xtools/xtools-app
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Activity

优化文件上传配置和校验

Browse Source
This commit is contained in:
低调大师
2026-05-09 15:52:14 +08:00
parent a7189ec41b
commit 20bf0f447a
6 changed files with 54 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysBaseController.java
View File

@@ -100,13 +100,13 @@ public class SysBaseController {
@Operation(summary = "取消忽略脱敏") @Operation(summary = "取消忽略脱敏")
@GetMapping("/unignore-mask") @GetMapping("/unignore-mask")
public Result<Boolean> unIgnoreMask(HttpServletRequest request) { public Result<Boolean> unIgnoreMask() {
return sysBaseService.unIgnoreMask(); return sysBaseService.unIgnoreMask();
} }
@Operation(summary = "退出登录") @Operation(summary = "退出登录")
@GetMapping("/logout") @GetMapping("/logout")
public Result<Boolean> logout(HttpServletRequest request) { public Result<Boolean> logout() {
LoginUserDto loginUser = AuthUtils.get(); LoginUserDto loginUser = AuthUtils.get();
AuthUtils.remove(loginUser.getId()); AuthUtils.remove(loginUser.getId());
return Result.ok(true); return Result.ok(true);

18
xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysNoticeController.java
View File

@@ -32,9 +32,8 @@ import xtools.boot.api.model.dto.Result;
import xtools.boot.api.model.dto.page.PageReq; import xtools.boot.api.model.dto.page.PageReq;
import xtools.boot.api.model.dto.page.PageResp; import xtools.boot.api.model.dto.page.PageResp;
import xtools.boot.api.model.dto.req.IdListReq; import xtools.boot.api.model.dto.req.IdListReq;
import xtools.core.StringUtils;
import xtools.core.extend.CheckUtils;
import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
/** /**
@@ -95,32 +94,25 @@ public class SysNoticeController {
@Operation(summary = "上传图片") @Operation(summary = "上传图片")
@PostMapping("/upload-img") @PostMapping("/upload-img")
public Result<Long> uploadImg( public Result<Long> uploadImg(
@Schema(description = "图片文件")
@RequestParam("img") MultipartFile img @RequestParam("img") MultipartFile img
) { ) {
if (img.isEmpty()) { if (img.isEmpty()) {
throw new BizError("图片件不能为空"); throw new BizError("图片件不能为空");
} }
String filename = img.getOriginalFilename();
if (StringUtils.isBlank(filename)) {
throw new BizError("图片件名称不能为空");
}
FileBizEnum bizType = FileBizEnum.SYS_NOTICE;
if (!CheckUtils.suffix(filename, bizType.extArr())) {
throw new BizError("图片格式错误");
}
try (InputStream inputStream = img.getInputStream()) { try (InputStream inputStream = img.getInputStream()) {
LoginUserDto loginUser = AuthUtils.get(); LoginUserDto loginUser = AuthUtils.get();
Long id = sysFileOptService.upload( Long id = sysFileOptService.upload(
filename, img.getOriginalFilename(),
inputStream, inputStream,
img.getSize(), img.getSize(),
loginUser.getId(), loginUser.getId(),
loginUser.getAccount(), loginUser.getAccount(),
bizType, FileBizEnum.SYS_NOTICE,
null null
); );
return Result.ok(id); return Result.ok(id);
} catch (Exception e) { } catch (IOException e) {
log.error("上传失败", e); log.error("上传失败", e);
throw new BizError("上传失败"); throw new BizError("上传失败");
} }

7
xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizBaseEnum.java
View File

@@ -29,6 +29,13 @@ public interface FileBizBaseEnum extends BaseEnum {
*/ */
FilePermissionType permission(); FilePermissionType permission();
/**
* 文件大小限制
*
* @return 文件大小限制
*/
long sizeLimit();
/** /**
* 文件过期时间(小时) * 文件过期时间(小时)
* *

