新版430
blame | 历史 | 原始文档
cuijian
2023-08-19 bdd0875d4b13a3f1ef472f64d4b6a95e0ef64b22 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

package org.jeecg.modules.system.controller;


 


import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;


import com.baomidou.mybatisplus.core.metadata.IPage;


import com.baomidou.mybatisplus.extension.plugins.pagination.Page;


import io.swagger.annotations.Api;


import lombok.extern.slf4j.Slf4j;


import org.jeecg.common.api.vo.Result;


import org.jeecg.common.exception.JeecgBootException;


import org.jeecg.common.system.query.QueryGenerator;


import org.jeecg.common.util.CommonUtils;


import org.jeecg.common.util.MinioUtil;


import org.jeecg.common.util.oConvertUtils;


import org.jeecg.modules.oss.entity.OssFile;


import org.jeecg.modules.oss.service.IOssFileService;


import org.jeecg.common.system.base.entity.SysUpload;


import org.jeecg.modules.system.service.IUploadService;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.web.bind.annotation.*;


import org.springframework.web.multipart.MultipartFile;


import org.springframework.web.multipart.MultipartHttpServletRequest;


import org.springframework.web.multipart.commons.CommonsMultipartResolver;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.util.Arrays;


import java.util.List;


 


/**


 * minio文件上传示例


 * @author: jeecg-boot


 */


@Slf4j


@RestController


@RequestMapping("/sys/upload")


public class SysUploadController {


    @Autowired


    private IOssFileService ossFileService;


 


    @Autowired


    private IUploadService uploadService;


 


    /**


     * 上传


     * @param request


     */


    @PostMapping(value = "/uploadMinio")


    public Result<?> uploadMinio(HttpServletRequest request) throws Exception {


        Result<?> result = new Result<>();


        String bizPath = request.getParameter("biz");


 


        //LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞


        boolean flag = oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"));


        if (flag) {


            throw new JeecgBootException("上传目录bizPath,格式非法!");


        }


 


        if(oConvertUtils.isEmpty(bizPath)){


            bizPath = "";


        }


        MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;


        // 获取上传文件对象


        MultipartFile file = multipartRequest.getFile("file");


        // 获取文件名


        String orgName = file.getOriginalFilename();


        orgName = CommonUtils.getFileName(orgName);


        String fileUrl =  MinioUtil.upload(file,bizPath);


        if(oConvertUtils.isEmpty(fileUrl)){


            return Result.error("上传失败,请检查配置信息是否正确!");


        }


        //保存文件信息


        OssFile minioFile = new OssFile();


        minioFile.setFileName(orgName);


        minioFile.setUrl(fileUrl);


        ossFileService.save(minioFile);


        result.setMessage(fileUrl);


        result.setSuccess(true);


        return result;


    }


 


 


    @GetMapping(value = "/list")


    public Result<?> list(SysUpload upload, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,


                          @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {


        QueryWrapper<SysUpload> queryWrapper = QueryGenerator.initQueryWrapper(upload, req.getParameterMap());


        Page<SysUpload> page = new Page<SysUpload>(pageNo, pageSize);


        IPage<SysUpload> pageList = uploadService.page(page, queryWrapper);


        return Result.ok(pageList);


    }


 


    @DeleteMapping(value = "/delete")


    public Result<?> delete(@RequestParam(name = "id", required = true) String id) {


        uploadService.removeById(id);


        return Result.ok("删除成功!");


    }


 


    @DeleteMapping(value = "/deleteBatch")


    public Result<?> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {


        uploadService.removeByIds(Arrays.asList(ids.split(",")));


        return Result.ok("批量删除成功!");


    }


 


    @PostMapping("/batchUploadFile")


    public Result<?> batchUploadFile(HttpServletRequest request)  {


        // 创建一个通用的多部分解析器


        CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(request.getSession().getServletContext());


        // 判断 request 是否有文件上传,即多部分请求


        if (multipartResolver.isMultipart(request)) {


            // 转换成多部分request


            MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;


            List<MultipartFile> files = multiRequest.getFiles("files[]");


            String type = multiRequest.getParameter("type");


            String description = multiRequest.getParameter("description");


            try {


                List<SysUpload> sysUploads = uploadService.batchUploadFile(type, files, description);


                return Result.ok(sysUploads);


            } catch (Exception e) {


                throw new RuntimeException(e);


            }


        }


        return Result.error("操作失败");


    }


 


    @GetMapping("/downloadFile")


    public void downloadFile(@RequestParam("id") String id, HttpServletResponse response) {


        uploadService.downloadFile(response, uploadService.getById(id));


    }


 


}