gitee
/
file-online-preview
mirror of https://gitee.com/kekingcn/file-online-preview
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

修复流的方法错误 ,修复跨域脚本缺少BASE64 (#423) 

* 修复office下载方法中 错误

* 更新OFD解析效果,修复禁止trace请求无效问题,其他压缩包修复

* 修复压缩包 缓存BUG

* 限制某些特殊文件上传

* 修复OFFICE文件密码检查关闭流 上传文件关闭流 检查PDF文件是否存在

* 特殊符号的支持

Co-authored-by: gaoxiongzaq <admin@cxcp.com>
pull/64/MERGE
gaoxingzaq 2023-01-11 13:26:18 +08:00 committed by GitHub
parent 04401ee600
commit 5dc543db99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 918 additions and 752 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/main/java/cn/keking/service/FileHandlerService.java
View File

@ -191,6 +191,9 @@ public class FileHandlerService {
} }
try { try {
File pdfFile = new File(pdfFilePath); File pdfFile = new File(pdfFilePath);
if (!pdfFile.exists()) {
return null;
}
PDDocument doc = PDDocument.load(pdfFile); PDDocument doc = PDDocument.load(pdfFile);
int pageCount = doc.getNumberOfPages(); int pageCount = doc.getNumberOfPages();
PDFRenderer pdfRenderer = new PDFRenderer(doc); PDFRenderer pdfRenderer = new PDFRenderer(doc);
@ -273,11 +276,6 @@ public class FileHandlerService {
if (url.contains("?fileKey=")) { if (url.contains("?fileKey=")) {
attribute.setSkipDownLoad(true); attribute.setSkipDownLoad(true);
} }
String urlStrr = url.toLowerCase(); //转换为小写对比
boolean wjl = WebUtils.kuayu("&fullfilename=", urlStrr); //判断是否启用文件流
if(wjl){
url = url.substring(0,url.lastIndexOf("&")); //删除添加的文件流内容
}
url = WebUtils.encodeUrlFileName(url); url = WebUtils.encodeUrlFileName(url);
fileName = KkFileUtils.htmlEscape(fileName); //文件名处理 fileName = KkFileUtils.htmlEscape(fileName); //文件名处理
attribute.setType(type); attribute.setType(type);

6
server/src/main/java/cn/keking/service/impl/CompressFilePreviewImpl.java
View File

@ -40,6 +40,12 @@ public class CompressFilePreviewImpl implements FilePreview {
} }
String filePath = response.getContent(); String filePath = response.getContent();
fileTree = compressFileReader.unRar(filePath, fileName); fileTree = compressFileReader.unRar(filePath, fileName);
if (fileTree != null && !"null".equals(fileTree)) {
if (ConfigConstants.isCacheEnabled()) {
// 加入缓存
fileHandlerService.addConvertedFile(fileName, fileTree);
}
}
} else { } else {
fileTree = fileHandlerService.getConvertedFile(fileName); fileTree = fileHandlerService.getConvertedFile(fileName);
} }

7
server/src/main/java/cn/keking/service/impl/OfficeFilePreviewImpl.java
View File

