下载拦截器、自定义处理器 🔨

Former-commit-id: c06faa0ae1541af02637adc52659d792ee700617

Author: springboot-plus

src/main/java/io/geekidea/springbootplus/common/web/interceptor/DownloadInterceptor.java

@@ -0,0 +1,62 @@
+/**
+ * Copyright 2019-2029 geekidea(https://github.com/geekidea)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.geekidea.springbootplus.common.web.interceptor;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 下载拦截器
+ * @author geekidea
+ * @date 2019/8/21
+ * @since 1.2.2-RELEASE
+ */
+@Slf4j
+public class DownloadInterceptor extends HandlerInterceptorAdapter {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // 如果访问的不是控制器,则跳出,继续执行下一个拦截器
+        if (!(handler instanceof HandlerMethod)) {
+            return true;
+        }
+        // 下载拦截器，业务处理代码
+        log.info("DownloadInterceptor...");
+        // 访问路径
+        String url = request.getRequestURI();
+        // 访问全路径
+        String fullUrl = request.getRequestURL().toString();
+        // 访问token，如果需要，可以设置参数，进行鉴权
+        String token = request.getParameter("token");
+
+        log.info("url:{}",url);
+        log.info("fullUrl:{}",fullUrl);
+        log.info("token:{}",token);
+
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+        // 记录实际下载日志...
+    }
+}

src/main/java/io/geekidea/springbootplus/config/WebMvcConfig.java

@@ -16,6 +16,7 @@
 
 package io.geekidea.springbootplus.config;
 
+import io.geekidea.springbootplus.common.web.interceptor.DownloadInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.PermissionInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.ResourceInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.TokenTimeoutInterceptor;
@@ -51,12 +52,19 @@ public class WebMvcConfig implements WebMvcConfigurer {
     @Autowired
     private ResourceInterceptor resourceInterceptor;
 
+    @Autowired
+    private DownloadInterceptor downloadInterceptor;
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         // 资源拦截器注册
         registry.addInterceptor(resourceInterceptor)
                 .addPathPatterns(springBootPlusProperties.getInterceptorConfig().getResourceConfig().getIncludePath());
 
+        // 下载拦截器注册
+        registry.addInterceptor(downloadInterceptor)
+                .addPathPatterns(springBootPlusProperties.getInterceptorConfig().getDownloadConfig().getIncludePath());
+
 //        // JWT拦截器注册
 //        registry.addInterceptor(jwtInterceptor)
 //                .addPathPatterns("/**")

src/main/java/io/geekidea/springbootplus/config/core/SpringBootPlusConfig.java

@@ -16,6 +16,7 @@
 package io.geekidea.springbootplus.config.core;
 
 import io.geekidea.springbootplus.common.aop.LogAop;
+import io.geekidea.springbootplus.common.web.interceptor.DownloadInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.PermissionInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.ResourceInterceptor;
 import io.geekidea.springbootplus.common.web.interceptor.TokenTimeoutInterceptor;
@@ -90,4 +91,13 @@ public ResourceInterceptor resourceInterceptor(){
         return resourceInterceptor;
     }
 
+    /**
+     * 下载拦截器
+     * @return
+     */
+    @Bean
+    public DownloadInterceptor downloadInterceptor(){
+        DownloadInterceptor downloadInterceptor = new DownloadInterceptor();
+        return downloadInterceptor;
+    }
 }

src/main/java/io/geekidea/springbootplus/config/core/SpringBootPlusInterceptorConfig.java

@@ -50,6 +50,11 @@ public class SpringBootPlusInterceptorConfig implements Serializable {
      */
     private InterceptorConfig resourceConfig;
 
+    /**
+     * 下载拦截器
+     */
+    private InterceptorConfig downloadConfig;
+
     @Data
     public static class InterceptorConfig {
 

src/main/java/io/geekidea/springbootplus/config/core/SpringBootPlusProperties.java

@@ -21,6 +21,8 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;
 
+import java.util.List;
+
 /**
  * spring-boot-plus属性配置信息
  * @author geekidea
@@ -76,4 +78,13 @@ public class SpringBootPlusProperties {
      */
     private String resourceAccessUrl;
 
+    /**
+     * 允许上传的文件后缀集合
+     */
+    private List<String> allowUploadFileExtensions;
+    /**
+     * 允许下载的文件后缀集合
+     */
+    private List<String> allowDownloadFileExtensions;
+
 }

src/main/java/io/geekidea/springbootplus/upload/web/DownloadController.java

@@ -27,6 +27,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import javax.servlet.http.HttpServletResponse;
+import java.util.List;
 
 /**
  * 下载控制器
@@ -48,7 +49,23 @@ public class DownloadController {
     @RequestMapping("/{downloadFileName}")
     @ApiOperation(value = "下载文件",notes = "下载文件",response = ApiResult.class)
     public void download(@PathVariable(required = true) String downloadFileName, HttpServletResponse response) throws Exception{
-        DownloadUtil.download(springBootPlusProperties.getUploadPath(),downloadFileName,response);
+        // 下载目录，既是上传目录
+        String downloadDir = springBootPlusProperties.getUploadPath();
+        // 允许下载的文件后缀
+        List<String> allowFileExtensions = springBootPlusProperties.getAllowDownloadFileExtensions();
+        // 文件下载，使用默认下载处理器
+//        DownloadUtil.download(downloadDir,downloadFileName,allowFileExtensions,response);
+        // 文件下载，使用自定义下载处理器
+        DownloadUtil.download(downloadDir,downloadFileName,allowFileExtensions,response, (dir, fileName, file, fileExtension, contentType, length) -> {
+            // 下载自定义处理，返回true：执行下载，false：取消下载
+            System.out.println("dir = " + dir);
+            System.out.println("fileName = " + fileName);
+            System.out.println("file = " + file);
+            System.out.println("fileExtension = " + fileExtension);
+            System.out.println("contentType = " + contentType);
+            System.out.println("length = " + length);
+            return true;
+        });
     }
 
