文件下载需求

97637c72 · cjh · 930c0f16 · 97637c72 · 97637c72 · 97637c72
Commit 97637c72 authored Sep 03, 2020 by cjh
11 changed files
--- a/src/main/java/org/sss/presentation/noui/api/response/NoUiVersion.java
+++ b/src/main/java/org/sss/presentation/noui/api/response/NoUiVersion.java
 package org.sss.presentation.noui.api.response;

-public class NoUiVersion {
+public class NoUiParam {

 	private String version = "1.0.0";

+	private String rootFilePath;
+
+	public String getRootFilePath() {
+		return rootFilePath;
+	}
+
+	public void setRootFilePath(String rootFilePath) {
+		this.rootFilePath = rootFilePath;
+	}
+
 	public String getVersion() {
 		return version;
 	}

--- a/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
@@ -23,7 +23,7 @@ import org.sss.presentation.noui.api.exception.NoUiException;
 import org.sss.presentation.noui.api.model.Alias;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.Result;
 import org.sss.presentation.noui.api.response.ResultUtil;
 import org.sss.presentation.noui.common.Constants;
@@ -48,7 +48,7 @@ public abstract class  AbstractCommonController {
 	protected static String ON_STREAM_DOWNLOAD = "ON_STREAM_DOWNLOAD";

 	@Autowired
-	private NoUiVersion noUiVersion;
+	private NoUiParam noUiParam;

 	public  String getMainPanel(){
 		return "";
@@ -139,10 +139,10 @@ public abstract class  AbstractCommonController {
 			Map<String, Object> afterReturnData = handleReturnData(eventType, context, noUiRequest, alias);

 			ret = ResultUtil.result(NoUiPresentationUtil.retCode(context), NoUiPresentationUtil.retMsg(context), afterReturnData,
-					NoUiPresentationUtil.handleErrorReturnData(context, alias), NoUiPresentationUtil.handleCodeTableReturnData(context, alias),noUiVersion.getVersion());
+					NoUiPresentationUtil.handleErrorReturnData(context, alias), NoUiPresentationUtil.handleCodeTableReturnData(context, alias),noUiParam.getVersion());
 		} catch (Exception e) {
 			log.error("OnClick command error", e);
-			ret = ResultUtil.result(ErrorCodes.ERROR, "hander error", e.getMessage(),noUiVersion.getVersion());
+			ret = ResultUtil.result(ErrorCodes.ERROR, "hander error", e.getMessage(),noUiParam.getVersion());
 		} finally {
 			if (context != null)
 			{

