code-image-backup-public/lilishop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复安全漏洞。优化代码

Browse Source
This commit is contained in:
paulGao
2021-11-11 18:15:21 +08:00
parent 9fd75c65e1
commit 6f13218564
34 changed files with 351 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
common-api/src/main/java/cn/lili/controller/common/UploadController.java
View File

@@ -1,18 +1,17 @@
package cn.lili.controller.common;
import cn.hutool.core.util.StrUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.lili.cache.Cache;
import cn.lili.common.enums.ResultCode;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.exception.ServiceException;
import cn.lili.common.properties.SystemSettingProperties;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.utils.Base64DecodeMultipartFile;
import cn.lili.common.utils.CommonUtil;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.utils.StringUtils;
import cn.lili.common.vo.ResultMessage;
import cn.lili.common.properties.SystemSettingProperties;
import cn.lili.modules.file.entity.File;
import cn.lili.modules.file.plugin.FileManagerPlugin;
import cn.lili.modules.file.service.FileService;
@@ -30,6 +29,7 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import java.io.InputStream;
import java.util.Objects;
/**
* 文件上传接口
@@ -68,16 +68,24 @@ public class UploadController {
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
}
Setting setting = settingService.get(SettingEnum.OSS_SETTING.name());
if (setting == null || StrUtil.isBlank(setting.getSettingValue())) {
if (setting == null || CharSequenceUtil.isBlank(setting.getSettingValue())) {
throw new ServiceException(ResultCode.OSS_NOT_EXIST);
}
if (file == null || CharSequenceUtil.isEmpty(file.getContentType())) {
throw new ServiceException(ResultCode.IMAGE_FILE_EXT_ERROR);
}
if (StringUtils.isNotBlank(base64)) {
if (!CharSequenceUtil.containsAny(file.getContentType().toLowerCase(), "image")) {
throw new ServiceException(ResultCode.FILE_TYPE_NOT_SUPPORT);
}
if (CharSequenceUtil.isNotBlank(base64)) {
//base64上传
file = Base64DecodeMultipartFile.base64Convert(base64);
}
String result = "";
String fileKey = CommonUtil.rename(file.getOriginalFilename());
String result;
String fileKey = CommonUtil.rename(Objects.requireNonNull(file.getOriginalFilename()));
File newFile = new File();
try {
InputStream inputStream = file.getInputStream();