21
xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizEnum.java
View File

@@ -14,7 +14,7 @@ package xtools.app.sys.file.enums;
public enum FileBizEnum implements FileBizBaseEnum { public enum FileBizEnum implements FileBizBaseEnum {
// 系统通知 // 系统通知
SYS_NOTICE(-10, "系统通知", "sys-notice-editor-img", FilePermissionType.PUBLIC, 12, "png", "jpg", "jpeg", "gif", "bmp", "webp"); SYS_NOTICE(-10, "系统通知", "sys-notice-editor-img", FilePermissionType.PUBLIC, 1024 * 1024 * 5, 12, "png", "jpg", "jpeg", "gif", "bmp", "svg", "webp");
/** /**
* 编码 * 编码
@@ -36,6 +36,11 @@ public enum FileBizEnum implements FileBizBaseEnum {
*/ */
private final FilePermissionType permission; private final FilePermissionType permission;
/**
* 文件大小限制
*/
private final long sizeLimit;
/** /**
* 文件过期时间(小时) * 文件过期时间(小时)
*/ */
@@ -53,14 +58,16 @@ public enum FileBizEnum implements FileBizBaseEnum {
* @param desc 说明 * @param desc 说明
* @param bucket 存储桶 * @param bucket 存储桶
* @param permission 文件权限 * @param permission 文件权限
* @param sizeLimit 文件大小限制
* @param expireTime 文件过期时间(小时) * @param expireTime 文件过期时间(小时)
* @param extArr 扩展名 * @param extArr 扩展名
*/ */
FileBizEnum(int code, String desc, String bucket, FilePermissionType permission, int expireTime, String... extArr) { FileBizEnum(int code, String desc, String bucket, FilePermissionType permission, long sizeLimit, int expireTime, String... extArr) {
this.code = code; this.code = code;
this.desc = desc; this.desc = desc;
this.bucket = bucket; this.bucket = bucket;
this.permission = permission; this.permission = permission;
this.sizeLimit = sizeLimit;
this.expireTime = expireTime; this.expireTime = expireTime;
this.extArr = extArr; this.extArr = extArr;
} }
@@ -115,6 +122,16 @@ public enum FileBizEnum implements FileBizBaseEnum {
return permission; return permission;
} }
/**
* 获取文件大小限制
*
* @return 文件大小限制
*/
@Override
public long sizeLimit() {
return sizeLimit;
}
/** /**
* 获取文件过期时间 * 获取文件过期时间
* *

2
xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/SysFileOptService.java
View File

@@ -51,7 +51,7 @@ public interface SysFileOptService {
* @return 文件ID * @return 文件ID
*/ */
Long upload( Long upload(
@NonNull String fileName, String fileName,
@NonNull InputStream inputStream, @NonNull InputStream inputStream,
long contentLength, long contentLength,
@NonNull Long userId, @NonNull Long userId,

28
xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/impl/SysFileOptServiceImpl.java
View File

@@ -108,7 +108,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
*/ */
@Override @Override
public Long upload( public Long upload(
@NonNull String fileName, String fileName,
@NonNull InputStream inputStream, @NonNull InputStream inputStream,
long contentLength, long contentLength,
@NonNull Long userId, @NonNull Long userId,
@@ -116,8 +116,24 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
@NonNull FileBizBaseEnum bizType, @NonNull FileBizBaseEnum bizType,
Long bizId Long bizId
) { ) {
// 上传事件 // 上传时间
Instant uploadTime = Instant.now(); Instant uploadTime = Instant.now();
// 文件名校验
if (StringUtils.isBlank(fileName)) {
throw new BizError("文件名称不能为空");
}
// 文件格式校验
String suffix = FileUtils.getSuffix(fileName);
if (!CheckUtils.suffix(suffix, bizType.extArr())) {
throw new BizError("文件格式错误");
}
// 文件大小限制
long sizeLimit = bizType.sizeLimit();
if (sizeLimit > CP_NEGATIVE1 && contentLength > sizeLimit) {
throw new BizError("文件大小超限");
}
// 计算文件码 // 计算文件码
String md5 = null; String md5 = null;
String sm3 = null; String sm3 = null;
@@ -127,7 +143,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
byte[] bytes = inputStream.readAllBytes(); byte[] bytes = inputStream.readAllBytes();
inputStream = new ByteArrayInputStream(bytes); inputStream = new ByteArrayInputStream(bytes);
contentLength = bytes.length; contentLength = bytes.length;
if (contentLength <= 0) { if (contentLength <= CP_NUM0) {
throw new BizError("文件长度错误"); throw new BizError("文件长度错误");
} }
byte[] md5Bytes = Md5Utils.encrypt(bytes); byte[] md5Bytes = Md5Utils.encrypt(bytes);
@@ -143,11 +159,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
throw new BizError("计算文件码失败"); throw new BizError("计算文件码失败");
} }
} }
// 获取文件后缀
String suffix = FileUtils.getSuffix(fileName);
if (StringUtils.isBlank(suffix)) {
throw new BizError("文件格式错误");
}
// 文件存储器的文件名 // 文件存储器的文件名
String filePath = UuidUtils.get() + CP_LINE + fileName; String filePath = UuidUtils.get() + CP_LINE + fileName;
// 获取存储桶 // 获取存储桶