--- a/src/main/java/org/sss/presentation/noui/controller/FileBrowserController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/FileBrowserController.java
+package org.sss.presentation.noui.controller;
+
+import log.Log;
+import log.LogFactory;
+import org.apache.commons.io.FileUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.*;
+import org.sss.presentation.noui.api.response.NoUiParam;
+import org.sss.presentation.noui.common.Constants;
+import org.sss.presentation.noui.jwt.RedisLoginInfo;
+import org.sss.presentation.noui.util.RedisUtil;
+import org.sss.presentation.noui.util.StringUtil;
+
+import java.io.File;
+import java.util.Set;
+
+@Controller
+public class FileBrowserController {
+
+	private static final Log log = LogFactory.getLog(FileBrowserController.class);
+
+	@Autowired
+	private NoUiParam noUiParam;
+
+	@RequestMapping(value = "/fileBrowser/{docpath}/{usrName}/{fileName}/{fileExt}/{safeCode}", method = RequestMethod.GET)
+	public ResponseEntity download(@PathVariable String  docpath,@PathVariable String usrName, @PathVariable String fileName, @PathVariable String fileExt, @PathVariable String safeCode) {
+		try {
+			String file = fileName+"." + fileExt;
+			if (checkFileName(fileName) && authVerify(usrName, file, safeCode)) {
+				byte[] bytes = FileUtils.readFileToByteArray(new File(noUiParam.getRootFilePath()+docpath+"/"+file));
+				HttpHeaders headers = new HttpHeaders();
+				headers.set("Content-Disposition", "attachment;filename="+file);
+				ResponseEntity entity = new ResponseEntity<>(bytes, headers, HttpStatus.OK);
+				return entity;
+			}else{
+				ResponseEntity entity = new ResponseEntity<>( HttpStatus.FORBIDDEN);
+				return entity;
+			}
+		} catch (Exception e) {
+			log.error("下载出错:", e);
+			return null;
+		}
+	}
+
+	public static boolean authVerify(String usrName, String file, String safeCode) throws Exception {
+		String token;
+		//redis获取token
+		Set<String> keys = RedisUtil.keys(Constants.SESSION + "." + usrName);
+		if (!keys.isEmpty()) {
+			token = ((RedisLoginInfo) keys.toArray()[0]).getToken();
+		} else
+			return false;
+		StringBuilder sb = new StringBuilder(usrName);
+		StringBuilder result = new StringBuilder();
+		result.append(sb.reverse());
+		result.append(file);
+		result.append(token);
+		result.append("1415926@;RHxC");
+		if (StringUtil.encryptMD5(result.toString()).equalsIgnoreCase(safeCode)) {
+			return true;
+		} else
+			return false;
+	}
+
+	public static boolean checkFileName(String fileName){
+		if(fileName.contains("../") || fileName.contains("./") ||
+		fileName.contains("..\\") || fileName.contains(".\\"))
+			return false;
+		else
+			return true;
+	}
+}
--- a/src/main/java/org/sss/presentation/noui/controller/LoginController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/LoginController.java
@@ -14,7 +14,7 @@ import org.sss.presentation.noui.api.model.Menu;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.api.response.ErrorCode;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.ResultUtil;
 import org.sss.presentation.noui.common.Constants;
 import org.sss.presentation.noui.context.NoUiContext;
@@ -37,7 +37,7 @@ public class LoginController {
 	public static final String ERROR="error";

 	@Autowired
-	private NoUiVersion noUiVersion;
+	private NoUiParam noUiParam;

 	@ResponseBody
 	@RequestMapping(value = "/login", method = RequestMethod.POST)
@@ -86,22 +86,22 @@ public class LoginController {
 				//解决初次登陆，超期限登陆
 				final Object o = map.get(ERROR);
 				if (Objects.isNull(o)) {
-					return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiVersion.getVersion());
+					return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiParam.getVersion());
 				}else {
 					ErrorCode errorCode = (ErrorCode) o;
 					log.error(errorCode);
-					return ResultUtil.result(errorCode.getCode(), errorCode.getMessage(), retDatamap,noUiVersion.getVersion());
+					return ResultUtil.result(errorCode.getCode(), errorCode.getMessage(), retDatamap,noUiParam.getVersion());
 				}
 			}else {
 				final ErrorCode errorCode = (ErrorCode) map.get(ERROR);
 				log.error(errorCode);
-				return ResultUtil.result(errorCode.getCode(), errorCode.getMessage(), null,noUiVersion.getVersion());
+				return ResultUtil.result(errorCode.getCode(), errorCode.getMessage(), null,noUiParam.getVersion());
 			}
 		} catch (Exception e) {
 			log.error("Login command error", e);
 			//throw new NoUiException("Login command error", e);
 //			return ResultUtil.result(ErrorCodes.ERROR, "login failed with exception", null);
-			return ResultUtil.result(ErrorCode.SYSTEM_ERROR.getCode(), ErrorCode.SYSTEM_ERROR.getMessage(), null,noUiVersion.getVersion());
+			return ResultUtil.result(ErrorCode.SYSTEM_ERROR.getCode(), ErrorCode.SYSTEM_ERROR.getMessage(), null,noUiParam.getVersion());
 		}
 		finally{
 			if (context != null)

