求的路径 + String path = StrUtil.subAfter(request.getRequestURI(), "/get/", false); + if (StrUtil.isEmpty(path)) { + throw new IllegalArgumentException("结尾的 path 路径必须传递"); + } + + // 读取内容 byte[] content = fileService.getFileContent(configId, path); if (content == null) { log.warn("[getFileContent][configId({}) path({}) 文件不存在]", configId, path); diff --git a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java index 4da36c493..4cef42ab4 100644 --- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java +++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java @@ -36,6 +36,8 @@ public class SecurityConfiguration { // Spring Boot Admin Server 的安全配置 registry.antMatchers(adminSeverContextPath).anonymous() .antMatchers(adminSeverContextPath + "/**").anonymous(); + // 文件读取 + registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll(); // TODO 芋艿:这个每个项目都需要重复配置,得捉摸有没通用的方案 // RPC 服务的安全配置