gitee
/
file-online-preview
mirror of https://gitee.com/kekingcn/file-online-preview
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

!85 新增备案信息,禁止上传类型,删除支持密码功能 

Merge pull request !85 from 高雄/master
pull/88/MERGE
kailing 2023-04-13 02:32:43 +00:00 committed by Gitee
parent 195f56e9b9 138e58a1e1
commit 7a9ad7546c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 175 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/src/main/config/application.properties
View File

@ -2,8 +2,9 @@
server.port = ${KK_SERVER_PORT:8012}
server.servlet.context-path= ${KK_CONTEXT_PATH:/}
server.servlet.encoding.charset = utf-8
#
#
spring.servlet.multipart.max-file-size=500MB
#
spring.servlet.multipart.max-request-size=500MB
## Freemarker
spring.freemarker.template-loader-path = classpath:/web/
@ -117,3 +118,9 @@ watermark.angle = ${WATERMARK_ANGLE:10}
#Tiftifjsjpgjpgpdfpdf便
tif.preview.type = ${KK_TIF_PREVIEW_TYPE:tif}
#
BeiAn =
#
prohibit =exe,dll,dat
#
sc.password =123456

53
server/src/main/java/cn/keking/config/ConfigConstants.java
View File

@ -42,6 +42,10 @@ public class ConfigConstants {
private static String pdfBookmarkDisable;
private static Boolean fileUploadDisable;
private static String tifPreviewType;
private static String BeiAn;
private static String[] prohibit= {};
private static String size;
private static String password;
public static final String DEFAULT_CACHE_ENABLED = "true";
public static final String DEFAULT_TXT_TYPE = "txt,html,htm,asp,jsp,xml,json,properties,md,gitignore,log,java,py,c,cpp,sql,sh,bat,m,bas,prg,cmd";
@ -62,6 +66,10 @@ public class ConfigConstants {
public static final String DEFAULT_PDF_BOOKMARK_DISABLE = "true";
public static final String DEFAULT_FILE_UPLOAD_DISABLE = "false";
public static final String DEFAULT_TIF_PREVIEW_TYPE = "tif";
public static final String DEFAULT_BeiAn_DISABLE = "无";
public static final String DEFAULT_size_DISABLE = "500MB";
public static final String DEFAULT_prohibit_DISABLE = "exe,dll";
public static final String DEFAULT_password_DISABLE = "123456";
public static Boolean isCacheEnabled() {
return cacheEnabled;
@ -353,4 +361,49 @@ public class ConfigConstants {
public static void setTifPreviewTypeValue(String tifPreviewType) {
ConfigConstants.tifPreviewType = tifPreviewType;
}
public static String getBeiAn() {
return BeiAn;
}
@Value("${BeiAn:无}")
public void setBeiAn(String BeiAn) {
setBeiAnValue(BeiAn);
}
public static void setBeiAnValue(String BeiAn) {
ConfigConstants.BeiAn = BeiAn;
}
public static String[] getprohibit() {
return prohibit;
}
@Value("${prohibit:exe,dll}")
public void setprohibit(String prohibit) {
String[] prohibittArr = prohibit.split(",");
setprohibitValue(prohibittArr);
}
public static void setprohibitValue(String[] prohibit) {
ConfigConstants.prohibit = prohibit;
}
public static String maxsize() {
return size;
}
@Value("${spring.servlet.multipart.max-file-size:500MB}")
public void setsize(String size) {
setsizeValue(size);
}
public static void setsizeValue(String size) {
ConfigConstants.size = size;
}
public static String getpassword() {
return password;
}
@Value("${sc.password:123456}")
public void setpassword(String password) {
setpasswordValue(password);
}
public static void setpasswordValue(String password) {
ConfigConstants.password = password;
}
}

15
server/src/main/java/cn/keking/config/ConfigRefreshComponent.java
View File

@ -53,7 +53,11 @@ public class ConfigRefreshComponent {
String pdfBookmarkDisable;
boolean fileUploadDisable;
String tifPreviewType;
String prohibit;
String[] prohibitArray;
String BeiAn;
String size;
String password;
while (true) {
FileReader fileReader = new FileReader(configFilePath);
BufferedReader bufferedReader = new BufferedReader(fileReader);
@ -78,6 +82,11 @@ public class ConfigRefreshComponent {
pdfBookmarkDisable = properties.getProperty("pdf.bookmark.disable", ConfigConstants.DEFAULT_PDF_BOOKMARK_DISABLE);
fileUploadDisable = Boolean.parseBoolean(properties.getProperty("file.upload.disable", ConfigConstants.DEFAULT_FILE_UPLOAD_DISABLE));
tifPreviewType = properties.getProperty("tif.preview.type", ConfigConstants.DEFAULT_TIF_PREVIEW_TYPE);
size = properties.getProperty("spring.servlet.multipart.max-file-size", ConfigConstants.DEFAULT_size_DISABLE);
BeiAn = properties.getProperty("BeiAn", ConfigConstants.DEFAULT_BeiAn_DISABLE);
prohibit = properties.getProperty("prohibit", ConfigConstants.DEFAULT_prohibit_DISABLE);
password = properties.getProperty("sc.password", ConfigConstants.DEFAULT_password_DISABLE);
prohibitArray = prohibit.split(",");
ConfigConstants.setCacheEnabledValueValue(cacheEnabled);
ConfigConstants.setSimTextValue(textArray);
@ -96,6 +105,10 @@ public class ConfigRefreshComponent {
ConfigConstants.setPdfBookmarkDisableValue(pdfBookmarkDisable);
ConfigConstants.setFileUploadDisableValue(fileUploadDisable);
ConfigConstants.setTifPreviewTypeValue(tifPreviewType);
ConfigConstants.setBeiAnValue(BeiAn);
ConfigConstants.setsizeValue(size);
ConfigConstants.setprohibitValue(prohibitArray);
ConfigConstants.setpasswordValue(password);
setWatermarkConfig(properties);
bufferedReader.close();
fileReader.close();

