diff --git a/src/main/java/org/yzr/config/ShiroConfig.java b/src/main/java/org/yzr/config/ShiroConfig.java index d0ef9a2..4529595 100644 --- a/src/main/java/org/yzr/config/ShiroConfig.java +++ b/src/main/java/org/yzr/config/ShiroConfig.java @@ -30,13 +30,18 @@ public class ShiroConfig { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map filterChainDefinitionMap = new LinkedHashMap(); + // 不需要权限可以访问的页面 filterChainDefinitionMap.put("/account/signin", "anon"); filterChainDefinitionMap.put("/account/logout", "anon"); filterChainDefinitionMap.put("/error/unauthorized", "anon"); + // 需要授权访问的页面 filterChainDefinitionMap.put("/apps/**", "authc"); + // 登录页面 shiroFilterFactoryBean.setLoginUrl("/account/signin"); + // 成功后跳转页面 shiroFilterFactoryBean.setSuccessUrl("/apps"); + // 未授权页面 shiroFilterFactoryBean.setUnauthorizedUrl("/error/unauthorized"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; diff --git a/src/main/java/org/yzr/controller/PackageController.java b/src/main/java/org/yzr/controller/PackageController.java index 45743c7..fd82c8a 100644 --- a/src/main/java/org/yzr/controller/PackageController.java +++ b/src/main/java/org/yzr/controller/PackageController.java @@ -13,10 +13,13 @@ import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import org.yzr.model.App; import org.yzr.model.Package; +import org.yzr.model.Storage; import org.yzr.model.User; import org.yzr.service.AppService; import org.yzr.service.PackageService; +import org.yzr.service.StorageService; import org.yzr.service.UserService; +import org.yzr.storage.StorageUtil; import org.yzr.utils.file.FileType; import org.yzr.utils.file.FileUtil; import org.yzr.utils.file.PathManager; @@ -114,13 +117,11 @@ public class PackageController { if (user == null) { return ResponseUtil.unauthz(); } - String filePath = transfer(file); - FileType fileType = FileUtil.getType(filePath); - if (fileType == null || fileType != FileType.ZIP) { - // 文件类型错误 - FileUtils.forceDelete(new File(filePath)); - return ResponseUtil.badArgument(); + String filePath = StorageUtil.checkAndTransfer(file.getInputStream(), file.getSize(), file.getContentType(), file.getOriginalFilename()); + if (filePath == null) { + return ResponseUtil.fail(401, "不支持的文件类型"); } + Package aPackage = this.packageService.buildPackage(filePath, user); Map extra = new HashMap<>(); String jobName = request.getParameter("jobName"); diff --git a/src/main/java/org/yzr/storage/StorageUtil.java b/src/main/java/org/yzr/storage/StorageUtil.java index 7c73585..6eb6be7 100644 --- a/src/main/java/org/yzr/storage/StorageUtil.java +++ b/src/main/java/org/yzr/storage/StorageUtil.java @@ -1,15 +1,23 @@ package org.yzr.storage; +import org.apache.commons.io.FileUtils; +import org.apache.commons.io.FilenameUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.io.Resource; +import org.springframework.web.multipart.MultipartFile; import org.yzr.model.Storage; import org.yzr.utils.CharUtil; import org.yzr.utils.file.FileType; import org.yzr.utils.file.FileUtil; +import java.io.File; import java.io.InputStream; import java.io.PushbackInputStream; +import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardCopyOption; +import java.util.UUID; import java.util.stream.Stream; /** @@ -37,6 +45,47 @@ public class StorageUtil { this.storage = storage; } + + /** + * 检测并转存文件 + * @param inputStream + * @param contentLength + * @param contentType + * @param fileName + * @return + */ + public static String checkAndTransfer(InputStream inputStream, long contentLength, String contentType, String fileName) { + // 判断文件类型 + if (!(contentType != null && contentType.equalsIgnoreCase("application/octet-stream"))) { + return null; + } + int len = 28; + PushbackInputStream pushbackInputStream = new PushbackInputStream(inputStream, len); + try { + byte[] b = new byte[len]; + FileType type = FileUtil.getType(pushbackInputStream); + // ipa和apk文件都是zip文件 + if (type != FileType.ZIP) { + pushbackInputStream.close(); + return null; + } + pushbackInputStream.unread(b); + // 获取文件后缀 + String ext = FilenameUtils.getExtension(fileName); + // 生成文件名 + String newFileName = UUID.randomUUID().toString() + "." + ext; + // 转存到 tmp + String destPath = FileUtils.getTempDirectoryPath() + File.separator + newFileName; + destPath = destPath.replaceAll("//", "/"); + System.out.println(destPath); + Files.copy(pushbackInputStream, Paths.get(destPath), StandardCopyOption.REPLACE_EXISTING); + return destPath; + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } + /** * 存储一个文件对象 * @@ -46,6 +95,7 @@ public class StorageUtil { * @param fileName 文件索引名 */ public Storage store(InputStream inputStream, long contentLength, String contentType, String fileName) { + // 判断文件类型 if (!(contentType != null && contentType.equalsIgnoreCase("application/octet-stream"))) { return null; } @@ -55,6 +105,7 @@ public class StorageUtil { try { byte[] b = new byte[len]; FileType type = FileUtil.getType(pushbackInputStream); + // ipa和apk文件都是zip文件 if (type != FileType.ZIP) { pushbackInputStream.close(); return null;