package org.jeecg.modules.system.controller; import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import io.swagger.annotations.Api; import lombok.extern.slf4j.Slf4j; import org.jeecg.common.api.vo.Result; import org.jeecg.common.exception.JeecgBootException; import org.jeecg.common.system.query.QueryGenerator; import org.jeecg.common.util.CommonUtils; import org.jeecg.common.util.MinioUtil; import org.jeecg.common.util.StrUtils; import org.jeecg.common.util.oConvertUtils; import org.jeecg.modules.oss.entity.OssFile; import org.jeecg.modules.oss.service.IOssFileService; import org.jeecg.common.system.base.entity.SysUpload; import org.jeecg.modules.system.service.IUploadService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; import org.springframework.web.multipart.commons.CommonsMultipartResolver; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.ArrayList; import java.util.Arrays; import java.util.List; /** * minio文件上传示例 * @author: jeecg-boot */ @Slf4j @RestController @RequestMapping("/sys/upload") public class SysUploadController { @Autowired private IOssFileService ossFileService; @Autowired private IUploadService uploadService; /** * 上传 * @param request */ @PostMapping(value = "/uploadMinio") public Result uploadMinio(HttpServletRequest request) throws Exception { Result result = new Result<>(); String bizPath = request.getParameter("biz"); //LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞 boolean flag = oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\")); if (flag) { throw new JeecgBootException("上传目录bizPath,格式非法!"); } if(oConvertUtils.isEmpty(bizPath)){ bizPath = ""; } MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; // 获取上传文件对象 MultipartFile file = multipartRequest.getFile("file"); // 获取文件名 String orgName = file.getOriginalFilename(); orgName = CommonUtils.getFileName(orgName); String fileUrl = MinioUtil.upload(file,bizPath); if(oConvertUtils.isEmpty(fileUrl)){ return Result.error("上传失败,请检查配置信息是否正确!"); } //保存文件信息 OssFile minioFile = new OssFile(); minioFile.setFileName(orgName); minioFile.setUrl(fileUrl); ossFileService.save(minioFile); result.setMessage(fileUrl); result.setSuccess(true); return result; } @GetMapping(value = "/list") public Result list(SysUpload upload, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(upload, req.getParameterMap()); Page page = new Page(pageNo, pageSize); IPage pageList = uploadService.page(page, queryWrapper); return Result.ok(pageList); } @GetMapping(value = "/listByType") public Result listByType(SysUpload upload, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(upload, req.getParameterMap()); queryWrapper.in("type","inspection","threeMaintenance","twoMaintenance"); Page page = new Page(pageNo, pageSize); IPage pageList = uploadService.page(page, queryWrapper); return Result.ok(pageList); } @DeleteMapping(value = "/delete") public Result delete(@RequestParam(name = "id", required = true) String id) { uploadService.removeById(id); return Result.ok("删除成功!"); } @DeleteMapping(value = "/deleteBatch") public Result deleteBatch(@RequestParam(name = "ids", required = true) String ids) { uploadService.removeByIds(Arrays.asList(ids.split(","))); return Result.ok("批量删除成功!"); } @PostMapping("/batchUploadFile") public Result batchUploadFile(HttpServletRequest request) { // 创建一个通用的多部分解析器 CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(request.getSession().getServletContext()); // 判断 request 是否有文件上传,即多部分请求 if (multipartResolver.isMultipart(request)) { // 转换成多部分request MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request; List files = multiRequest.getFiles("files[]"); String type = multiRequest.getParameter("type"); String description = multiRequest.getParameter("description"); try { List sysUploads = uploadService.batchUploadFile(type, files, description); return Result.ok(sysUploads); } catch (Exception e) { throw new RuntimeException(e); } } return Result.error("操作失败"); } @GetMapping("/downloadFile") public void downloadFile(@RequestParam("id") String id, HttpServletResponse response) { uploadService.downloadFile(response, uploadService.getById(id)); } @PostMapping(value = "/uploadFile") public Result uploadFile(MultipartHttpServletRequest request, HttpServletResponse response) throws Exception { String type = request.getParameter("type"); String description = request.getParameter("description"); List multipartFileList = request.getFiles("files[]"); List sysUploads = uploadService.batchUploadFile(type, multipartFileList, description); return Result.ok("上传成功!"); } }