文件上传下载初版提交

Signed-off-by: TanYibin <5491541@qq.com>

文件上传下载初版提交
Signed-off-by: TanYibin <5491541@qq.com>
谭毅彬
1 parent 28c1afd5
Showing 7 changed files with 66 additions and 52 deletions
.gitignore
huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/CommonController.java
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLogAspect.java → huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLoggerAspect.java
huaheng-wms-core/src/main/java/org/jeecg/utils/OkHttpUtils.java
huaheng-wms-core/src/main/resources/application-dev.yml
huaheng-wms-core/src/main/resources/application-prod.yml
huaheng-wms-core/src/main/resources/application-test.yml
@@ -6,6 +6,7 @@
 **/target
 **/logs
 **/static/**
+**/upFiles/**
 ## front
 **/*.lock
@@ -2,6 +2,8 @@ package org.jeecg.modules.system.controller;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
+
+import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@@ -11,6 +13,7 @@ import org.jeecg.common.util.CommonUtils;
 import org.jeecg.common.util.RestUtil;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.modules.wms.framework.aspectj.lang.annotation.ApiLogger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
@@ -53,6 +56,12 @@ public class CommonController {
      */
     @Value(value = "${jeecg.uploadType}")
     private String uploadType;
+    
+    /**
+     * 允许上传的文件类型
+     */
+    @Value(value = "${jeecg.uploadFileType}")
+    private String uploadFileType;
     /**
      * @Author 政辉
@@ -70,29 +79,34 @@ public class CommonController {
      * @return
      */
     @PostMapping(value = "/upload")
+    @ApiLogger(apiName = "文件上传", from = "WMS")
     public Result<?> upload(HttpServletRequest request, HttpServletResponse response) {
         Result<?> result = new Result<>();
         String savePath = "";
         String bizPath = request.getParameter("biz");
-
         // LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞
         if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) {
-            throw new JeecgBootException("上传目录bizPath，格式非法！");
+            throw new JeecgBootException("上传路径格式非法！");
         }
-
         MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest)request;
         MultipartFile file = multipartRequest.getFile("file");// 获取上传文件对象
+        if (file == null) {
+            throw new JeecgBootException("未找到上传文件！");
+        }
         if (oConvertUtils.isEmpty(bizPath)) {
             if (CommonConstant.UPLOAD_TYPE_OSS.equals(uploadType)) {
-                // 未指定目录，则用阿里云默认目录 upload
-                bizPath = "upload";
-                // result.setMessage("使用阿里云文件上传时，必须添加目录！");
-                // result.setSuccess(false);
-                // return result;
+                result.setMessage("使用阿里云文件上传时，必须添加目录！");
+                result.setSuccess(false);
+                return result;
             } else {
                 bizPath = "";
             }
         }
+        String orgName = file.getOriginalFilename();// 获取文件名
+        String suffix = orgName.substring(orgName.lastIndexOf(".") + 1); // 文件后缀
+        if (orgName.equals(suffix) || !uploadFileType.contains(suffix)) {
+            throw new JeecgBootException("上传文件类型非法！");
+        }
         if (CommonConstant.UPLOAD_TYPE_LOCAL.equals(uploadType)) {
             // update-begin-author:lvdandan date:20200928 for:修改JEditor编辑器本地上传
             savePath = this.uploadLocal(file, bizPath);
@@ -130,24 +144,17 @@ public class CommonController {
      * @param  bizPath 自定义路径
      * @return
      */
-    private String uploadLocal(MultipartFile mf, String bizPath) {
+    private String uploadLocal(MultipartFile multipartFile, String bizPath) {
         try {
             String ctxPath = uploadpath;
-            String fileName = null;
             File file = new File(ctxPath + File.separator + bizPath + File.separator);
             if (!file.exists()) {
                 file.mkdirs();// 创建文件根目录
             }
-            String orgName = mf.getOriginalFilename();// 获取文件名
-            orgName = CommonUtils.getFileName(orgName);
