add type check for file upload

3 years ago · 0c296d45b9
parent 7d54e7cfce
commit 0c296d45b9
9 changed files with 148 additions and 59 deletions
--- a/pom.xml
+++ b/pom.xml
@ -28,7 +28,7 @@
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
-            <version>3.4.3.1</version>
+            <version>3.5.0</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
@ -46,7 +46,7 @@
        <dependency>
            <groupId>net.coobird</groupId>
            <artifactId>thumbnailator</artifactId>
-            <version>0.4.8</version>
+            <version>0.4.15</version>
        </dependency>

        <dependency>
--- a/src/main/java/com/peteralbus/controller/BlogController.java
+++ b/src/main/java/com/peteralbus/controller/BlogController.java
@ -8,7 +8,9 @@ import org.springframework.web.multipart.MultipartFile;

 import java.io.File;
 import java.io.IOException;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.UUID;


@ -55,7 +57,7 @@ public class BlogController
     * @return the blog
     */
    @GetMapping("/queryById")
-    public Blog queryById(Integer id)
+    public Blog queryById(Long id)
    {
        return blogService.queryById(id);
    }
@ -69,7 +71,7 @@ public class BlogController
    @PostMapping("/add")
    public String add(Blog blog)
    {
-        int status=-1;
+        int status;
        status=blogService.add(blog);
        if(status>0)
        {
@ -90,7 +92,7 @@ public class BlogController
    @PostMapping("/update")
    public String update(Blog blog)
    {
-        int status=-1;
+        int status;
        status=blogService.update(blog);
        if(status>0)
        {
@ -111,19 +113,36 @@ public class BlogController
    @PostMapping("/upload")
    public String upload(@RequestParam("file") MultipartFile file)
    {
-        System.out.println("fileUpload");
        String uploadPath="/home/PeterAlbus/assets/blog/imgs/cover/";
-        // 获取上传的文件名称
        String fileName = file.getOriginalFilename();
-        String newName= UUID.randomUUID().toString().replace("-", "").toLowerCase();
-        File dest = new File(uploadPath + newName);
-        try {
-            // 上传的文件被保存了
-            file.transferTo(dest);
-            System.out.println("上传成功，当前上传的文件保存在"+"https://www.peteralbus.com:8440/assets/blog/imgs/cover/"+newName);
-            return "https://www.peteralbus.com:8440/assets/blog/imgs/cover/"+newName;
-        } catch (IOException e) {
-            return "上传错误:"+e.getMessage();
+        String type="unknown";
+        final Set<String> allowTypes = new HashSet<String>(){{
+            add(".jpg");
+            add(".jpeg");
+            add(".png");
+            add(".JPG");
+            add(".JPEG");
+            add(".PNG");
+            add(".webp");
+            add(".tif");
+            add(".WEBP");
+            add(".TIF");
+        }};
+        if(fileName!=null)
+        {
+            type=fileName.substring(fileName.lastIndexOf('.'));
+        }
+        if(allowTypes.contains(type))
+        {
+            String newName= UUID.randomUUID().toString().replace("-", "").toLowerCase()+type;
+            File dest = new File(uploadPath + newName);
+            try {
+                file.transferTo(dest);
+                return "https://file.peteralbus.com/assets/blog/imgs/cover/"+newName;
+            } catch (IOException e) {
+                return "上传错误:"+e.getMessage();
+            }
        }
+        return "typeError";
    }
 }
--- a/src/main/java/com/peteralbus/controller/FriendLinkController.java
+++ b/src/main/java/com/peteralbus/controller/FriendLinkController.java
@ -15,7 +15,7 @@ import java.util.List;
 * Created on 2022/1/19.
 */
@RestController
-@CrossOrigin(origins = {"http://peteralbus.com","https://peteralbus.com","localhost"})
+@CrossOrigin(origins = {"http://www.peteralbus.com","https://www.peteralbus.com","http://localhost","http://peteralbus.com","https://peteralbus.com"})
@RequestMapping("/friendLink")
 public class FriendLinkController
 {
--- a/src/main/java/com/peteralbus/controller/PhotoController.java
+++ b/src/main/java/com/peteralbus/controller/PhotoController.java
@ -9,8 +9,7 @@ import org.springframework.web.multipart.MultipartFile;

 import java.io.File;
 import java.io.IOException;
-import java.util.List;
-import java.util.UUID;
+import java.util.*;