--- a/src/main/java/org/sss/presentation/noui/controller/UkeyLoginController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/UkeyLoginController.java
@@ -13,7 +13,7 @@ import org.sss.common.model.Argument;
 import org.sss.common.model.IResult;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.ResultUtil;
 import org.sss.presentation.noui.context.NoUiContext;
 import org.sss.presentation.noui.context.NoUiContextManager;
@@ -28,7 +28,7 @@ import java.util.Map;
 public class UkeyLoginController {

    @Autowired
-    private NoUiVersion noUiVersion;
+    private NoUiParam noUiParam;

    private static final Log log = LogFactory.getLog(UkeyLoginController.class);
    @ResponseBody
@@ -47,12 +47,12 @@ public class UkeyLoginController {
            {
                retDatamap.put("msgCode", "0000");
                retDatamap.put("loginid", loginid);
-                return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiVersion.getVersion());
+                return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiParam.getVersion());
            }
        }
        retDatamap.put("msgCode", "9999");
        retDatamap.put("loginid", "");
-        return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiVersion.getVersion());
+        return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap,noUiParam.getVersion());
    }

    private Map<String,Object> getLoginidByDN(String certdn,NoUiRequest noUiRequest) {

--- a/src/main/java/org/sss/presentation/noui/filter/FileTypeInterceptor.java
+++ b/src/main/java/org/sss/presentation/noui/filter/FileTypeInterceptor.java
@@ -7,7 +7,7 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.Result;

 import javax.servlet.http.HttpServletRequest;
@@ -22,7 +22,7 @@ import java.util.Map;
 public class FileTypeInterceptor extends HandlerInterceptorAdapter {

 	@Autowired
-	private NoUiVersion noUiVersion;
+	private NoUiParam noUiParam;

 	private String type_list;

@@ -44,7 +44,7 @@ public class FileTypeInterceptor extends HandlerInterceptorAdapter {
 					//限制文件类型，请求转发到原始请求页面，并携带错误提示信息
 					flag = false;
 					response.setContentType("application/json; charset=utf-8");
-					Result result = new Result(ErrorCodes.ERROR, "不支持的文件类型！", null,noUiVersion.getVersion());
+					Result result = new Result(ErrorCodes.ERROR, "不支持的文件类型！", null,noUiParam.getVersion());
 					PrintWriter out = response.getWriter();
 					String json = new Gson().toJson(result);
 					out.print(json);

--- a/src/main/java/org/sss/presentation/noui/jwt/OpenTransInterceptor.java
+++ b/src/main/java/org/sss/presentation/noui/jwt/OpenTransInterceptor.java
@@ -11,7 +11,7 @@ import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.Result;
 import org.sss.presentation.noui.common.Constants;
 import org.sss.presentation.noui.context.NoUiContextManager;
@@ -30,7 +30,7 @@ public class OpenTransInterceptor implements HandlerInterceptor {
 	protected static final Log log = LogFactory.getLog(OpenTransInterceptor.class);

 	@Autowired
-	private NoUiVersion noUiVersion;
+	private NoUiParam noUiParam;
 	
 	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception arg3) throws Exception {

@@ -67,7 +67,7 @@ public class OpenTransInterceptor implements HandlerInterceptor {
 			trnnam = url.substring(begpos, idx2);
 		if(trnnam==null)
 		{
-			Result rt = new Result(ErrorCodes.UNKNOEW_TRANS, "未知的交易", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.UNKNOEW_TRANS, "未知的交易", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}
@@ -75,7 +75,7 @@ public class OpenTransInterceptor implements HandlerInterceptor {
 		log.debug("开放访问交易名："+trnnam);
 		if(!NoUiContextManager.openTransactions.contains(trnnam))
 		{
-			Result rt = new Result(ErrorCodes.FORBIDDEN_TRANS, "非法访问", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.FORBIDDEN_TRANS, "非法访问", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}

