!85 新增备案信息,禁止上传类型,删除支持密码功能

Merge pull request !85 from 高雄/master

server/src/main/config/application.properties

@@ -2,8 +2,9 @@
 server.port = ${KK_SERVER_PORT:8012}
 server.servlet.context-path= ${KK_CONTEXT_PATH:/}
 server.servlet.encoding.charset = utf-8
-#文件上传限制
+#文件上传限制前端
 spring.servlet.multipart.max-file-size=500MB
+#文件上传限制
 spring.servlet.multipart.max-request-size=500MB
 ## Freemarker 配置
 spring.freemarker.template-loader-path = classpath:/web/
@@ -117,3 +118,9 @@ watermark.angle = ${WATERMARK_ANGLE:10}
 #Tif类型图片浏览模式：tif（利用前端js插件浏览）；jpg（转换为jpg后前端显示）；pdf（转换为pdf后显示，便于打印）
 tif.preview.type = ${KK_TIF_PREVIEW_TYPE:tif}
 
+# 备案信息
+BeiAn = 
+#禁止上传类型
+prohibit =exe,dll,dat
+#删除密码
+sc.password =123456

server/src/main/java/cn/keking/config/ConfigConstants.java

@@ -42,6 +42,10 @@ public class ConfigConstants {
     private static String pdfBookmarkDisable;
     private static Boolean fileUploadDisable;
     private static String tifPreviewType;
+    private static String BeiAn;
+    private static String[] prohibit= {};
+    private static String size;
+    private static String password;
 
     public static final String DEFAULT_CACHE_ENABLED = "true";
     public static final String DEFAULT_TXT_TYPE = "txt,html,htm,asp,jsp,xml,json,properties,md,gitignore,log,java,py,c,cpp,sql,sh,bat,m,bas,prg,cmd";
@@ -62,6 +66,10 @@ public class ConfigConstants {
     public static final String DEFAULT_PDF_BOOKMARK_DISABLE = "true";
     public static final String DEFAULT_FILE_UPLOAD_DISABLE = "false";
     public static final String DEFAULT_TIF_PREVIEW_TYPE = "tif";
+    public static final String DEFAULT_BeiAn_DISABLE = "无";
+    public static final String DEFAULT_size_DISABLE = "500MB";
+    public static final String DEFAULT_prohibit_DISABLE = "exe,dll";
+    public static final String DEFAULT_password_DISABLE = "123456";
 
     public static Boolean isCacheEnabled() {
         return cacheEnabled;
@@ -353,4 +361,49 @@ public class ConfigConstants {
     public static void setTifPreviewTypeValue(String tifPreviewType) {
         ConfigConstants.tifPreviewType = tifPreviewType;
     }
+
+    public static String getBeiAn() {
+        return BeiAn;
+    }
+    @Value("${BeiAn:无}")
+    public void setBeiAn(String BeiAn) {
+        setBeiAnValue(BeiAn);
+    }
+    public static void setBeiAnValue(String BeiAn) {
+        ConfigConstants.BeiAn = BeiAn;
+    }
+    public static String[] getprohibit() {
+        return prohibit;
+    }
+    @Value("${prohibit:exe,dll}")
+    public void setprohibit(String prohibit) {
+        String[] prohibittArr = prohibit.split(",");
+        setprohibitValue(prohibittArr);
+    }
+
+    public static void setprohibitValue(String[] prohibit) {
+        ConfigConstants.prohibit = prohibit;
+    }
+    public static String maxsize() {
+        return size;
+    }
+    @Value("${spring.servlet.multipart.max-file-size:500MB}")
+    public void setsize(String size) {
+        setsizeValue(size);
+    }
+    public static void setsizeValue(String size) {
+        ConfigConstants.size = size;
+    }
+
+    public static String getpassword() {
+        return password;
+    }
+    @Value("${sc.password:123456}")
+    public void setpassword(String password) {
+        setpasswordValue(password);
+    }
+    public static void setpasswordValue(String password) {
+        ConfigConstants.password = password;
+    }
+
 }