@ -14,6 +14,7 @@ import org.springframework.stereotype.Service;
import org.springframework.ui.Model; import org.springframework.ui.Model;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import java.net.URLEncoder;
import java.util.List; import java.util.List;
/** /**
@ -50,7 +51,7 @@ public class OfficeFilePreviewImpl implements FilePreview {
String pdfName = fileName.substring(0, fileName.lastIndexOf(".") + 1) + (isHtml ? "html" : "pdf"); String pdfName = fileName.substring(0, fileName.lastIndexOf(".") + 1) + (isHtml ? "html" : "pdf");
String cacheFileName = userToken == null ? pdfName : userToken + "_" + pdfName; String cacheFileName = userToken == null ? pdfName : userToken + "_" + pdfName;
String outFilePath = FILE_DIR + cacheFileName; String outFilePath = FILE_DIR + cacheFileName;
if ( !fileHandlerService.listConvertedFiles().containsKey(pdfName) || !ConfigConstants.isCacheEnabled()) {
// 下载远程文件到本地,如果文件在本地已存在不会重复下载 // 下载远程文件到本地,如果文件在本地已存在不会重复下载
ReturnResponse<String> response = DownloadUtils.downLoad(fileAttribute, fileName); ReturnResponse<String> response = DownloadUtils.downLoad(fileAttribute, fileName);
if (response.isFailure()) { if (response.isFailure()) {
@ -115,11 +116,11 @@ public class OfficeFilePreviewImpl implements FilePreview {
} }
} }
} }
}
if (!isHtml && baseUrl != null && (OFFICE_PREVIEW_TYPE_IMAGE.equals(officePreviewType) || OFFICE_PREVIEW_TYPE_ALL_IMAGES.equals(officePreviewType))) { if (!isHtml && baseUrl != null && (OFFICE_PREVIEW_TYPE_IMAGE.equals(officePreviewType) || OFFICE_PREVIEW_TYPE_ALL_IMAGES.equals(officePreviewType))) {
return getPreviewType(model, fileAttribute, officePreviewType, baseUrl, cacheFileName, outFilePath, fileHandlerService, OFFICE_PREVIEW_TYPE_IMAGE, otherFilePreview); return getPreviewType(model, fileAttribute, officePreviewType, baseUrl, cacheFileName, outFilePath, fileHandlerService, OFFICE_PREVIEW_TYPE_IMAGE, otherFilePreview);
} }
cacheFileName = URLEncoder.encode(cacheFileName).replaceAll("\\+", "%20");
model.addAttribute("pdfUrl", cacheFileName); model.addAttribute("pdfUrl", cacheFileName);
return isHtml ? EXEL_FILE_PREVIEW_PAGE : PDF_FILE_PREVIEW_PAGE; return isHtml ? EXEL_FILE_PREVIEW_PAGE : PDF_FILE_PREVIEW_PAGE;
} }

2
server/src/main/java/cn/keking/service/impl/PdfFilePreviewImpl.java
View File

@ -10,6 +10,7 @@ import cn.keking.web.filter.BaseUrlFilter;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.ui.Model; import org.springframework.ui.Model;
import java.net.URLEncoder;
import java.util.List; import java.util.List;
/** /**
@ -73,6 +74,7 @@ public class PdfFilePreviewImpl implements FilePreview {
fileHandlerService.addConvertedFile(pdfName, fileHandlerService.getRelativePath(outFilePath)); fileHandlerService.addConvertedFile(pdfName, fileHandlerService.getRelativePath(outFilePath));
} }
} else { } else {
pdfName = URLEncoder.encode(pdfName).replaceAll("\\+", "%20");
model.addAttribute("pdfUrl", pdfName); model.addAttribute("pdfUrl", pdfName);
} }
} else { } else {

6
server/src/main/java/cn/keking/utils/DownloadUtils.java
View File

@ -50,6 +50,11 @@ public class DownloadUtils {
response.setMsg("下载失败:文件名不合法!" + urlStr); response.setMsg("下载失败:文件名不合法!" + urlStr);
return response; return response;
} }
if(realPath.equals("cunzhai")){
response.setContent(fileDir + fileName);
response.setMsg(fileName);
return response;
}
try { try {
URL url = WebUtils.normalizedURL(urlStr); URL url = WebUtils.normalizedURL(urlStr);
if (!fileAttribute.getSkipDownLoad()) { if (!fileAttribute.getSkipDownLoad()) {
@ -110,6 +115,7 @@ public class DownloadUtils {
File realFile = new File(realPath); File realFile = new File(realPath);
if (realFile.exists()) { if (realFile.exists()) {
fileAttribute.setSkipDownLoad(true); fileAttribute.setSkipDownLoad(true);
return "cunzhai";
} }
return realPath; return realPath;
} }

2
server/src/main/java/cn/keking/utils/KkFileUtils.java
View File

@ -102,7 +102,7 @@ public class KkFileUtils {
public static String htmlEscape(String input) { public static String htmlEscape(String input) {
if(StringUtils.hasText(input)){ if(StringUtils.hasText(input)){
//input = input.replaceAll("\\{", "%7B").replaceAll("}", "%7D").replaceAll("\\\\", "%5C"); //input = input.replaceAll("\\{", "%7B").replaceAll("}", "%7D").replaceAll("\\\\", "%5C");
return HtmlUtils.htmlEscape(input); return HtmlUtils.htmlEscape(input, "UTF-8");
} }
return input; return input;
} }