6
server/src/main/java/cn/keking/utils/DownloadUtils.java
View File

@ -49,6 +49,12 @@ public class DownloadUtils {
logger.error("忽略SSL证书异常:", e);
}
ReturnResponse<String> response = new ReturnResponse<>(0, "下载成功!!!", "");
if (!KkFileUtils.isAllowedUpload(fileName)) {
response.setCode(1);
response.setContent(null);
response.setMsg("下载失败:不支持的类型!" + urlStr);
return response;
}
assert urlStr != null;
if (urlStr.contains("?fileKey=")) {
response.setContent(fileDir + urlStrr);

17
server/src/main/java/cn/keking/utils/KkFileUtils.java
View File

@ -1,7 +1,9 @@
package cn.keking.utils;
import cn.keking.config.ConfigConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.util.HtmlUtils;
@ -174,4 +176,19 @@ public class KkFileUtils {
return true;
}
/**
*
*
* @param file
* @return
*/
public static boolean isAllowedUpload(String file) {
String fileType = suffixFromFileName(file);
for (String type : ConfigConstants.getprohibit()) {
if (type.equals(fileType))
return false;
}
return !ObjectUtils.isEmpty(fileType);
}
}

29
server/src/main/java/cn/keking/web/controller/FileController.java
View File

@ -36,7 +36,6 @@ public class FileController {
private final String demoDir = "demo";
private final String demoPath = demoDir + File.separator;
public static final String BASE64_DECODE_ERROR_MSG = "Base64解码失败请检查你的 %s 是否采用 Base64 + urlEncode 双重编码了!";
private static final String[] not_allowed = { "dll", "exe", "msi" }; // 不允许上传的文件扩展名
@PostMapping("/fileUpload")
public ReturnResponse<Object> fileUpload(@RequestParam("file") MultipartFile file) {
@ -60,12 +59,16 @@ public class FileController {
}
@GetMapping("/deleteFile")
public ReturnResponse<Object> deleteFile(String fileName) {
public ReturnResponse<Object> deleteFile(String fileName,String password) {
ReturnResponse<Object> checkResult = this.deleteFileCheck(fileName);
if (checkResult.isFailure()) {
return checkResult;
}
fileName = checkResult.getContent().toString();
fileName = checkResult.getContent().toString();
if(!ConfigConstants.getpassword().equalsIgnoreCase(password)){
logger.error("删除文件【{}】失败,密码错误!",fileName);
return ReturnResponse.failure("删除文件失败,密码错误!");
}
File file = new File(fileDir + demoPath + fileName);
logger.info("删除文件:{}", file.getAbsolutePath());
if (file.exists() && !file.delete()) {
@ -103,8 +106,10 @@ public class FileController {
return ReturnResponse.failure("文件传接口已禁用");
}
String fileName = WebUtils.getFileNameFromMultipartFile(file);
if (!isAllowedUpload(fileName)) {
if(fileName.lastIndexOf(".")==-1){
return ReturnResponse.failure("不允许上传的类型");
}
if (!KkFileUtils.isAllowedUpload(fileName)) {
return ReturnResponse.failure("不允许上传的文件类型: " + fileName);
}
if (KkFileUtils.isIllegalFileName(fileName)) {
@ -117,20 +122,6 @@ public class FileController {
return ReturnResponse.success(fileName);
}
/**
*
*
* @param file
* @return
*/
private boolean isAllowedUpload(String file) {
String fileType = KkFileUtils.suffixFromFileName(file);
for (String type : not_allowed) {
if (type.equals(fileType))
return false;
}
return !ObjectUtils.isEmpty(fileType);
}
/**
*

2
server/src/main/java/cn/keking/web/filter/AttributeSetFilter.java
View File

@ -40,6 +40,8 @@ public class AttributeSetFilter implements Filter {
request.setAttribute("fileKey", httpRequest.getParameter("fileKey"));
request.setAttribute("switchDisabled", ConfigConstants.getOfficePreviewSwitchDisabled());
request.setAttribute("fileUploadDisable", ConfigConstants.getFileUploadDisable());
request.setAttribute("BeiAn", ConfigConstants.getBeiAn());
request.setAttribute("size", ConfigConstants.maxsize());
}
/**

