From 0c296d45b9e31a69a51bcbb335ba144b74ddb65b Mon Sep 17 00:00:00 2001 From: PeterAlbus Date: Tue, 22 Mar 2022 10:46:30 +0800 Subject: [PATCH] add type check for file upload --- pom.xml | 4 +- .../peteralbus/controller/BlogController.java | 47 ++++-- .../controller/FriendLinkController.java | 2 +- .../controller/PhotoController.java | 144 +++++++++++++----- src/main/java/com/peteralbus/domain/Blog.java | 2 + .../com/peteralbus/domain/FriendLink.java | 2 + .../java/com/peteralbus/domain/Photo.java | 2 + .../com/peteralbus/service/BlogService.java | 2 +- .../service/impl/BlogServiceImpl.java | 2 +- 9 files changed, 148 insertions(+), 59 deletions(-) diff --git a/pom.xml b/pom.xml index 685c8c3..68c58c6 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ com.baomidou mybatis-plus-boot-starter - 3.4.3.1 + 3.5.0 mysql @@ -46,7 +46,7 @@ net.coobird thumbnailator - 0.4.8 + 0.4.15 diff --git a/src/main/java/com/peteralbus/controller/BlogController.java b/src/main/java/com/peteralbus/controller/BlogController.java index 09f0719..dabaa73 100644 --- a/src/main/java/com/peteralbus/controller/BlogController.java +++ b/src/main/java/com/peteralbus/controller/BlogController.java @@ -8,7 +8,9 @@ import org.springframework.web.multipart.MultipartFile; import java.io.File; import java.io.IOException; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.UUID; @@ -55,7 +57,7 @@ public class BlogController * @return the blog */ @GetMapping("/queryById") - public Blog queryById(Integer id) + public Blog queryById(Long id) { return blogService.queryById(id); } @@ -69,7 +71,7 @@ public class BlogController @PostMapping("/add") public String add(Blog blog) { - int status=-1; + int status; status=blogService.add(blog); if(status>0) { @@ -90,7 +92,7 @@ public class BlogController @PostMapping("/update") public String update(Blog blog) { - int status=-1; + int status; status=blogService.update(blog); if(status>0) { @@ -111,19 +113,36 @@ public class BlogController @PostMapping("/upload") public String upload(@RequestParam("file") MultipartFile file) { - System.out.println("fileUpload"); String uploadPath="/home/PeterAlbus/assets/blog/imgs/cover/"; - // 获取上传的文件名称 String fileName = file.getOriginalFilename(); - String newName= UUID.randomUUID().toString().replace("-", "").toLowerCase(); - File dest = new File(uploadPath + newName); - try { - // 上传的文件被保存了 - file.transferTo(dest); - System.out.println("上传成功,当前上传的文件保存在"+"https://www.peteralbus.com:8440/assets/blog/imgs/cover/"+newName); - return "https://www.peteralbus.com:8440/assets/blog/imgs/cover/"+newName; - } catch (IOException e) { - return "上传错误:"+e.getMessage(); + String type="unknown"; + final Set allowTypes = new HashSet(){{ + add(".jpg"); + add(".jpeg"); + add(".png"); + add(".JPG"); + add(".JPEG"); + add(".PNG"); + add(".webp"); + add(".tif"); + add(".WEBP"); + add(".TIF"); + }}; + if(fileName!=null) + { + type=fileName.substring(fileName.lastIndexOf('.')); + } + if(allowTypes.contains(type)) + { + String newName= UUID.randomUUID().toString().replace("-", "").toLowerCase()+type; + File dest = new File(uploadPath + newName); + try { + file.transferTo(dest); + return "https://file.peteralbus.com/assets/blog/imgs/cover/"+newName; + } catch (IOException e) { + return "上传错误:"+e.getMessage(); + } } + return "typeError"; } } diff --git a/src/main/java/com/peteralbus/controller/FriendLinkController.java b/src/main/java/com/peteralbus/controller/FriendLinkController.java index dca5696..29f0886 100644 --- a/src/main/java/com/peteralbus/controller/FriendLinkController.java +++ b/src/main/java/com/peteralbus/controller/FriendLinkController.java @@ -15,7 +15,7 @@ import java.util.List; * Created on 2022/1/19. */ @RestController -@CrossOrigin(origins = {"http://peteralbus.com","https://peteralbus.com","localhost"}) +@CrossOrigin(origins = {"http://www.peteralbus.com","https://www.peteralbus.com","http://localhost","http://peteralbus.com","https://peteralbus.com"}) @RequestMapping("/friendLink") public class FriendLinkController { diff --git a/src/main/java/com/peteralbus/controller/PhotoController.java b/src/main/java/com/peteralbus/controller/PhotoController.java index 5ba4242..308dc48 100644 --- a/src/main/java/com/peteralbus/controller/PhotoController.java +++ b/src/main/java/com/peteralbus/controller/PhotoController.java @@ -9,8 +9,7 @@ import org.springframework.web.multipart.MultipartFile; import java.io.File; import java.io.IOException; -import java.util.List; -import java.util.UUID; +import java.util.