--- a/src/main/java/org/sss/presentation/noui/jwt/TokenInterceptor.java
+++ b/src/main/java/org/sss/presentation/noui/jwt/TokenInterceptor.java
@@ -10,9 +10,10 @@ import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.api.response.ErrorCodes;
-import org.sss.presentation.noui.api.response.NoUiVersion;
+import org.sss.presentation.noui.api.response.NoUiParam;
 import org.sss.presentation.noui.api.response.Result;
 import org.sss.presentation.noui.common.Constants;
+import org.sss.presentation.noui.util.NoUiUtils;
 import org.sss.presentation.noui.util.NumericUtil;
 import org.sss.presentation.noui.util.RedisUtil;
 import org.sss.presentation.noui.util.StringUtil;
@@ -22,10 +23,10 @@ import com.google.gson.Gson;
 public class TokenInterceptor implements HandlerInterceptor {

 	@Autowired
-	private NoUiVersion noUiVersion;
+	private NoUiParam noUiParam;

 	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception arg3) throws Exception {
-
+		NoUiUtils.clearLoginInfo();
 	}

 	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView model) throws Exception {
@@ -40,14 +41,14 @@ public class TokenInterceptor implements HandlerInterceptor {
 		String terminalType = noUiRequest.getTerminalType(); // APP WEB
 		// token不存在
 		if (StringUtil.isEmpty(token)) {
-			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_ISNULL, "登录token不能为空", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_ISNULL, "登录token不能为空", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}

 		// userId不存在
 		if (StringUtil.isEmpty(userId)) {
-			Result rt = new Result(ErrorCodes.LOGIN_ID_ISNULL, "用户id不能为空", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.LOGIN_ID_ISNULL, "用户id不能为空", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}
@@ -60,20 +61,20 @@ public class TokenInterceptor implements HandlerInterceptor {

 		JwtLogin login = JWT.unsign(token, JwtLogin.class);
 		if (login == null || (!userId.equals((login.getUserId())))) {
-			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_CHECKERROR, "用户token或ID验证不通过", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_CHECKERROR, "用户token或ID验证不通过", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}

 		RedisLoginInfo redisLoginInfo = (RedisLoginInfo) RedisUtil.get(StringUtil.userUniqueId(noUiRequest));
 		if (redisLoginInfo == null) {
-			Result rt = new Result(ErrorCodes.LOGIN_ERROR, "登陆异常", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.LOGIN_ERROR, "登陆异常", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}
 		//验证token是否一致
 		if(!token.equals(redisLoginInfo.getToken())){
-			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_CHECKERROR, "token失效，该用户被强迫下线", null,noUiVersion.getVersion());
+			Result rt = new Result(ErrorCodes.LOGIN_TOKEN_CHECKERROR, "token失效，该用户被强迫下线", null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}
@@ -81,7 +82,7 @@ public class TokenInterceptor implements HandlerInterceptor {
 		if (System.currentTimeMillis() > redisLoginInfo.getExpiredTime()) {

 			Result rt = new Result(ErrorCodes.LOGIN_TIMEOUT, "会话超时，请重新登录。超时时间戳："+redisLoginInfo.getExpiredTime()+
-					"，当前时间戳："+System.currentTimeMillis(), null,noUiVersion.getVersion());
+					"，当前时间戳："+System.currentTimeMillis(), null,noUiParam.getVersion());
 			responseMessage(response, response.getWriter(), rt);
 			return false;
 		}
@@ -89,6 +90,8 @@ public class TokenInterceptor implements HandlerInterceptor {
 		// 重新刷入登陆时间
 		RedisLoginInfo nweRedisLoginInfo = new RedisLoginInfo(userId, token, NumericUtil.sessionTimeOut(), redisLoginInfo.getSysmod(),noUiRequest.getTerminalType());
 		RedisUtil.set(Constants.SESSION + "." + userId + "." + terminalType, nweRedisLoginInfo);
+
+		NoUiUtils.setLoginInfo(nweRedisLoginInfo);
 		return true;