-            if (orgName.indexOf(".") != -1) {
-                fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));
-            } else {
-                fileName = orgName + "_" + System.currentTimeMillis();
-            }
+            String fileName = CommonUtils.getFileName(multipartFile.getOriginalFilename());
             String savePath = file.getPath() + File.separator + fileName;
             File savefile = new File(savePath);
-            FileCopyUtils.copy(mf.getBytes(), savefile);
+            FileCopyUtils.copy(multipartFile.getBytes(), savefile);
             String dbpath = null;
             if (oConvertUtils.isNotEmpty(bizPath)) {
                 dbpath = bizPath + File.separator + fileName;
@@ -52,8 +52,8 @@ import okhttp3.Response;
 @Aspect
 @Component
 @EnableAsync
-public class ApiLogAspect {
-    private static final Logger log = LoggerFactory.getLogger(ApiLogAspect.class);
+public class ApiLoggerAspect {
+    private static final Logger log = LoggerFactory.getLogger(ApiLoggerAspect.class);
     private static IApiLogService apiLogService;
@@ -61,12 +61,12 @@ public class ApiLogAspect {
     @Autowired
     public void setApiLogService(IApiLogService apiLogService) {
-        ApiLogAspect.apiLogService = apiLogService;
+        ApiLoggerAspect.apiLogService = apiLogService;
     }
     @Autowired
     public void setAddressService(IAddressService addressService) {
-        ApiLogAspect.addressService = addressService;
+        ApiLoggerAspect.addressService = addressService;
     }
     // 配置织入点
@@ -285,7 +285,7 @@ public class ApiLogAspect {
             } catch (Exception e) {
                 e.printStackTrace();
             }
-            SpringUtils.getBean(ApiLogAspect.class).saveApiLog(log);
+            SpringUtils.getBean(ApiLoggerAspect.class).saveApiLog(log);
         }
     }
@@ -491,7 +491,7 @@ public class ApiLogAspect {
     private void rebuildResponseHeader(ApiLog log) {
         try {
             HttpServletResponse resp = ServletUtils.getResponse();
-            Collection names = resp.getHeaderNames();
+            Collection<String> names = resp.getHeaderNames();
             ArrayList<String> headerList = new ArrayList<>();
             Iterator<String> it = names.iterator();
             while (it.hasNext()) {
@@ -10,7 +10,7 @@ import antlr.StringUtils;
 import cn.hutool.core.util.StrUtil;
 import net.bytebuddy.asm.Advice.This;
 import okhttp3.*;
-import org.jeecg.modules.wms.framework.aspectj.ApiLogAspect;
+import org.jeecg.modules.wms.framework.aspectj.ApiLoggerAspect;
 import org.jeecg.modules.wms.monitor.apiLog.entity.ApiLog;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -104,16 +104,16 @@ public class OkHttpUtils {
         Response response = null;
         String result = null;
         try {
-            ApiLogAspect.initApiLog(apiLog, request, param);
+            ApiLoggerAspect.initApiLog(apiLog, request, param);
             response = HTTP_CLIENT.newCall(request).execute();
             result = response.body().string();
         } catch (Exception e) {
             String errorString =
                 StrUtil.format("执行GET请求异常，url:{}，header:{}，param:{}，errorMessage:{}", url, JSON.toJSONString(headers), param, e.getMessage());
-            ApiLogAspect.setApiLogException(apiLog, e);
+            ApiLoggerAspect.setApiLogException(apiLog, e);
             throw new RuntimeException(errorString, e);
         } finally {
-            ApiLogAspect.finishApiLog(apiLog, response, result);
+            ApiLoggerAspect.finishApiLog(apiLog, response, result);
         }
         if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
             log.info("执行GET请求成功，url:{}，header:{}，param:{}，result:{}", url, JSON.toJSONString(headers), param, result);
@@ -154,16 +154,16 @@ public class OkHttpUtils {
         Response response = null;
         String result = null;
         try {
-            ApiLogAspect.initApiLog(apiLog, request, param);