*; /** * The type Photo controller. @@ -54,27 +53,47 @@ public class PhotoController @PostMapping("/upload") public String upload(@RequestParam("file") MultipartFile file,String imgName) { - System.out.println("fileUpload"); String uploadPath="/home/PeterAlbus/assets/blog/imgs/photo/"; - // 获取上传的文件名称 String fileName = file.getOriginalFilename(); - File dest = new File(uploadPath + fileName); - try { - // 上传的文件被保存了 - file.transferTo(dest); - Thumbnails.of("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName).size(200, 300).toFile("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg"); - System.out.println("上传成功,当前上传的文件保存在"+"https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName); - Photo photo=new Photo(); - photo.setImgSrc("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName); - photo.setImgThumb("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg"); - photo.setImgName(imgName); - photoService.add(photo); - return "success"; - } catch (IOException e) { - //log.error(e.toString()); + String type="unknown"; + final Set allowTypes = new HashSet(){{ + add(".jpg"); + add(".jpeg"); + add(".png"); + add(".JPG"); + add(".JPEG"); + add(".PNG"); + add(".webp"); + add(".WEBP"); + add(".tif"); + add(".TIF"); + add(".bmp"); + add(".gif"); + add(".BMP"); + add(".GIF"); + }}; + if(fileName!=null) + { + type=fileName.substring(fileName.lastIndexOf('.')); } - // 待完成 —— 文件类型校验工作 - return "fail"; + if(allowTypes.contains(type)) + { + File dest = new File(uploadPath + fileName); + try { + // 上传的文件被保存了 + file.transferTo(dest); + Thumbnails.of("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName).size(200, 300).toFile("/home/PeterAlbus/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg"); + Photo photo=new Photo(); + photo.setImgSrc("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName); + photo.setImgThumb("https://file.peteralbus.com/assets/blog/imgs/photo/"+fileName+"_THUMB.jpg"); + photo.setImgName(imgName); + photoService.add(photo); + return "success"; + } catch (IOException e) { + return "上传错误:"+e.getMessage(); + } + } + return "typeError"; } /** @@ -90,18 +109,47 @@ public class PhotoController { /*pathExample:blog/imgs/photo/*/ String uploadPath="/home/PeterAlbus/assets/"+path; - // 获取上传的文件名称 - saveName=saveName+".jpg"; - File dest = new File(uploadPath + saveName); - try { - // 上传的文件被保存了 - file.transferTo(dest); - Thumbnails.of(uploadPath+ saveName).size(300, 300).toFile(uploadPath+ saveName +"_THUMB.jpg"); - return "https://file.peteralbus.com/assets/"+path+ saveName +"_THUMB.jpg"; - } catch (IOException e) { - e.printStackTrace(); - return "error:"+e.getMessage(); + String fileName=file.getOriginalFilename(); + String type="unknown"; + final Set allowTypes = new HashSet(){{ + add(".jpg"); + add(".jpeg"); + add(".png"); + add(".JPG"); + add(".JPEG"); + add(".PNG"); + add(".tif"); + add(".TIF"); + add(".bmp"); + add(".BMP"); + add(".gif"); + add(".GIF"); + }}; + if(fileName!