diff --git a/.gitignore b/.gitignore
index 6ffa8b7..c7411b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
**/target
**/logs
**/static/**
+**/upFiles/**
## front
**/*.lock
diff --git a/huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/CommonController.java b/huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/CommonController.java
index 092338c..52b1c6b 100644
--- a/huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/CommonController.java
+++ b/huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/CommonController.java
@@ -2,6 +2,8 @@ package org.jeecg.modules.system.controller;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
+
+import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
@@ -11,6 +13,7 @@ import org.jeecg.common.util.CommonUtils;
import org.jeecg.common.util.RestUtil;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.modules.wms.framework.aspectj.lang.annotation.ApiLogger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
@@ -53,6 +56,12 @@ public class CommonController {
*/
@Value(value = "${jeecg.uploadType}")
private String uploadType;
+
+ /**
+ * 允许上传的文件类型
+ */
+ @Value(value = "${jeecg.uploadFileType}")
+ private String uploadFileType;
/**
* @Author 政辉
@@ -70,29 +79,34 @@ public class CommonController {
* @return
*/
@PostMapping(value = "/upload")
+ @ApiLogger(apiName = "文件上传", from = "WMS")
public Result<?> upload(HttpServletRequest request, HttpServletResponse response) {
Result<?> result = new Result<>();
String savePath = "";
String bizPath = request.getParameter("biz");
-
// LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞
if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) {
- throw new JeecgBootException("上传目录bizPath,格式非法!");
+ throw new JeecgBootException("上传路径格式非法!");
}
-
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest)request;
MultipartFile file = multipartRequest.getFile("file");// 获取上传文件对象
+ if (file == null) {
+ throw new JeecgBootException("未找到上传文件!");
+ }
if (oConvertUtils.isEmpty(bizPath)) {
if (CommonConstant.UPLOAD_TYPE_OSS.equals(uploadType)) {
- // 未指定目录,则用阿里云默认目录 upload
- bizPath = "upload";
- // result.setMessage("使用阿里云文件上传时,必须添加目录!");
- // result.setSuccess(false);
- // return result;
+ result.setMessage("使用阿里云文件上传时,必须添加目录!");
+ result.setSuccess(false);
+ return result;
} else {
bizPath = "";
}
}
+ String orgName = file.getOriginalFilename();// 获取文件名
+ String suffix = orgName.substring(orgName.lastIndexOf(".") + 1); // 文件后缀
+ if (orgName.equals(suffix) || !uploadFileType.contains(suffix)) {
+ throw new JeecgBootException("上传文件类型非法!");
+ }
if (CommonConstant.UPLOAD_TYPE_LOCAL.equals(uploadType)) {
// update-begin-author:lvdandan date:20200928 for:修改JEditor编辑器本地上传
savePath = this.uploadLocal(file, bizPath);
@@ -130,24 +144,17 @@ public class CommonController {
* @param bizPath 自定义路径
* @return
*/
- private String uploadLocal(MultipartFile mf, String bizPath) {
+ private String uploadLocal(MultipartFile multipartFile, String bizPath) {
try {
String ctxPath = uploadpath;
- String fileName = null;
File file = new File(ctxPath + File.separator + bizPath + File.separator);
if (!file.exists()) {
file.mkdirs();// 创建文件根目录
}
- String orgName = mf.getOriginalFilename();// 获取文件名
- orgName = CommonUtils.getFileName(orgName);
- if (orgName.indexOf(".") != -1) {
- fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));
- } else {
- fileName = orgName + "_" + System.currentTimeMillis();
- }
+ String fileName = CommonUtils.getFileName(multipartFile.getOriginalFilename());
String savePath = file.getPath() + File.separator + fileName;
File savefile = new File(savePath);
- FileCopyUtils.copy(mf.getBytes(), savefile);
+ FileCopyUtils.copy(multipartFile.getBytes(), savefile);
String dbpath = null;
if (oConvertUtils.isNotEmpty(bizPath)) {
dbpath = bizPath + File.separator + fileName;
diff --git a/huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLogAspect.java b/huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLoggerAspect.java
