Explorar el Código

fix:

1. 文件预览修改参数加密;
tags/24112201
WendyYang hace 1 mes
padre
commit
02526f8b20
Se han modificado 6 ficheros con 123 adiciones y 12 borrados
  1. +32
    -0
      hz-pm-api/src/main/java/com/hz/pm/api/common/util/PreviewFileIdEncryptUtil.java
  2. +50
    -8
      hz-pm-api/src/main/java/com/hz/pm/api/external/FilePreviewClient.java
  3. +1
    -1
      hz-pm-api/src/main/java/com/hz/pm/api/external/controller/FilePreviewController.java
  4. +8
    -1
      hz-pm-api/src/main/java/com/hz/pm/api/external/controller/MhApiController.java
  5. +31
    -0
      hz-pm-api/src/main/java/com/hz/pm/api/external/model/PreviewFileIdBO.java
  6. +1
    -2
      hz-pm-api/src/main/java/com/hz/pm/api/user/security/auth/mh/MhLoginUserDetailService.java

+ 32
- 0
hz-pm-api/src/main/java/com/hz/pm/api/common/util/PreviewFileIdEncryptUtil.java Ver fichero

@@ -0,0 +1,32 @@
package com.hz.pm.api.common.util;

import cn.hutool.core.codec.Base64;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.symmetric.AES;

/**
* <p>
* PreviewFileIdEncryptUtil
* </p>
*
* @author WendyYang
* @since 13:36 2024/11/19
*/
public class PreviewFileIdEncryptUtil {

private PreviewFileIdEncryptUtil() {
}

private static final String KEY_BASE64 = "ffbTIYYplRaDcNnrP3dm99s8jCGls4bBqJPnFUo44ik=";

public static String encryptFileId(String fileId) {
AES aes = SecureUtil.aes(Base64.decode(KEY_BASE64));
return aes.encryptHex(fileId);
}

public static String decryptFileId(String fileId) {
AES aes = SecureUtil.aes(Base64.decode(KEY_BASE64));
return aes.decryptStr(fileId);
}

}

+ 50
- 8
hz-pm-api/src/main/java/com/hz/pm/api/external/FilePreviewClient.java Ver fichero

@@ -1,6 +1,10 @@
package com.hz.pm.api.external;

import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.NumberUtil;
import com.hz.pm.api.common.enumeration.FileOrigin;
import com.hz.pm.api.common.util.PreviewFileIdEncryptUtil;
import com.hz.pm.api.external.model.PreviewFileIdBO;
import com.hz.pm.api.external.model.dto.MhFileInfoDTO;
import com.hz.pm.api.meeting.entity.config.WebProps;
import com.ningdatech.basic.exception.BizException;
@@ -14,6 +18,7 @@ import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.Duration;
import java.util.List;

/**
@@ -41,9 +46,6 @@ public class FilePreviewClient {

private static final String FILE_DOWN_NO_AUTH_URL = "/api/v1/file/preview/anonymous/down/";

private static final String MH_DOWN_FILE_URL = "/api/v1/mh/anonymous/file/download/";


//==================================================================================================================

private static final String PREVIEW_PATH_FMT = "%s/public/risen/core/resrc/view/pdf_view.html.do?strMap.remote_url=%s&strMap.ext=%s";
@@ -52,11 +54,14 @@ public class FilePreviewClient {
String serverName = request.getServerName();
log.info("serverName:{}", serverName);
StringBuilder fileDownUrl = new StringBuilder();
String filePreviewUrlHost;
if (serverName.contains("weixin") || serverName.contains("10.54.38.13")) {
// 浙政钉访问需要转换为互联网可访问的地址
fileDownUrl.append(WebProps.zzdApiUrl);
filePreviewUrlHost = mhFilePreviewPublicUrl;
} else {
fileDownUrl.append(WebProps.apiUrl);
filePreviewUrlHost = mhFilePreviewPrivateUrl;
}
String fileSuffix;
// 信产文件ID为字符串、当前系统文件ID为数字
@@ -64,18 +69,55 @@ public class FilePreviewClient {
List<MhFileInfoDTO> fileInfos = mhFileClient.listFileInfo(fileId);
MhFileInfoDTO mhFileInfo = fileInfos.get(0);
fileSuffix = mhFileInfo.getFileSuffix();
fileDownUrl.append(MH_DOWN_FILE_URL).append(fileId);
String tmpFileId = generateFileId(fileId, FileOrigin.MH);
fileDownUrl.append(FILE_DOWN_NO_AUTH_URL).append(tmpFileId);
} else {
fileDownUrl.append(FILE_DOWN_NO_AUTH_URL).append(fileId);
String tmpFileId = generateFileId(fileId, FileOrigin.OSS);
fileDownUrl.append(FILE_DOWN_NO_AUTH_URL).append(tmpFileId);
File file = fileService.getById(fileId);
fileSuffix = file.getSuffix();
}
return String.format(PREVIEW_PATH_FMT, mhFilePreviewPrivateUrl, fileDownUrl, fileSuffix);
return String.format(PREVIEW_PATH_FMT, filePreviewUrlHost, fileDownUrl, fileSuffix);
}

