From 1dd59cf764d6426c7c46518658b03dde0489438b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E7=B2=BE=E5=8D=8E?= <842761733@qq.com>
Date: Tue, 13 Dec 2022 16:54:33 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E8=B7=A8=E5=9F=9F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8B=E8=BD=BD=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/OnlinePreviewController.java   | 63 +++++++++++++++----
 1 file changed, 52 insertions(+), 11 deletions(-)

diff --git a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
index b30ec78e..4e655346 100644
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@@ -9,7 +9,6 @@ import cn.keking.service.impl.OtherFilePreviewImpl;
 import cn.keking.utils.WebUtils;
 import fr.opensagres.xdocreport.core.io.IOUtils;
 import io.mola.galimatias.GalimatiasParseException;
-import jodd.io.NetUtil;
 import org.apache.commons.codec.binary.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -23,9 +22,10 @@ import org.springframework.web.util.HtmlUtils;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
 import java.net.URL;
-import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.List;
 
@@ -71,6 +71,10 @@ public class OnlinePreviewController {
     @GetMapping( "/picturesPreview")
     public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
         String fileUrls;
+        if (urls == null || urls.length() == 0){
+            logger.info("URL异常：{}", urls);
+            return otherFilePreview.notSupportedFile(model, "NULL地址不允许预览：");
+        }
         try {
             fileUrls = WebUtils.decodeUrl(urls);
             // 防止XSS攻击
@@ -109,18 +113,56 @@ public class OnlinePreviewController {
             logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
             return;
         }
-        if (urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3")
-            || !urlPath.toLowerCase().startsWith("http")) {
+        HttpURLConnection urlcon;
+        InputStream inputStream = null;
+        if (urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3")) {
             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
             return;
         }
         logger.info("下载跨域pdf文件url：{}", urlPath);
-        try {
-            URL url = WebUtils.normalizedURL(urlPath);
-            byte[] bytes = NetUtil.downloadBytes(url.toString());
-            IOUtils.write(bytes, response.getOutputStream());
-        } catch (IOException | GalimatiasParseException e) {
-            logger.error("下载跨域pdf文件异常，url：{}", urlPath, e);
+        if (!urlPath.toLowerCase().startsWith("ftp:")){
+            try {
+                URL url = WebUtils.normalizedURL(urlPath);
+                urlcon=(HttpURLConnection)url.openConnection();
+                urlcon.setConnectTimeout(30000);
+                urlcon.setReadTimeout(30000);
+                urlcon.setInstanceFollowRedirects(false);
+                if (urlcon.getResponseCode() == 302 || urlcon.getResponseCode() == 301) {
+                    urlcon.disconnect();
+                    url =new URL(urlcon.getHeaderField("Location"));
+                    urlcon=(HttpURLConnection)url.openConnection();
+                }
+                if (urlcon.getResponseCode() == 404 || urlcon.getResponseCode() == 403 || urlcon.getResponseCode() == 500 ) {
+                    logger.error("读取跨域文件异常，url：{}", urlPath);
+                    return ;
+                } else {
+                    if(urlPath.contains( ".svg")) {
+                        response.setContentType("image/svg+xml");
+                    }
+                    inputStream=(url).openStream();
+                    IOUtils.copy(inputStream, response.getOutputStream());
+                    urlcon.disconnect();
+                }
+            } catch (IOException | GalimatiasParseException e) {
+                logger.error("读取跨域文件异常，url：{}", urlPath);
+                return ;
+            } finally {
+                IOUtils.closeQuietly(inputStream);
+            }
+        } else {
+            try {
+                URL url = WebUtils.normalizedURL(urlPath);
+                if(urlPath.contains(".svg")) {
+                    response.setContentType("image/svg+xml");
+                }
+                inputStream = (url).openStream();
+                IOUtils.copy(inputStream, response.getOutputStream());
+            } catch (IOException | GalimatiasParseException e) {
+                logger.error("读取跨域文件异常，url：{}", urlPath);
+                return ;
+            } finally {
+                IOUtils.closeQuietly(inputStream);
+            }
         }
     }
 
@@ -136,5 +178,4 @@ public class OnlinePreviewController {
         cacheService.addQueueTask(url);
         return "success";
     }
-
 }