index eb87a41..6f0f486 100644
--- a/huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLogAspect.java
+++ b/huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiLoggerAspect.java
@@ -52,8 +52,8 @@ import okhttp3.Response;
@Aspect
@Component
@EnableAsync
-public class ApiLogAspect {
- private static final Logger log = LoggerFactory.getLogger(ApiLogAspect.class);
+public class ApiLoggerAspect {
+ private static final Logger log = LoggerFactory.getLogger(ApiLoggerAspect.class);
private static IApiLogService apiLogService;
@@ -61,12 +61,12 @@ public class ApiLogAspect {
@Autowired
public void setApiLogService(IApiLogService apiLogService) {
- ApiLogAspect.apiLogService = apiLogService;
+ ApiLoggerAspect.apiLogService = apiLogService;
}
@Autowired
public void setAddressService(IAddressService addressService) {
- ApiLogAspect.addressService = addressService;
+ ApiLoggerAspect.addressService = addressService;
}
// 配置织入点
@@ -285,7 +285,7 @@ public class ApiLogAspect {
} catch (Exception e) {
e.printStackTrace();
}
- SpringUtils.getBean(ApiLogAspect.class).saveApiLog(log);
+ SpringUtils.getBean(ApiLoggerAspect.class).saveApiLog(log);
}
}
@@ -491,7 +491,7 @@ public class ApiLogAspect {
private void rebuildResponseHeader(ApiLog log) {
try {
HttpServletResponse resp = ServletUtils.getResponse();
- Collection names = resp.getHeaderNames();
+ Collection<String> names = resp.getHeaderNames();
ArrayList<String> headerList = new ArrayList<>();
Iterator<String> it = names.iterator();
while (it.hasNext()) {
diff --git a/huaheng-wms-core/src/main/java/org/jeecg/utils/OkHttpUtils.java b/huaheng-wms-core/src/main/java/org/jeecg/utils/OkHttpUtils.java
index 1879e25..82a1ad1 100644
--- a/huaheng-wms-core/src/main/java/org/jeecg/utils/OkHttpUtils.java
+++ b/huaheng-wms-core/src/main/java/org/jeecg/utils/OkHttpUtils.java
@@ -10,7 +10,7 @@ import antlr.StringUtils;
import cn.hutool.core.util.StrUtil;
import net.bytebuddy.asm.Advice.This;
import okhttp3.*;
-import org.jeecg.modules.wms.framework.aspectj.ApiLogAspect;
+import org.jeecg.modules.wms.framework.aspectj.ApiLoggerAspect;
import org.jeecg.modules.wms.monitor.apiLog.entity.ApiLog;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -104,16 +104,16 @@ public class OkHttpUtils {
Response response = null;
String result = null;
try {
- ApiLogAspect.initApiLog(apiLog, request, param);
+ ApiLoggerAspect.initApiLog(apiLog, request, param);
response = HTTP_CLIENT.newCall(request).execute();
result = response.body().string();
} catch (Exception e) {
String errorString =
StrUtil.format("执行GET请求异常,url:{},header:{},param:{},errorMessage:{}", url, JSON.toJSONString(headers), param, e.getMessage());
- ApiLogAspect.setApiLogException(apiLog, e);
+ ApiLoggerAspect.setApiLogException(apiLog, e);
throw new RuntimeException(errorString, e);
} finally {
- ApiLogAspect.finishApiLog(apiLog, response, result);
+ ApiLoggerAspect.finishApiLog(apiLog, response, result);
}
if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
log.info("执行GET请求成功,url:{},header:{},param:{},result:{}", url, JSON.toJSONString(headers), param, result);
@@ -154,16 +154,16 @@ public class OkHttpUtils {
Response response = null;
String result = null;
try {
- ApiLogAspect.initApiLog(apiLog, request, param);
+ ApiLoggerAspect.initApiLog(apiLog, request, param);
response = HTTP_CLIENT.newCall(request).execute();
result = response.body().string();
} catch (Exception e) {
String errorString =
StrUtil.format("执行POST请求异常,url:{},header:{},param:{},errorMessage:{}", url, JSON.toJSONString(headers), param, e.getMessage());
- ApiLogAspect.setApiLogException(apiLog, e);
+ ApiLoggerAspect.setApiLogException(apiLog, e);
throw new RuntimeException(errorString, e);
} finally {
- ApiLogAspect.finishApiLog(apiLog, response, result);
+ ApiLoggerAspect.finishApiLog(apiLog, response, result);
}
if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
log.info("执行POST请求成功,url:{},header:{},param:{},result:{}", url, JSON.toJSONString(headers), param, result);