25
server/src/main/java/cn/keking/utils/OfficeUtils.java
View File

@ -7,6 +7,7 @@ import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Paths; import java.nio.file.Paths;
@ -27,8 +28,10 @@ public class OfficeUtils {
* @return * @return
*/ */
public static boolean isPwdProtected(String path) { public static boolean isPwdProtected(String path) {
InputStream propStream = null;
try { try {
ExtractorFactory.createExtractor(Files.newInputStream(Paths.get(path))); propStream = Files.newInputStream(Paths.get(path));
ExtractorFactory.createExtractor(propStream);
} catch (IOException | EncryptedDocumentException e) { } catch (IOException | EncryptedDocumentException e) {
if (e.getMessage().toLowerCase().contains(POI_INVALID_PASSWORD_MSG)) { if (e.getMessage().toLowerCase().contains(POI_INVALID_PASSWORD_MSG)) {
return true; return true;
@ -42,10 +45,17 @@ public class OfficeUtils {
} }
} }
} }
}finally {
if(propStream!=null) {//如果文件输入流不是null
try {
propStream.close();//关闭文件输入流
} catch (IOException e) {
e.printStackTrace();
}
}
} }
return false; return false;
} }
/** /**
* office * office
* *
@ -54,13 +64,22 @@ public class OfficeUtils {
* @return * @return
*/ */
public static synchronized boolean isCompatible(String path, @Nullable String password) { public static synchronized boolean isCompatible(String path, @Nullable String password) {
InputStream propStream = null;
try { try {
propStream = Files.newInputStream(Paths.get(path));
Biff8EncryptionKey.setCurrentUserPassword(password); Biff8EncryptionKey.setCurrentUserPassword(password);
ExtractorFactory.createExtractor(Files.newInputStream(Paths.get(path))); ExtractorFactory.createExtractor(propStream);
} catch (Exception e) { } catch (Exception e) {
return false; return false;
} finally { } finally {
Biff8EncryptionKey.setCurrentUserPassword(null); Biff8EncryptionKey.setCurrentUserPassword(null);
if(propStream!=null) {//如果文件输入流不是null
try {
propStream.close();//关闭文件输入流
} catch (IOException e) {
e.printStackTrace();
}
}
} }
return true; return true;
} }

5
server/src/main/java/cn/keking/utils/WebUtils.java
View File

@ -131,6 +131,11 @@ public class WebUtils {
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
return null; return null;
} }
String urlStrr = url.toLowerCase(); //转换为小写对比
boolean wjl =kuayu("&fullfilename=", urlStrr); //判断是否启用文件流
if(wjl){
url = url.substring(0,url.lastIndexOf("&")); //删除添加的文件流内容
}
String noQueryUrl = url.substring(0, url.indexOf("?")); String noQueryUrl = url.substring(0, url.indexOf("?"));
String parameterStr = url.substring(url.indexOf("?")); String parameterStr = url.substring(url.indexOf("?"));
parameterStr = parameterStr.replaceFirst(fullFileName, encodedFileName); parameterStr = parameterStr.replaceFirst(fullFileName, encodedFileName);

13
server/src/main/java/cn/keking/web/controller/FileController.java
View File

@ -31,7 +31,7 @@ import java.util.Objects;
/** /**
* @author yudian-it * @author yudian-it
* @date 2017/12/1 * 2017/12/1
*/ */
@RestController @RestController
public class FileController { public class FileController {
@ -64,6 +64,15 @@ public class FileController {
if (pos != -1) { if (pos != -1) {
fileName = fileName.substring(pos + 1); fileName = fileName.substring(pos + 1);
} }
String fileType= "";
int i = fileName.lastIndexOf('.');
if (i > 0) {
fileType= fileName.substring(i+1);
fileType= fileType.toLowerCase();
}
if (fileType.length() == 0 || fileType.equals("dll") || fileType.equals("exe") || fileType.equals("msi") ){
return ReturnResponse.failure(fileName+"不允许上传的文件");
}
// 判断是否存在同名文件 // 判断是否存在同名文件
if (existsFile(fileName)) { if (existsFile(fileName)) {
return ReturnResponse.failure("存在同名文件,请先删除原有文件再次上传"); return ReturnResponse.failure("存在同名文件,请先删除原有文件再次上传");
@ -75,6 +84,8 @@ public class FileController {
logger.info("上传文件:{}", fileDir + demoPath + fileName); logger.info("上传文件:{}", fileDir + demoPath + fileName);
try (InputStream in = file.getInputStream(); OutputStream out = Files.newOutputStream(Paths.get(fileDir + demoPath + fileName))) { try (InputStream in = file.getInputStream(); OutputStream out = Files.newOutputStream(Paths.get(fileDir + demoPath + fileName))) {
StreamUtils.copy(in, out); StreamUtils.copy(in, out);
in.close();
out.close();
return ReturnResponse.success(null); return ReturnResponse.success(null);
} catch (IOException e) { } catch (IOException e) {
logger.error("文件上传失败", e); logger.error("文件上传失败", e);

