|
|
|
|
@ -30,8 +30,11 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
import java.awt.image.RenderedImage; |
|
|
|
|
import java.io.IOException; |
|
|
|
|
import java.io.InputStream; |
|
|
|
|
import java.io.UnsupportedEncodingException; |
|
|
|
|
import java.net.HttpURLConnection; |
|
|
|
|
import java.net.URL; |
|
|
|
|
import java.net.URLDecoder; |
|
|
|
|
import java.nio.charset.StandardCharsets; |
|
|
|
|
import java.text.SimpleDateFormat; |
|
|
|
|
import java.util.Arrays; |
|
|
|
|
import java.util.Date; |
|
|
|
|
@ -63,6 +66,7 @@ public class OnlinePreviewController {
|
|
|
|
|
|
|
|
|
|
@GetMapping( "/onlinePreview") |
|
|
|
|
public String onlinePreview(String url, Model model, HttpServletRequest req) { |
|
|
|
|
|
|
|
|
|
String fileUrl; |
|
|
|
|
try { |
|
|
|
|
fileUrl = WebUtils.decodeUrl(url); |
|
|
|
|
@ -121,6 +125,7 @@ public class OnlinePreviewController {
|
|
|
|
|
} |
|
|
|
|
HttpURLConnection urlcon = null; |
|
|
|
|
InputStream inputStream = null; |
|
|
|
|
String urlStr; |
|
|
|
|
assert urlPath != null; |
|
|
|
|
if (!urlPath.toLowerCase().startsWith("http") && !urlPath.toLowerCase().startsWith("https") && !urlPath.toLowerCase().startsWith("ftp")) { |
|
|
|
|
logger.info("读取跨域文件异常,可能存在非法访问,urlPath:{}", urlPath); |
|
|
|
|
@ -135,19 +140,43 @@ public class OnlinePreviewController {
|
|
|
|
|
urlcon.setReadTimeout(30000); |
|
|
|
|
urlcon.setInstanceFollowRedirects(false); |
|
|
|
|
int responseCode = urlcon.getResponseCode(); |
|
|
|
|
if ( responseCode == 403 || responseCode == 500) { //403 500
|
|
|
|
|
logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); |
|
|
|
|
return ; |
|
|
|
|
} |
|
|
|
|
if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { //301 302
|
|
|
|
|
url =new URL(urlcon.getHeaderField("Location")); |
|
|
|
|
urlcon=(HttpURLConnection)url.openConnection(); |
|
|
|
|
} if (responseCode == 404 ) { //404
|
|
|
|
|
try { |
|
|
|
|
urlStr = URLDecoder.decode(urlPath, StandardCharsets.UTF_8.name()); |
|
|
|
|
urlStr = URLDecoder.decode(urlStr, StandardCharsets.UTF_8.name()); |
|
|
|
|
url = WebUtils.normalizedURL(urlStr); |
|
|
|
|
urlcon=(HttpURLConnection)url.openConnection(); |
|
|
|
|
urlcon.setConnectTimeout(30000); |
|
|
|
|
urlcon.setReadTimeout(30000); |
|
|
|
|
urlcon.setInstanceFollowRedirects(false); |
|
|
|
|
responseCode = urlcon.getResponseCode(); |
|
|
|
|
if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { //301 302
|
|
|
|
|
url =new URL(urlcon.getHeaderField("Location")); |
|
|
|
|
} |
|
|
|
|
if(responseCode == 404 ||responseCode == 403 || responseCode == 500 ){ |
|
|
|
|
logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); |
|
|
|
|
return ; |
|
|
|
|
} |
|
|
|
|
} catch (UnsupportedEncodingException e) { |
|
|
|
|
e.printStackTrace(); |
|
|
|
|
}finally { |
|
|
|
|
assert urlcon != null; |
|
|
|
|
urlcon.disconnect(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if (responseCode == HttpURLConnection.HTTP_NOT_FOUND ||responseCode == HttpURLConnection.HTTP_FORBIDDEN || responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR ) { //403 404 500
|
|
|
|
|
logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); |
|
|
|
|
} else { |
|
|
|
|
if(urlPath.contains( ".svg")) { |
|
|
|
|
response.setContentType("image/svg+xml"); |
|
|
|
|
} |
|
|
|
|
inputStream=(url).openStream(); |
|
|
|
|
IOUtils.copy(inputStream, response.getOutputStream()); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} catch (IOException | GalimatiasParseException e) { |
|
|
|
|
logger.error("读取跨域文件异常,url:{}", urlPath); |
|
|
|
|
} finally { |
|
|
|
|
|
陈精华
1 year ago
committed by