server/src/main/java/cn/keking/config/ConfigRefreshComponent.java

@@ -53,7 +53,11 @@ public class ConfigRefreshComponent {
                 String pdfBookmarkDisable;
                 boolean fileUploadDisable;
                 String tifPreviewType;
-
+                String prohibit;
+                String[] prohibitArray;
+                String BeiAn;
+                String size;
+                String password;
                 while (true) {
                     FileReader fileReader = new FileReader(configFilePath);
                     BufferedReader bufferedReader = new BufferedReader(fileReader);
@@ -78,6 +82,11 @@ public class ConfigRefreshComponent {
                     pdfBookmarkDisable = properties.getProperty("pdf.bookmark.disable", ConfigConstants.DEFAULT_PDF_BOOKMARK_DISABLE);
                     fileUploadDisable = Boolean.parseBoolean(properties.getProperty("file.upload.disable", ConfigConstants.DEFAULT_FILE_UPLOAD_DISABLE));
                     tifPreviewType = properties.getProperty("tif.preview.type", ConfigConstants.DEFAULT_TIF_PREVIEW_TYPE);
+                    size = properties.getProperty("spring.servlet.multipart.max-file-size", ConfigConstants.DEFAULT_size_DISABLE);
+                    BeiAn = properties.getProperty("BeiAn", ConfigConstants.DEFAULT_BeiAn_DISABLE);
+                    prohibit = properties.getProperty("prohibit", ConfigConstants.DEFAULT_prohibit_DISABLE);
+                    password = properties.getProperty("sc.password", ConfigConstants.DEFAULT_password_DISABLE);
+                    prohibitArray = prohibit.split(",");
 
                     ConfigConstants.setCacheEnabledValueValue(cacheEnabled);
                     ConfigConstants.setSimTextValue(textArray);
@@ -96,6 +105,10 @@ public class ConfigRefreshComponent {
                     ConfigConstants.setPdfBookmarkDisableValue(pdfBookmarkDisable);
                     ConfigConstants.setFileUploadDisableValue(fileUploadDisable);
                     ConfigConstants.setTifPreviewTypeValue(tifPreviewType);
+                    ConfigConstants.setBeiAnValue(BeiAn);
+                    ConfigConstants.setsizeValue(size);
+                    ConfigConstants.setprohibitValue(prohibitArray);
+                    ConfigConstants.setpasswordValue(password);
                     setWatermarkConfig(properties);
                     bufferedReader.close();
                     fileReader.close();

server/src/main/java/cn/keking/utils/DownloadUtils.java

@@ -49,6 +49,12 @@ public class DownloadUtils {
             logger.error("忽略SSL证书异常:", e);
         }
         ReturnResponse<String> response = new ReturnResponse<>(0, "下载成功!!!", "");
+        if (!KkFileUtils.isAllowedUpload(fileName)) {
+            response.setCode(1);
+            response.setContent(null);
+            response.setMsg("下载失败:不支持的类型!" + urlStr);
+            return response;
+        }
         assert urlStr != null;
         if (urlStr.contains("?fileKey=")) {
             response.setContent(fileDir + urlStrr);

server/src/main/java/cn/keking/utils/KkFileUtils.java

@@ -1,7 +1,9 @@
 package cn.keking.utils;
 
+import cn.keking.config.ConfigConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.HtmlUtils;
 
@@ -174,4 +176,19 @@ public class KkFileUtils {
         return true;
     }
 
+    /**
+     * 判断文件是否允许上传
+     *
+     * @param file 文件扩展名
+     * @return 是否允许上传
+     */
+    public static boolean isAllowedUpload(String file) {
+        String fileType = suffixFromFileName(file);
+            for (String type : ConfigConstants.getprohibit()) {
+            if (type.equals(fileType))
+                return false;
+        }
+        return !ObjectUtils.isEmpty(fileType);
+    }
+
 }

server/src/main/java/cn/keking/web/controller/FileController.java

@@ -36,7 +36,6 @@ public class FileController {
     private final String demoDir = "demo";
     private final String demoPath = demoDir + File.separator;
     public static final String BASE64_DECODE_ERROR_MSG = "Base64解码失败，请检查你的 %s 是否采用 Base64 + urlEncode 双重编码了！";
-    private static final String[] not_allowed = { "dll", "exe", "msi" }; // 不允许上传的文件扩展名
 
     @PostMapping("/fileUpload")
     public ReturnResponse<Object> fileUpload(@RequestParam("file") MultipartFile file) {
@@ -60,12 +59,16 @@ public class FileController {
     }
 
