diff --git a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java index afa6fbb..c244c9d 100644 --- a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java +++ b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java @@ -115,7 +115,7 @@ public class ShiroConfig { filterChainDefinitionMap.put("/admin/h5Api/nuBizAdvisoryInfo/**", "anon"); //授权接口排除 filterChainDefinitionMap.put("/weixin/**", "anon"); //授权接口排除 filterChainDefinitionMap.put("/api/pad/loginApi/**", "anon"); //pad登录-信息获取接口 - + filterChainDefinitionMap.put("/sys/common/open/static/**", "anon");//获取本地文件资源 filterChainDefinitionMap.put("/sys/getLoginQrcode/**", "anon"); //登录二维码 filterChainDefinitionMap.put("/sys/getQrcodeToken/**", "anon"); //监听扫码 diff --git a/nursing-unit-services/nu-services-biz/src/main/java/com/nu/modules/servicedirective/controller/ConfigServiceDirectiveController.java b/nursing-unit-services/nu-services-biz/src/main/java/com/nu/modules/servicedirective/controller/ConfigServiceDirectiveController.java index ab85b6e..c5de6af 100644 --- a/nursing-unit-services/nu-services-biz/src/main/java/com/nu/modules/servicedirective/controller/ConfigServiceDirectiveController.java +++ b/nursing-unit-services/nu-services-biz/src/main/java/com/nu/modules/servicedirective/controller/ConfigServiceDirectiveController.java @@ -255,4 +255,26 @@ public class ConfigServiceDirectiveController extends JeecgController syncMediaForBiz(@RequestBody ConfigServiceDirective dto) { + //处理媒体资源(放在保存方法之前) + configServiceDirectiveService.handleMediaFile(dto); + //保存 + ConfigServiceDirective configServiceDirective = new ConfigServiceDirective(); + BeanUtils.copyProperties(dto,configServiceDirective); + configServiceDirectiveService.updateById(configServiceDirective); + + DirectiveAsyncMQDto directiveAsyncMQDto = new DirectiveAsyncMQDto(); + BeanUtils.copyProperties(dto, directiveAsyncMQDto); + rabbitMQUtil.sendToExchange("hldy.directive", dto.getSysOrgCode() + ".directive.createmedia", directiveAsyncMQDto); + return Result.OK(Maps.newHashMap()); + } } diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java index 239c605..5dffc36 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java @@ -1,5 +1,6 @@ package org.jeecg.modules.system.controller; +import com.nu.utils.SafetyUtil; import lombok.extern.slf4j.Slf4j; import org.jeecg.common.api.vo.Result; import org.jeecg.common.constant.CommonConstant; @@ -352,4 +353,74 @@ public class CommonController { return new AntPathMatcher().extractPathWithinPattern(bestMatchPattern, path); } + @GetMapping(value = "/open/static/**") + public void openView(@RequestParam(value = "name", defaultValue = "aaa") String secureKey, HttpServletRequest request, HttpServletResponse response) { + if (!SafetyUtil.validateSecureKey(secureKey)) { + try { + response.setContentType("text/plain"); + response.setCharacterEncoding("UTF-8"); + response.getWriter().write(""); + return; + } catch (IOException e) { + return; + } + } + // ISO-8859-1 ==> UTF-8 进行编码转换 + String imgPath = extractPathFromPattern(request); + if (oConvertUtils.isEmpty(imgPath) || CommonConstant.STRING_NULL.equals(imgPath)) { + return; + } + // 其余处理略 + InputStream inputStream = null; + OutputStream outputStream = null; + try { + imgPath = imgPath.replace("..", "").replace("../", ""); + if (imgPath.endsWith(SymbolConstant.COMMA)) { + imgPath = imgPath.substring(0, imgPath.length() - 1); + } + //update-begin---author:liusq ---date:20230912 for:检查下载文件类型-------------- + SsrfFileTypeFilter.checkDownloadFileType(imgPath); + //update-end---author:liusq ---date:20230912 for:检查下载文件类型-------------- + + String filePath = uploadpath + File.separator + imgPath; + File file = new File(filePath); + if (!file.exists()) { + response.setStatus(404); + log.error("文件[" + imgPath + "]不存在.."); + return; + //throw new RuntimeException(); + } + // 设置强制下载不打开 + response.setContentType("application/force-download"); + response.addHeader("Content-Disposition", "attachment;fileName=" + new String(file.getName().getBytes("UTF-8"), "iso-8859-1")); + inputStream = new BufferedInputStream(new FileInputStream(filePath)); + outputStream = response.getOutputStream(); + byte[] buf = new byte[1024]; + int len; + while ((len = inputStream.read(buf)) > 0) { + outputStream.write(buf, 0, len); + } + response.flushBuffer(); + } catch (IOException e) { + log.error("预览文件失败" + e.getMessage()); + response.setStatus(404); + e.printStackTrace(); + } finally { + if (inputStream != null) { + try { + inputStream.close(); + } catch (IOException e) { + log.error(e.getMessage(), e); + } + } + if (outputStream != null) { + try { + outputStream.close(); + } catch (IOException e) { + log.error(e.getMessage(), e); + } + } + } + + } }