 	}

--- a/src/main/java/org/sss/presentation/noui/util/NoUiUtils.java
+++ b/src/main/java/org/sss/presentation/noui/util/NoUiUtils.java
@@ -9,6 +9,7 @@ import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.common.Constants;
 import org.sss.presentation.noui.context.NoUiContext;
 import org.sss.presentation.noui.context.NoUiPresentation;
+import org.sss.presentation.noui.jwt.RedisLoginInfo;
 import org.sss.util.ContainerUtils;

 import java.util.ArrayList;
@@ -107,9 +108,6 @@ public class NoUiUtils {

 	//模糊匹配删除所有终端登陆key
 	public static void logout(String userId,String type){
-//		NoUiRequest noUiRequest = new NoUiRequest();
-//		noUiRequest.setUserId(userId);
-//		noUiRequest.setTerminalType(type);
 		try {
 			if ("*".equals(type)) {
 				Set<String> keys = RedisUtil.keys(Constants.SESSION + "." + userId);
@@ -120,6 +118,26 @@ public class NoUiUtils {
 		}catch (Exception e){
 			log.error("logout error:",e);
 		}
-//		return RedisUtil.delete(StringUtil.userUniqueId(noUiRequest));
+	}
+
+	public static ThreadLocal<RedisLoginInfo> tl = new ThreadLocal<RedisLoginInfo>();
+
+	public static void setLoginInfo(RedisLoginInfo redisLoginInfo){
+		tl.set(redisLoginInfo);
+	}
+
+
+	public static void clearLoginInfo(){
+		tl.remove();
+	}
+
+	public static String getToken()
+	{
+		return tl.get().getToken();
+	}
+
+	public static String getTerminalType()
+	{
+		return tl.get().getTerminalType();
 	}
 }
--- a/src/main/java/org/sss/presentation/noui/util/StringUtil.java
+++ b/src/main/java/org/sss/presentation/noui/util/StringUtil.java
@@ -3,6 +3,8 @@ package org.sss.presentation.noui.util;
 import org.sss.presentation.noui.api.request.NoUiRequest;
 import org.sss.presentation.noui.common.Constants;

+import java.security.MessageDigest;
+
 public class StringUtil {

 	public static boolean isEmpty(String str) {
@@ -15,4 +17,35 @@ public class StringUtil {
 		return Constants.SESSION + "." + request.getUserId() + "." + request.getTerminalType();
 	}

+	/**
+	 * MD5加密字符串
+	 * @param inStr
+	 * @return
+	 * @throws Exception
+	 */
+	public static String encryptMD5(String inStr) throws Exception
+	{
+		MessageDigest md5 = null;
+		md5 = MessageDigest.getInstance("MD5");
+		char[] charArray = inStr.toCharArray();
+		byte[] byteArray = new byte[charArray.length];
+
+		for (int i = 0; i < charArray.length; i++)
+			byteArray[i] = (byte) charArray[i];
+
+		byte[] md5Bytes = md5.digest(byteArray);
+
+		StringBuffer hexValue = new StringBuffer();
+
+		for (int i = 0; i < md5Bytes.length; i++)
+		{
+			int val = ((int) md5Bytes[i]) & 0xff;
+			if (val < 16)
+				hexValue.append("0");
+			hexValue.append(Integer.toHexString(val));
+		}
+
+		return hexValue.toString();
+	}
+
 }
--- a/src/main/resources/spring-mvc.xml
+++ b/src/main/resources/spring-mvc.xml
@@ -24,6 +24,7 @@
 			<mvc:mapping path="/**" />
 			<!--login 不需要拦截 -->
 			<mvc:exclude-mapping path="/login" />
+            <mvc:exclude-mapping path="/fileBrowser/**" />
 			<bean class="org.sss.presentation.noui.jwt.TokenInterceptor"></bean>
 		</mvc:interceptor>

@@ -42,8 +43,9 @@
       <property name="maxInMemorySize" value="200000" />
 	</bean>

-    <bean id="nouiVersion" class="org.sss.presentation.noui.api.response.NoUiVersion">
+    <bean id="nouiParam" class="org.sss.presentation.noui.api.response.NoUiParam">
        <property name="version" value="V1.0.0" />
+        <property name="rootFilePath" value="f:/" />
    </bean>

 	<!-- 配置自动扫描的包 -->