@@ -196,15 +196,15 @@ public class OkHttpUtils {
Response response = null;
String result = null;
try {
- ApiLogAspect.initApiLog(apiLog, request, jsonString);
+ ApiLoggerAspect.initApiLog(apiLog, request, jsonString);
response = HTTP_CLIENT.newCall(request).execute();
result = response.body().string();
} catch (Exception e) {
String errorString = StrUtil.format("执行POST请求异常,url:{},header:{},param:{},errorMessage:{}", url, JSON.toJSONString(headers), jsonString, e.getMessage());
- ApiLogAspect.setApiLogException(apiLog, e);
+ ApiLoggerAspect.setApiLogException(apiLog, e);
throw new RuntimeException(errorString);
} finally {
- ApiLogAspect.finishApiLog(apiLog, response, result);
+ ApiLoggerAspect.finishApiLog(apiLog, response, result);
}
if (response.isSuccessful() && Objects.nonNull(response.body())) {// 调用成功
log.info("执行POST请求成功,url:{},header:{},param:{},result:{}", url, JSON.toJSONString(headers), jsonString, result);
diff --git a/huaheng-wms-core/src/main/resources/application-dev.yml b/huaheng-wms-core/src/main/resources/application-dev.yml
index 908b2b9..7c5bc27 100644
--- a/huaheng-wms-core/src/main/resources/application-dev.yml
+++ b/huaheng-wms-core/src/main/resources/application-dev.yml
@@ -22,8 +22,8 @@ management:
spring:
servlet:
multipart:
- max-file-size: 10MB
- max-request-size: 10MB
+ max-file-size: 100MB
+ max-request-size: 100MB
mail:
host: smtp.163.com
username: jeecgos@163.com
@@ -189,14 +189,16 @@ jeecg:
# 签名密钥串(前后端要一致,正式发布请自行修改)
signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
# 本地:local\Minio:minio\阿里云:alioss
- uploadType: minio
+ uploadType: local
+ # 允许上传的文件类型,使用,分割
+ uploadFileType: sh
path:
#文件上传根目录 设置
- upload: /opt/upFiles
+ upload: ./upFiles
#webapp文件路径
- webapp: /opt/webapp
+ webapp: ./webapp
shiro:
- excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin
+ excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
#阿里云oss存储和大鱼短信秘钥配置
oss:
accessKey: ??
diff --git a/huaheng-wms-core/src/main/resources/application-prod.yml b/huaheng-wms-core/src/main/resources/application-prod.yml
index a3311ff..e4ce823 100644
--- a/huaheng-wms-core/src/main/resources/application-prod.yml
+++ b/huaheng-wms-core/src/main/resources/application-prod.yml
@@ -22,8 +22,8 @@ management:
spring:
servlet:
multipart:
- max-file-size: 10MB
- max-request-size: 10MB
+ max-file-size: 100MB
+ max-request-size: 100MB
mail:
host: smtp.163.com
username: jeecgos@163.com
@@ -187,14 +187,16 @@ jeecg:
# 签名密钥串(前后端要一致,正式发布请自行修改)
signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
# 本地:local\Minio:minio\阿里云:alioss
- uploadType: alioss
+ uploadType: local
+ # 允许上传的文件类型,使用,分割
+ uploadFileType: sh
path:
#文件上传根目录 设置
- upload: /opt/jeecg-boot/upload
+ upload: ./upload
#webapp文件路径
- webapp: /opt/jeecg-boot/webapp
+ webapp: ./webapp
shiro:
- excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin
+ excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/test/test**,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
#阿里云oss存储和大鱼短信秘钥配置
oss:
accessKey: ??
diff --git a/huaheng-wms-core/src/main/resources/application-test.yml b/huaheng-wms-core/src/main/resources/application-test.yml
index d29e03c..c1bc4fc 100644
--- a/huaheng-wms-core/src/main/resources/application-test.yml
+++ b/huaheng-wms-core/src/main/resources/application-test.yml
@@ -22,8 +22,8 @@ management:
spring:
servlet:
multipart:
- max-file-size: 10MB
- max-request-size: 10MB
+ max-file-size: 100MB
+ max-request-size: 100MB
mail:
host: smtp.163.com
username: jeecgos@163.com
@@ -189,14 +189,16 @@ jeecg:
# 签名密钥串(前后端要一致,正式发布请自行修改)
signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
# 本地:local\Minio:minio\阿里云:alioss
- uploadType: minio
+ uploadType: local
+ # 允许上传的文件类型,使用,分割
+ uploadFileType: sh
path:
#文件上传根目录 设置
- upload: /opt/upFiles
+ upload: ./upFiles
#webapp文件路径
- webapp: /opt/webapp
+ webapp: ./webapp
shiro:
- excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin
+ excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
#阿里云oss存储和大鱼短信秘钥配置
oss:
accessKey: ??