 /**
 * The type Photo controller.
@ -54,27 +53,47 @@ public class PhotoController
    @PostMapping("/upload")
    public String upload(@RequestParam("file") MultipartFile file,String imgName)
    {
-        System.out.println("fileUpload");
        String uploadPath="/home/PeterAlbus/assets/blog/imgs/photo/";
-        // 获取上传的文件名称
        String fileName = file.getOriginalFilename();
-        File dest = new File(uploadPath + fileName);
-        try {
-            // 上传的文件被保存了
-            file.transferTo(dest);
-            Thumbnails.of("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName).size(200, 300).toFile("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg");
-            System.out.println("上传成功，当前上传的文件保存在"+"https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName);
-            Photo photo=new Photo();
-            photo.setImgSrc("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName);
-            photo.setImgThumb("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg");
-            photo.setImgName(imgName);
-            photoService.add(photo);
-            return "success";
-        } catch (IOException e) {
-            //log.error(e.toString());
+        String type="unknown";
+        final Set<String> allowTypes = new HashSet<String>(){{
+            add(".jpg");
+            add(".jpeg");
+            add(".png");
+            add(".JPG");
+            add(".JPEG");
+            add(".PNG");
+            add(".webp");
+            add(".WEBP");
+            add(".tif");
+            add(".TIF");
+            add(".bmp");
+            add(".gif");
+            add(".BMP");
+            add(".GIF");
+        }};
+        if(fileName!=null)
+        {
+            type=fileName.substring(fileName.lastIndexOf('.'));
        }
-        // 待完成 —— 文件类型校验工作
-        return "fail";
+        if(allowTypes.contains(type))
+        {
+            File dest = new File(uploadPath + fileName);
+            try {
+                // 上传的文件被保存了
+                file.transferTo(dest);
+                Thumbnails.of("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName).size(200, 300).toFile("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg");
+                Photo photo=new Photo();
+                photo.setImgSrc("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName);
+                photo.setImgThumb("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg");
+                photo.setImgName(imgName);
+                photoService.add(photo);
+                return "success";
+            } catch (IOException e) {
+                return "上传错误:"+e.getMessage();
+            }
+        }
+        return "typeError";
    }

    /**
@ -90,18 +109,47 @@ public class PhotoController
    {
        /*pathExample:blog/imgs/photo/*/
        String uploadPath="/home/PeterAlbus/assets/"+path;
-        // 获取上传的文件名称
-        saveName=saveName+".jpg";
-        File dest = new File(uploadPath + saveName);
-        try {
-            // 上传的文件被保存了
-            file.transferTo(dest);
-            Thumbnails.of(uploadPath+ saveName).size(300, 300).toFile(uploadPath+ saveName +"_THUMB.jpg");
-            return "https://file.peteralbus.com/assets/"+path+ saveName +"_THUMB.jpg";
-        } catch (IOException e) {
-            e.printStackTrace();
-            return "error:"+e.getMessage();
+        String fileName=file.getOriginalFilename();
+        String type="unknown";
+        final Set<String> allowTypes = new HashSet<String>(){{
+            add(".jpg");
+            add(".jpeg");
+            add(".png");
+            add(".JPG");
+            add(".JPEG");
+            add(".PNG");
+            add(".tif");
+            add(".TIF");
+            add(".bmp");
+            add(".BMP");
+            add(".gif");
+            add(".GIF");
+        }};
+        if(fileName!=null)
+        {
+            type=fileName.substring(fileName.lastIndexOf('.'));
+        }
+        if(allowTypes.contains(type))
+        {
+            if(!"".equals(saveName))
+            {
+                saveName=saveName+type;
+            }
+            else
+            {
+                saveName=fileName;
+            }
+            File dest = new File(uploadPath + saveName);
+            try {
+                file.transferTo(dest);
+                Thumbnails.of(uploadPath+ saveName).size(300, 300).toFile(uploadPath+ saveName +"_THUMB.jpg");
+                return "https://file.peteralbus.com/assets/"+path+ saveName +"_THUMB.jpg";
+            } catch (IOException e) {
+                e.printStackTrace();
+                return "error:"+e.getMessage();
+            }
        }
+        return "typeError";
    }