+            ApiLoggerAspect.initApiLog(apiLog, request, param);
             response = HTTP_CLIENT.newCall(request).execute();
             result = response.body().string();
         } catch (Exception e) {
             String errorString =
                 StrUtil.format("执行POST请求异常，url:{}，header:{}，param:{}，errorMessage:{}", url, JSON.toJSONString(headers), param, e.getMessage());
-            ApiLogAspect.setApiLogException(apiLog, e);
+            ApiLoggerAspect.setApiLogException(apiLog, e);
             throw new RuntimeException(errorString, e);
         } finally {
-            ApiLogAspect.finishApiLog(apiLog, response, result);
+            ApiLoggerAspect.finishApiLog(apiLog, response, result);
         }
         if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
             log.info("执行POST请求成功，url:{}，header:{}，param:{}，result:{}", url, JSON.toJSONString(headers), param, result);
@@ -196,15 +196,15 @@ public class OkHttpUtils {
         Response response = null;
         String result = null;
         try {
-            ApiLogAspect.initApiLog(apiLog, request, jsonString);
+            ApiLoggerAspect.initApiLog(apiLog, request, jsonString);
             response = HTTP_CLIENT.newCall(request).execute();
             result = response.body().string();
         } catch (Exception e) {
             String errorString = StrUtil.format("执行POST请求异常，url:{}，header:{}，param:{}，errorMessage:{}", url, JSON.toJSONString(headers), jsonString, e.getMessage());
-            ApiLogAspect.setApiLogException(apiLog, e);
+            ApiLoggerAspect.setApiLogException(apiLog, e);
             throw new RuntimeException(errorString);
         } finally {
-            ApiLogAspect.finishApiLog(apiLog, response, result);
+            ApiLoggerAspect.finishApiLog(apiLog, response, result);
         }
         if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
             log.info("执行POST请求成功，url:{}，header:{}，param:{}，result:{}", url, JSON.toJSONString(headers), jsonString, result);
@@ -22,8 +22,8 @@ management:
 spring:
   servlet:
     multipart:
-      max-file-size: 10MB
-      max-request-size: 10MB
+      max-file-size: 100MB
+      max-request-size: 100MB
   mail:
     host: smtp.163.com
     username: jeecgos@163.com
@@ -189,14 +189,16 @@ jeecg:
   # 签名密钥串(前后端要一致，正式发布请自行修改)
   signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
   # 本地：local\Minio：minio\阿里云：alioss
-  uploadType: minio
+  uploadType: local
+  # 允许上传的文件类型，使用,分割
+  uploadFileType: sh
   path:
     #文件上传根目录 设置
-    upload: /opt/upFiles
+    upload: ./upFiles
     #webapp文件路径
-    webapp: /opt/webapp
+    webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??
@@ -22,8 +22,8 @@ management:
 spring:
   servlet:
     multipart:
-      max-file-size: 10MB
-      max-request-size: 10MB
+      max-file-size: 100MB
+      max-request-size: 100MB
   mail:
     host: smtp.163.com
     username: jeecgos@163.com
@@ -187,14 +187,16 @@ jeecg:
   # 签名密钥串(前后端要一致，正式发布请自行修改)
   signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
   # 本地：local\Minio：minio\阿里云：alioss
-  uploadType: alioss
+  uploadType: local
+  # 允许上传的文件类型，使用,分割
+  uploadFileType: sh
   path:
     #文件上传根目录 设置
-    upload: /opt/jeecg-boot/upload
+    upload: ./upload
     #webapp文件路径
-    webapp: /opt/jeecg-boot/webapp
+    webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??
@@ -22,8 +22,8 @@ management:
 spring:
   servlet:
     multipart:
-      max-file-size: 10MB
-      max-request-size: 10MB
+      max-file-size: 100MB
+      max-request-size: 100MB
   mail:
     host: smtp.163.com
     username: jeecgos@163.com
@@ -189,14 +189,16 @@ jeecg:
   # 签名密钥串(前后端要一致，正式发布请自行修改)
   signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
   # 本地：local\Minio：minio\阿里云：alioss
-  uploadType: minio
+  uploadType: local
+  # 允许上传的文件类型，使用,分割
+  uploadFileType: sh
   path:
     #文件上传根目录 设置
-    upload: /opt/upFiles
+    upload: ./upFiles
     #webapp文件路径
-    webapp: /opt/webapp
+    webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??