2
server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
View File

@ -19,7 +19,7 @@ public class SecurityFilterProxy extends OncePerRequestFilter {
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException { FilterChain filterChain) throws ServletException, IOException {
if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toLowerCase()+",") > -1) { if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toUpperCase()+",") > -1) {
response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
response.setHeader("Content-Type", "text/html; charset=iso-8859-1"); response.setHeader("Content-Type", "text/html; charset=iso-8859-1");
response.getWriter().println("Method Not Allowed"); response.getWriter().println("Method Not Allowed");

1585
server/src/main/resources/static/ofd/js/cnofd.umd.min.js vendored
View File

File diff suppressed because it is too large Load Diff

1
server/src/main/resources/web/eml.ftl
View File

@ -6,6 +6,7 @@
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0"> <meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<#include "*/commonHeader.ftl"> <#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
</head> </head>
<#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")> <#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")>
<#assign finalUrl="${currentUrl}"> <#assign finalUrl="${currentUrl}">

1
server/src/main/resources/web/epub.ftl
View File

@ -6,6 +6,7 @@
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0"> <meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<#include "*/commonHeader.ftl"> <#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
<script src="epub/epub.js"></script> <script src="epub/epub.js"></script>
<script src="js/jszip.min.js"></script> <script src="js/jszip.min.js"></script>
<link rel="stylesheet" type="text/css" href="epub/examples.css"> <link rel="stylesheet" type="text/css" href="epub/examples.css">

7
server/src/main/resources/web/index.ftl
View File

@ -238,6 +238,13 @@
$("#btnSubmit").click(function () { $("#btnSubmit").click(function () {
var _fileName = $("#fileName").text() var _fileName = $("#fileName").text()
var index= _fileName.lastIndexOf(".");
//获取后缀
var ext = _fileName.substr(index+1);
if (!ext || ext == "dll"|| ext == "exe"|| ext == "msi" ){
window.alert(ext+"不支持上传")
return ;
}
if(!_fileName){ if(!_fileName){
$("#postFileAlert").addClass("show"); $("#postFileAlert").addClass("show");
window.setTimeout(function(){ window.setTimeout(function(){

7
server/src/main/resources/web/online3D.ftl
View File

@ -5,7 +5,9 @@
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0"> <meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<title>${file.name}3D</title> <title>${file.name}3D</title>
<script src="js/base64.min.js" type="text/javascript"></script>
<#include "*/commonHeader.ftl"> <#include "*/commonHeader.ftl">
</head> </head>
<#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")> <#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")>
<#assign finalUrl="${currentUrl}"> <#assign finalUrl="${currentUrl}">
@ -22,8 +24,11 @@
var baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/'; var baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/';
if (!url.startsWith(baseUrl)) { if (!url.startsWith(baseUrl)) {
url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(url)); url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(url));
} document.getElementsByTagName('iframe')[0].src = "${baseUrl}website/index.html#model="+ url + "&fullfilename=/${file.name}";
}else{
document.getElementsByTagName('iframe')[0].src = "${baseUrl}website/index.html#model="+ url; document.getElementsByTagName('iframe')[0].src = "${baseUrl}website/index.html#model="+ url;
}
document.getElementsByTagName('iframe')[0].height = document.documentElement.clientHeight - 10; document.getElementsByTagName('iframe')[0].height = document.documentElement.clientHeight - 10;
/** /**
* *

1
server/src/main/resources/web/xmind.ftl
View File

@ -5,6 +5,7 @@
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
<#include "*/commonHeader.ftl"> <#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
<#if currentUrl?contains("http://") || currentUrl?contains("https://")> <#if currentUrl?contains("http://") || currentUrl?contains("https://")>
<#assign finalUrl="${currentUrl}"> <#assign finalUrl="${currentUrl}">
<#elseif currentUrl?contains("ftp://") > <#elseif currentUrl?contains("ftp://") >