    /**
@ -116,16 +164,32 @@ public class PhotoController
    {
        /*pathExample:blog/imgs/photo/*/
        String uploadPath="/home/PeterAlbus/assets/"+path;
-        // 获取上传的文件名称
        String fileName = file.getOriginalFilename();
-        File dest = new File(uploadPath + fileName);
-        try {
-            // 上传的文件被保存了
-            file.transferTo(dest);
-            return "https://file.peteralbus.com/assets/"+path+fileName;
-        } catch (IOException e) {
-            e.printStackTrace();
-            return "error:"+e.getMessage();
+        String type="unknown";
+        final Set<String> allowTypes = new HashSet<String>(){{
+            add(".jpg");
+            add(".jpeg");
+            add(".png");
+            add(".JPG");
+            add(".JPEG");
+            add(".PNG");
+        }};
+        if(fileName!=null)
+        {
+            type=fileName.substring(fileName.lastIndexOf('.'));
+        }
+        if(allowTypes.contains(type))
+        {
+            File dest = new File(uploadPath + fileName);
+            try {
+                // 上传的文件被保存了
+                file.transferTo(dest);
+                return "https://file.peteralbus.com/assets/"+path+fileName;
+            } catch (IOException e) {
+                e.printStackTrace();
+                return "error:"+e.getMessage();
+            }
        }
+        return "typeError";
    }
 }
--- a/src/main/java/com/peteralbus/domain/Blog.java
+++ b/src/main/java/com/peteralbus/domain/Blog.java
@ -2,6 +2,7 @@ package com.peteralbus.domain;

 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@ -25,6 +26,7 @@ public class Blog implements Serializable
     * The Blog id.
     */
    @TableId(type= IdType.ASSIGN_ID)
+    @JsonFormat(shape = JsonFormat.Shape.STRING)
    Long blogId;
    /**
     * The Blog title.
--- a/src/main/java/com/peteralbus/domain/FriendLink.java
+++ b/src/main/java/com/peteralbus/domain/FriendLink.java
@ -2,6 +2,7 @@ package com.peteralbus.domain;

 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@ -22,6 +23,7 @@ public class FriendLink
     * The Link id.
     */
    @TableId(type= IdType.ASSIGN_ID)
+    @JsonFormat(shape = JsonFormat.Shape.STRING)
    Long linkId;
    /**
     * The Link name.
--- a/src/main/java/com/peteralbus/domain/Photo.java
+++ b/src/main/java/com/peteralbus/domain/Photo.java
@ -2,6 +2,7 @@ package com.peteralbus.domain;

 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@ -23,6 +24,7 @@ public class Photo implements Serializable
     * The Img id.
     */
    @TableId(type= IdType.ASSIGN_ID)
+    @JsonFormat(shape = JsonFormat.Shape.STRING)
    Long imgId;
    /**
     * The Img name.
--- a/src/main/java/com/peteralbus/service/BlogService.java
+++ b/src/main/java/com/peteralbus/service/BlogService.java
@ -25,7 +25,7 @@ public interface BlogService
     * @param id the id
     * @return the blog
     */
-    Blog queryById(Integer id);
+    Blog queryById(Long id);

    /**
     * Add int.
--- a/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java
+++ b/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java
@ -38,7 +38,7 @@ public class BlogServiceImpl implements BlogService
    }

    @Override
-    public Blog queryById(Integer id)
+    public Blog queryById(Long id)
    {
        return blogMapper.selectById(id);
    }