     @GetMapping("/deleteFile")
-    public ReturnResponse<Object> deleteFile(String fileName) {
+    public ReturnResponse<Object> deleteFile(String fileName,String password) {
         ReturnResponse<Object> checkResult = this.deleteFileCheck(fileName);
         if (checkResult.isFailure()) {
             return checkResult;
         }
-        fileName = checkResult.getContent().toString();
+         fileName = checkResult.getContent().toString();
+        if(!ConfigConstants.getpassword().equalsIgnoreCase(password)){
+            logger.error("删除文件【{}】失败，密码错误！",fileName);
+            return ReturnResponse.failure("删除文件失败，密码错误！");
+        }
         File file = new File(fileDir + demoPath + fileName);
         logger.info("删除文件：{}", file.getAbsolutePath());
         if (file.exists() && !file.delete()) {
@@ -103,8 +106,10 @@ public class FileController {
             return ReturnResponse.failure("文件传接口已禁用");
         }
         String fileName = WebUtils.getFileNameFromMultipartFile(file);
-
-        if (!isAllowedUpload(fileName)) {
+        if(fileName.lastIndexOf(".")==-1){
+            return ReturnResponse.failure("不允许上传的类型");
+        }
+        if (!KkFileUtils.isAllowedUpload(fileName)) {
             return ReturnResponse.failure("不允许上传的文件类型: " + fileName);
         }
         if (KkFileUtils.isIllegalFileName(fileName)) {
@@ -117,20 +122,6 @@ public class FileController {
         return ReturnResponse.success(fileName);
     }
 
-    /**
-     * 判断文件是否允许上传
-     *
-     * @param file 文件扩展名
-     * @return 是否允许上传
-     */
-    private boolean isAllowedUpload(String file) {
-        String fileType = KkFileUtils.suffixFromFileName(file);
-        for (String type : not_allowed) {
-            if (type.equals(fileType))
-                return false;
-        }
-        return !ObjectUtils.isEmpty(fileType);
-    }
 
     /**
      * 删除文件前校验

server/src/main/java/cn/keking/web/filter/AttributeSetFilter.java

@@ -40,6 +40,8 @@ public class AttributeSetFilter implements Filter {
         request.setAttribute("fileKey", httpRequest.getParameter("fileKey"));
         request.setAttribute("switchDisabled", ConfigConstants.getOfficePreviewSwitchDisabled());
         request.setAttribute("fileUploadDisable", ConfigConstants.getFileUploadDisable());
+        request.setAttribute("BeiAn", ConfigConstants.getBeiAn());
+        request.setAttribute("size", ConfigConstants.maxsize());
     }
 
     /**

server/src/main/resources/web/main/index.ftl

@@ -116,33 +116,10 @@
         </div>
         <div class="panel-body">
             <#if fileUploadDisable == false>
-                <div style="padding: 10px">
+                <div style="padding: 10px" >
                     <form enctype="multipart/form-data" id="fileUpload">
-                        <div class="form-group">
-                            <p id="fileName"></p>
-                            <div class="row">
-                                <div class="col-md-2">
-                                    <button type="button" class="btn btn-default" id="fileSelectBtn" style="margin-bottom:8px">
-                                        <span class="glyphicon glyphicon-cloud-upload" aria-hidden="true"></span> 选择文件
-                                    </button>
-                                </div>
-                                <div class="col-md-1">
-                                    <button id="btnSubmit" type="button" class="btn btn-success">上 传</button>
-                                </div>
-                                <div class="col-md-9">
-                                </div>
-                            </div>
-
-                            <input type="file" name="file" style="display: none" id="fileSelect"
-                                   onchange="onFileSelected()"/>
-                            <div class="alert alert-danger alert-dismissable hide" role="alert" id="postFileAlert">
-                                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
-                                    <span aria-hidden="true">&times;</span>
-                                </button>
-                                <strong>请选择需要上传的文件！</strong>
-                            </div>
-                        </div>
-
+                        <input type="file" id="size" name="file"/>
+                        <input type="button" id="btnSubmit" value=" 上 传 "/>
                     </form>
                 </div>
             </#if>
@@ -175,22 +152,34 @@
         </div>
     </div>
 </div>
+<div style="display: grid; place-items: center;">
+    <div>
+        <a target="_blank"  href="https://beian.miit.gov.cn/" >${BeiAn}</a>
+    </div>
+</div>
 <script>
-    function deleteFile(fileName) {
-        $.ajax({
-            url: '${baseUrl}deleteFile?fileName=' + fileName,
-            success: function (data) {
-                // 删除完成，刷新table
-                if (1 === data.code) {
-                    alert(data.msg);
-                } else {
-                    $('#table').bootstrapTable('refresh', {});
+    function deleteFile(fileName,password) {
+        if(window.confirm('你确定要删除文件吗？')){
+            password = prompt("请输入默认密码:123456");
+            $.ajax({
+                url: '${baseUrl}deleteFile?fileName=' + fileName +'&password='+password,
+                success: function (data) {
+                // console.log(data);
+                    // 删除完成，刷新table
+                    if ("删除文件失败，密码错误！" === data.msg) {
+                        alert(data.msg);
+                    } else {
+                        $('#table').bootstrapTable('refresh', {});
+                    }
+                },
+                error: function (data) {
+                    return false;
                 }
-            },
-            error: function (data) {
-                console.log(data);
-            }
-        })
+            })
+        }else{
+            return false;
+        }
+
     }
 