 }

src/main/java/io/geekidea/springbootplus/util/DownloadUtil.java

@@ -17,14 +17,17 @@
 package io.geekidea.springbootplus.util;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.util.Base64Utils;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.FileCopyUtils;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
 import java.net.URLEncoder;
+import java.util.List;
 
 /**
  * 文件下载工具类
@@ -36,12 +39,24 @@
 public final class DownloadUtil {
 
     /**
-     * 下载文件
+     * 下载文件，使用默认下载处理器
+     * @param downloadDir
+     * @param downloadFileName
+     * @param allowFileExtensions
+     * @param response
+     * @throws Exception
+     */
+    public static void download( String downloadDir, String downloadFileName, List<String> allowFileExtensions, HttpServletResponse response) throws Exception{
+        download(downloadDir,downloadFileName,allowFileExtensions,response,new DefaultDownloadHandler());
+    }
+
+    /**
+     * 下载文件，使用自定义下载处理器
      * @param downloadDir 文件目录
      * @param downloadFileName 文件名称
      * @throws Exception
      */
-    public static void download( String downloadDir, String downloadFileName,HttpServletResponse response) throws Exception {
+    public static void download( String downloadDir, String downloadFileName, List<String> allowFileExtensions, HttpServletResponse response,DownloadHandler downloadHandler) throws Exception {
         log.info("downloadDir:{}",downloadDir);
         log.info("downloadFileName:{}",downloadFileName);
 
@@ -51,6 +66,16 @@ public static void download( String downloadDir, String downloadFileName,HttpSer
         if (StringUtils.isBlank(downloadFileName)){
             throw new IOException("文件名称不能为空");
         }
+        // 安全判断，防止../情况,防止出现类似非法文件名称：../../hello/123.txt
+        if (downloadFileName.contains("..")||downloadFileName.contains("../")){
+            throw new IOException("非法的文件名称");
+        }
+        // 允许下载的文件后缀判断
+        if (CollectionUtils.isEmpty(allowFileExtensions)){
+            throw new IllegalArgumentException("请设置允许下载的文件后缀");
+        }
+        // 获取文件名称
+        String fileExtension = FilenameUtils.getExtension(downloadFileName);
 
         // 从服务器读取文件，然后输出
         File downloadFile = new File(downloadDir,downloadFileName);
@@ -65,6 +90,17 @@ public static void download( String downloadDir, String downloadFileName,HttpSer
         long length = downloadFile.length();
         log.info("length:{}",length);
 
+        // 下载回调处理
+        if (downloadHandler == null){
+            // 使用默认下载处理器
+            downloadHandler = new DefaultDownloadHandler();
+        }
+        boolean flag = downloadHandler.handle(downloadDir,downloadFileName,downloadFile,fileExtension,contentType,length);
+        if (!flag){
+            log.info("下载自定义校验失败，取消下载");
+            return;
+        }
+
         // 下载文件名称编码，Firefox中文乱码处理
         String encodeDownFileName;
 
@@ -78,6 +114,8 @@ public static void download( String downloadDir, String downloadFileName,HttpSer
         }
         log.info("encodeDownFileName:{}",encodeDownFileName);
 
+        log.info("下载文件：" + downloadFile.getAbsolutePath());
+
         response.reset();
         // 设置Content-Disposition响应头
         response.setHeader("Content-Disposition", "attachment;fileName=\"" + encodeDownFileName + "\"");
@@ -90,4 +128,24 @@ public static void download( String downloadDir, String downloadFileName,HttpSer
         InputStream in = new BufferedInputStream(new FileInputStream(downloadFile));
         FileCopyUtils.copy(in, response.getOutputStream());
     }
+
+    public static void main(String[] args) throws Exception {
+        String downloadFileName = "../../hello/123.txt";
+        // 安全判断，防止../情况
+        if (downloadFileName.contains("..")||downloadFileName.contains("../")){
+            throw new IOException("非法的文件名称");
+        }
+        System.out.println("ok");
+    }
+
+    public static interface DownloadHandler{
+        boolean handle(String dir, String fileName,File file,String fileExtension,String contentType,long length) throws Exception;
+    }
+   public static class DefaultDownloadHandler implements DownloadHandler{
+       @Override
+       public boolean handle(String dir, String fileName, File file, String fileExtension, String contentType, long length) throws Exception {
+           return false;
+       }
+   }
+
 }

src/main/resources/config/application.yml

@@ -56,6 +56,8 @@ spring-boot-plus:
       exclude-path: /swagger-resources/**,/api-docs/**,/v2/api-docs/**,/docs,/resource/**
     resource-config:
       include-path: ${spring-boot-plus.resource-access-patterns}
+    download-config:
+      include-path: /download/**
   # 文件上传下载配置
   upload-path: /opt/upload/
   # 资源访问路径
@@ -64,6 +66,9 @@ spring-boot-plus:
   resource-access-patterns: ${spring-boot-plus.resource-access-path}**
   # 资源访问全路径前缀：http://localhost:8888/resource/
   resource-access-url: http://localhost:${server.port}${server.servlet.context-path}${spring-boot-plus.resource-access-path}
+  # 全局允许上传的类型
+  allow-upload-file-extensions: jpg,png,docx,xlsx,pptx,pdf
+  allow-download-file-extensions: jpg,png,docx,xlsx,pptx,pdf
 ############################### spring-boot-plus end ###############################