private static String generateFileId(String fileId, FileOrigin oss) {
PreviewFileIdBO previewFileId = PreviewFileIdBO.builder()
// 默认过期时间6小时
.expireTime(System.currentTimeMillis() + Duration.ofHours(6).toMillis())
.fileId(fileId)
.fileOrigin(oss)
.build();
return PreviewFileIdEncryptUtil.encryptFileId(previewFileId.concat());
}

private static PreviewFileIdBO parseFileId(String fileId) {
String decryptFileId = PreviewFileIdEncryptUtil.decryptFileId(fileId);
String[] split = decryptFileId.split("#");
if (ArrayUtil.isEmpty(split) || split.length != 3) {
throw BizException.wrap("文件ID无效");
}
return PreviewFileIdBO.builder()
.fileId(split[0])
.expireTime(Long.parseLong(split[1]))
.fileOrigin(FileOrigin.valueOf(split[2]))
.build();
}

public void downloadFile(Long fileId, HttpServletResponse response) {
public void downloadFile(String fileId, HttpServletResponse response) {
try {
fileService.download(fileId, response);
PreviewFileIdBO previewFileId = parseFileId(fileId);
if (previewFileId.getExpireTime() != null
&& previewFileId.getExpireTime() > 0
&& System.currentTimeMillis() > previewFileId.getExpireTime()) {
throw BizException.wrap("文件地址已过期,请重试");
}
if (FileOrigin.MH.equals(previewFileId.getFileOrigin())) {
mhFileClient.download(previewFileId.getFileId(), response);
} else if (FileOrigin.OSS.equals(previewFileId.getFileOrigin())) {
fileService.download(Long.valueOf(previewFileId.getFileId()), response);
} else {
throw BizException.wrap("文件类型不支持");
}
} catch (Exception e) {
log.info("文件下载失败:{}", fileId, e);
throw BizException.wrap("文件下载失败:%s", fileId);


+ 1
- 1
hz-pm-api/src/main/java/com/hz/pm/api/external/controller/FilePreviewController.java Ver fichero

@@ -36,7 +36,7 @@ public class FilePreviewController {

@ApiOperation("文件下载(不鉴权)")
@GetMapping("/anonymous/down/{fileId}")
public void anonymousFileDown(@PathVariable Long fileId, HttpServletResponse response) {
public void anonymousFileDown(@PathVariable String fileId, HttpServletResponse response) {
filePreviewClient.downloadFile(fileId, response);
}



+ 8
- 1
hz-pm-api/src/main/java/com/hz/pm/api/external/controller/MhApiController.java Ver fichero

@@ -38,13 +38,20 @@ public class MhApiController {
return mhApiClient.dictListByType(dictType);
}

@GetMapping({"/anonymous/file/download/{fileId}", "/file/download/{fileId}"})
@GetMapping("/file/download/{fileId}")
@WebLog("下载信创平台文件")
@ApiOperation("下载信创平台文件")
public void download(@PathVariable String fileId, HttpServletResponse response) {
mhFileClient.download(fileId, response);
}

@GetMapping("/anonymous/file/download/{fileId}")
@WebLog("下载信创平台文件")
@ApiOperation("下载信创平台文件")
public void anonymousDownload(@PathVariable String fileId, HttpServletResponse response) {
mhFileClient.download(fileId, response);
}

@GetMapping("/file/listFileInfo")
@ApiOperation("获取文件详情")
public List<MhFileInfoDTO> listFileInfo(@RequestParam String fileIds) {


+ 31
- 0
hz-pm-api/src/main/java/com/hz/pm/api/external/model/PreviewFileIdBO.java Ver fichero

@@ -0,0 +1,31 @@
package com.hz.pm.api.external.model;

import com.hz.pm.api.common.enumeration.FileOrigin;
import lombok.Builder;
import lombok.Getter;
import lombok.Setter;

/**
* <p>
* PreviewFileIdBO
* </p>
*
* @author WendyYang
* @since 14:12 2024/11/19
*/
@Builder
@Getter
@Setter
public class PreviewFileIdBO {

private String fileId;

private Long expireTime;

private FileOrigin fileOrigin;

public String concat() {
return this.fileId + "#" + this.expireTime + "#" + this.fileOrigin;
}

}

+ 1
- 2
hz-pm-api/src/main/java/com/hz/pm/api/user/security/auth/mh/MhLoginUserDetailService.java Ver fichero

@@ -1,7 +1,6 @@
package com.hz.pm.api.user.security.auth.mh;


import cn.hutool.json.JSONUtil;
import com.hz.pm.api.common.helper.UserInfoHelper;
import com.hz.pm.api.user.convert.UserInfoConvertor;
import com.hz.pm.api.user.security.auth.checker.UserLoginChecker;
@@ -32,7 +31,7 @@ public class MhLoginUserDetailService implements UserDetailsService {
public UserInfoDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserFullInfoDTO userInfo = userInfoHelper.getUserFullInfoByMhUserIdOrOpenId(username);
UserLoginChecker.checkLoginAuth(userInfo);
log.info("登录用户为:{}", JSONUtil.toJsonStr(userInfo));
log.info("登录用户为:{} {}", userInfo.getUserId(), userInfo.getUsername());
return UserInfoConvertor.convert(userInfo);
}



Cargando…
Cancelar
Guardar