121
server/src/main/resources/web/main/index.ftl
View File

@ -116,33 +116,10 @@
</div>
<div class="panel-body">
<#if fileUploadDisable == false>
<div style="padding: 10px">
<div style="padding: 10px" >
<form enctype="multipart/form-data" id="fileUpload">
<div class="form-group">
<p id="fileName"></p>
<div class="row">
<div class="col-md-2">
<button type="button" class="btn btn-default" id="fileSelectBtn" style="margin-bottom:8px">
<span class="glyphicon glyphicon-cloud-upload" aria-hidden="true"></span>
</button>
</div>
<div class="col-md-1">
<button id="btnSubmit" type="button" class="btn btn-success"> </button>
</div>
<div class="col-md-9">
</div>
</div>
<input type="file" name="file" style="display: none" id="fileSelect"
onchange="onFileSelected()"/>
<div class="alert alert-danger alert-dismissable hide" role="alert" id="postFileAlert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
<strong></strong>
</div>
</div>
<input type="file" id="size" name="file"/>
<input type="button" id="btnSubmit" value=" 上 传 "/>
</form>
</div>
</#if>
@ -175,22 +152,34 @@
</div>
</div>
</div>
<div style="display: grid; place-items: center;">
<div>
<a target="_blank" href="https://beian.miit.gov.cn/" >${BeiAn}</a>
</div>
</div>
<script>
function deleteFile(fileName) {
$.ajax({
url: '${baseUrl}deleteFile?fileName=' + fileName,
success: function (data) {
// 删除完成刷新table
if (1 === data.code) {
alert(data.msg);
} else {
$('#table').bootstrapTable('refresh', {});
function deleteFile(fileName,password) {
if(window.confirm('')){
password = prompt("请输入默认密码:123456");
$.ajax({
url: '${baseUrl}deleteFile?fileName=' + fileName +'&password='+password,
success: function (data) {
// console.log(data);
// 删除完成刷新table
if ("删除文件失败,密码错误!" === data.msg) {
alert(data.msg);
} else {
$('#table').bootstrapTable('refresh', {});
}
},
error: function (data) {
return false;
}
},
error: function (data) {
console.log(data);
}
})
})
}else{
return false;
}
}
function showLoadingDiv() {
@ -238,7 +227,8 @@
}).on('pre-body.bs.table', function (e, data) {
// 每个data添加一列用来操作
$(data).each(function (index, item) {
item.action = "<a class='btn btn-success' target='_blank' href='${baseUrl}onlinePreview?url=" + encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "'>预览</a>";
item.action = "<a class='btn btn-success' target='_blank' href='${baseUrl}onlinePreview?url=" + encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "'>预览</a>" +
"<a class='btn btn-danger' style='margin-left:10px;' href='javascript:void(0);' onclick='deleteFile(\"" + encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "\")'>删除</a>";
});
return data;
}).on('post-body.bs.table', function (e, data) {
@ -265,20 +255,9 @@
});
$("#btnSubmit").click(function () {
var _fileName = $("#fileName").text()
var index = _fileName.lastIndexOf(".");
//获取后缀
var ext = _fileName.substr(index + 1);
if (!ext || ext == "dll" || ext == "exe" || ext == "msi") {
window.alert(ext + "不支持上传")
return;
}
if (!_fileName) {
$("#postFileAlert").addClass("show");
window.setTimeout(function () {
$("#postFileAlert").removeClass("show");
}, 3000);//显示的时间
return;
var filepath = $("#size").val();
if(!checkFileSize(filepath)){
return false;
}
showLoadingDiv();
$("#fileUpload").ajaxSubmit({
@ -294,7 +273,6 @@
},
error: function () {
alert('');
$("#fileName").text("");
$(".loading_container").hide();
},
url: 'fileUpload', /*设置post提交到的页面*/
@ -303,6 +281,37 @@
});
});
});
function checkFileSize(filepath) {
var daxiao= "${size}";
daxiao= daxiao.replace("MB","");
// console.log(daxiao)
var maxsize = daxiao * 1024 * 1024;
var errMsg = "上传的文件不能超过${size}喔!!!";
var tipMsg = "您的浏览器暂不支持上传,确保上传文件不要超过${size}建议使用IE、FireFox、Chrome浏览器";
try {
var filesize = 0;
var ua = window.navigator.userAgent;
if (ua.indexOf("MSIE") >= 1) {
//IE
var img = new Image();
img.src = filepath;
filesize = img.fileSize;
} else {
filesize = $("#size")[0].files[0].size; //byte
}
if (filesize > 0 && filesize > maxsize) {
alert(errMsg);
return false;
} else if (filesize == -1) {
alert(tipMsg);
return false;
}
} catch (e) {
alert("上传失败,请重试");
return false;
}
return true;
}
</script>
</body>
</html>