更新跨域文件下载方法

pull/54/MERGE
陈精华 2 years ago
parent e7930a2442
commit 1dd59cf764
No known key found for this signature in database
GPG Key ID: 30BDC970902B755D

@ -9,7 +9,6 @@ import cn.keking.service.impl.OtherFilePreviewImpl;
import cn.keking.utils.WebUtils; import cn.keking.utils.WebUtils;
import fr.opensagres.xdocreport.core.io.IOUtils; import fr.opensagres.xdocreport.core.io.IOUtils;
import io.mola.galimatias.GalimatiasParseException; import io.mola.galimatias.GalimatiasParseException;
import jodd.io.NetUtil;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -23,9 +22,10 @@ import org.springframework.web.util.HtmlUtils;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL; import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -71,6 +71,10 @@ public class OnlinePreviewController {
@GetMapping( "/picturesPreview") @GetMapping( "/picturesPreview")
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException { public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
String fileUrls; String fileUrls;
if (urls == null || urls.length() == 0){
logger.info("URL异常{}", urls);
return otherFilePreview.notSupportedFile(model, "NULL地址不允许预览");
}
try { try {
fileUrls = WebUtils.decodeUrl(urls); fileUrls = WebUtils.decodeUrl(urls);
// 防止XSS攻击 // 防止XSS攻击
@ -109,18 +113,56 @@ public class OnlinePreviewController {
logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex); logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
return; return;
} }
if (urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3") HttpURLConnection urlcon;
|| !urlPath.toLowerCase().startsWith("http")) { InputStream inputStream = null;
if (urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3")) {
logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath); logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath);
return; return;
} }
logger.info("下载跨域pdf文件url{}", urlPath); logger.info("下载跨域pdf文件url{}", urlPath);
if (!urlPath.toLowerCase().startsWith("ftp:")){
try { try {
URL url = WebUtils.normalizedURL(urlPath); URL url = WebUtils.normalizedURL(urlPath);
byte[] bytes = NetUtil.downloadBytes(url.toString()); urlcon=(HttpURLConnection)url.openConnection();
IOUtils.write(bytes, response.getOutputStream()); urlcon.setConnectTimeout(30000);
urlcon.setReadTimeout(30000);
urlcon.setInstanceFollowRedirects(false);
if (urlcon.getResponseCode() == 302 || urlcon.getResponseCode() == 301) {
urlcon.disconnect();
url =new URL(urlcon.getHeaderField("Location"));
urlcon=(HttpURLConnection)url.openConnection();
}
if (urlcon.getResponseCode() == 404 || urlcon.getResponseCode() == 403 || urlcon.getResponseCode() == 500 ) {
logger.error("读取跨域文件异常url{}", urlPath);
return ;
} else {
if(urlPath.contains( ".svg")) {
response.setContentType("image/svg+xml");
}
inputStream=(url).openStream();
IOUtils.copy(inputStream, response.getOutputStream());
urlcon.disconnect();
}
} catch (IOException | GalimatiasParseException e) { } catch (IOException | GalimatiasParseException e) {
logger.error("下载跨域pdf文件异常url{}", urlPath, e); logger.error("读取跨域文件异常url{}", urlPath);
return ;
} finally {
IOUtils.closeQuietly(inputStream);
}
} else {
try {
URL url = WebUtils.normalizedURL(urlPath);
if(urlPath.contains(".svg")) {
response.setContentType("image/svg+xml");
}
inputStream = (url).openStream();
IOUtils.copy(inputStream, response.getOutputStream());
} catch (IOException | GalimatiasParseException e) {
logger.error("读取跨域文件异常url{}", urlPath);
return ;
} finally {
IOUtils.closeQuietly(inputStream);
}
} }
} }
@ -136,5 +178,4 @@ public class OnlinePreviewController {
cacheService.addQueueTask(url); cacheService.addQueueTask(url);
return "success"; return "success";
} }
} }

Loading…
Cancel
Save