=null) + { + type=fileName.substring(fileName.lastIndexOf('.')); + } + if(allowTypes.contains(type)) + { + if(!"".equals(saveName)) + { + saveName=saveName+type; + } + else + { + saveName=fileName; + } + File dest = new File(uploadPath + saveName); + try { + file.transferTo(dest); + Thumbnails.of(uploadPath+ saveName).size(300, 300).toFile(uploadPath+ saveName +"_THUMB.jpg"); + return "https://file.peteralbus.com/assets/"+path+ saveName +"_THUMB.jpg"; + } catch (IOException e) { + e.printStackTrace(); + return "error:"+e.getMessage(); + } } + return "typeError"; } /** @@ -116,16 +164,32 @@ public class PhotoController { /*pathExample:blog/imgs/photo/*/ String uploadPath="/home/PeterAlbus/assets/"+path; - // 获取上传的文件名称 String fileName = file.getOriginalFilename(); - File dest = new File(uploadPath + fileName); - try { - // 上传的文件被保存了 - file.transferTo(dest); - return "https://file.peteralbus.com/assets/"+path+fileName; - } catch (IOException e) { - e.printStackTrace(); - return "error:"+e.getMessage(); + String type="unknown"; + final Set allowTypes = new HashSet(){{ + add(".jpg"); + add(".jpeg"); + add(".png"); + add(".JPG"); + add(".JPEG"); + add(".PNG"); + }}; + if(fileName!=null) + { + type=fileName.substring(fileName.lastIndexOf('.')); + } + if(allowTypes.contains(type)) + { + File dest = new File(uploadPath + fileName); + try { + // 上传的文件被保存了 + file.transferTo(dest); + return "https://file.peteralbus.com/assets/"+path+fileName; + } catch (IOException e) { + e.printStackTrace(); + return "error:"+e.getMessage(); + } } + return "typeError"; } } diff --git a/src/main/java/com/peteralbus/domain/Blog.java b/src/main/java/com/peteralbus/domain/Blog.java index 73be188..060b09b 100644 --- a/src/main/java/com/peteralbus/domain/Blog.java +++ b/src/main/java/com/peteralbus/domain/Blog.java @@ -2,6 +2,7 @@ package com.peteralbus.domain; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableId; +import com.fasterxml.jackson.annotation.JsonFormat; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; @@ -25,6 +26,7 @@ public class Blog implements Serializable * The Blog id. */ @TableId(type= IdType.ASSIGN_ID) + @JsonFormat(shape = JsonFormat.Shape.STRING) Long blogId; /** * The Blog title. diff --git a/src/main/java/com/peteralbus/domain/FriendLink.java b/src/main/java/com/peteralbus/domain/FriendLink.java index ec16dd9..853823a 100644 --- a/src/main/java/com/peteralbus/domain/FriendLink.java +++ b/src/main/java/com/peteralbus/domain/FriendLink.java @@ -2,6 +2,7 @@ package com.peteralbus.domain; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableId; +import com.fasterxml.jackson.annotation.JsonFormat; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; @@ -22,6 +23,7 @@ public class FriendLink * The Link id. */ @TableId(type= IdType.ASSIGN_ID) + @JsonFormat(shape = JsonFormat.Shape.STRING) Long linkId; /** * The Link name. diff --git a/src/main/java/com/peteralbus/domain/Photo.java b/src/main/java/com/peteralbus/domain/Photo.java index 01cdf72..d0b6912 100644 --- a/src/main/java/com/peteralbus/domain/Photo.java +++ b/src/main/java/com/peteralbus/domain/Photo.java @@ -2,6 +2,7 @@ package com.peteralbus.domain; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableId; +import com.fasterxml.jackson.annotation.JsonFormat; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; @@ -23,6 +24,7 @@ public class Photo implements Serializable * The Img id. */ @TableId(type= IdType.ASSIGN_ID) + @JsonFormat(shape = JsonFormat.Shape.STRING) Long imgId; /** * The Img name. diff --git a/src/main/java/com/peteralbus/service/BlogService.java b/src/main/java/com/peteralbus/service/BlogService.java index d898161..94a88f8 100644 --- a/src/main/java/com/peteralbus/service/BlogService.java +++ b/src/main/java/com/peteralbus/service/BlogService.java @@ -25,7 +25,7 @@ public interface BlogService * @param id the id * @return the blog */ - Blog queryById(Integer id); + Blog queryById(Long id); /** * Add int. diff --git a/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java b/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java index a596793..06652f2 100644 --- a/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java +++ b/src/main/java/com/peteralbus/service/impl/BlogServiceImpl.java @@ -38,7 +38,7 @@ public class BlogServiceImpl implements BlogService } @Override - public Blog queryById(Integer id) + public Blog queryById(Long id) { return blogMapper.selectById(id); }