     function showLoadingDiv() {
@@ -238,7 +227,8 @@
         }).on('pre-body.bs.table', function (e, data) {
             // 每个data添加一列用来操作
             $(data).each(function (index, item) {
-                item.action = "<a class='btn btn-success' target='_blank' href='${baseUrl}onlinePreview?url=" + encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "'>预览</a>";
+                item.action = "<a class='btn btn-success' target='_blank' href='${baseUrl}onlinePreview?url=" + encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "'>预览</a>" +
+                "<a class='btn btn-danger' style='margin-left:10px;' href='javascript:void(0);' onclick='deleteFile(\"" +  encodeURIComponent(Base64.encode('${baseUrl}' + item.fileName)) + "\")'>删除</a>";
             });
             return data;
         }).on('post-body.bs.table', function (e, data) {
@@ -265,20 +255,9 @@
         });
 
         $("#btnSubmit").click(function () {
-            var _fileName = $("#fileName").text()
-            var index = _fileName.lastIndexOf(".");
-            //获取后缀
-            var ext = _fileName.substr(index + 1);
-            if (!ext || ext == "dll" || ext == "exe" || ext == "msi") {
-                window.alert(ext + "不支持上传")
-                return;
-            }
-            if (!_fileName) {
-                $("#postFileAlert").addClass("show");
-                window.setTimeout(function () {
-                    $("#postFileAlert").removeClass("show");
-                }, 3000);//显示的时间
-                return;
+            var filepath = $("#size").val();
+            if(!checkFileSize(filepath)){
+                return false;
             }
             showLoadingDiv();
             $("#fileUpload").ajaxSubmit({
@@ -294,7 +273,6 @@
                 },
                 error: function () {
                     alert('上传失败，请联系管理员');
-                    $("#fileName").text("");
                     $(".loading_container").hide();
                 },
                 url: 'fileUpload', /*设置post提交到的页面*/
@@ -303,6 +281,37 @@
             });
         });
     });
+    function checkFileSize(filepath) {
+        var daxiao= "${size}";
+        daxiao= daxiao.replace("MB","");
+        // console.log(daxiao)
+        var maxsize = daxiao * 1024 * 1024;
+        var errMsg = "上传的文件不能超过${size}喔！！！";
+        var tipMsg = "您的浏览器暂不支持上传，确保上传文件不要超过${size}，建议使用IE、FireFox、Chrome浏览器";
+        try {
+            var filesize = 0;
+            var ua = window.navigator.userAgent;
+            if (ua.indexOf("MSIE") >= 1) {
+                //IE
+                var img = new Image();
+                img.src = filepath;
+                filesize = img.fileSize;
+            } else {
+                filesize = $("#size")[0].files[0].size; //byte
+            }
+            if (filesize > 0 && filesize > maxsize) {
+                alert(errMsg);
+                return false;
+            } else if (filesize == -1) {
+                alert(tipMsg);
+                return false;
+            }
+        } catch (e) {
+            alert("上传失败，请重试");
+            return false;
+        }
+        return true;
+    }
 </script>
 </body>
 </html>