lsm/file-online-preview
1
0
Fork 0
mirror of https://gitee.com/kekingcn/file-online-preview.git synced 2025-04-05 17:37:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复流的方法错误 ,修复跨域脚本缺少BASE64 (#423)

Browse Source 
* 修复office下载方法中 错误

* 更新OFD解析效果,修复禁止trace请求无效问题,其他压缩包修复

* 修复压缩包 缓存BUG

* 限制某些特殊文件上传

* 修复OFFICE文件密码检查关闭流 上传文件关闭流 检查PDF文件是否存在

* 特殊符号的支持

Co-authored-by: gaoxiongzaq <admin@cxcp.com>
This commit is contained in:
gaoxingzaq 2023-01-11 13:26:18 +08:00 committed by GitHub
parent 04401ee600
commit 5dc543db99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 918 additions and 752 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/main/java/cn/keking/service/FileHandlerService.java
View File

@ -191,6 +191,9 @@ public class FileHandlerService {
}
try {
File pdfFile = new File(pdfFilePath);
if (!pdfFile.exists()) {
return null;
}
PDDocument doc = PDDocument.load(pdfFile);
int pageCount = doc.getNumberOfPages();
PDFRenderer pdfRenderer = new PDFRenderer(doc);
@ -273,11 +276,6 @@ public class FileHandlerService {
if (url.contains("?fileKey=")) {
attribute.setSkipDownLoad(true);
}
String urlStrr = url.toLowerCase(); //转换为小写对比
boolean wjl = WebUtils.kuayu("&fullfilename=", urlStrr); //判断是否启用文件流
if(wjl){
url = url.substring(0,url.lastIndexOf("&")); //删除添加的文件流内容
}
url = WebUtils.encodeUrlFileName(url);
fileName = KkFileUtils.htmlEscape(fileName); //文件名处理
attribute.setType(type);

6
server/src/main/java/cn/keking/service/impl/CompressFilePreviewImpl.java
View File

@ -40,6 +40,12 @@ public class CompressFilePreviewImpl implements FilePreview {
}
String filePath = response.getContent();
fileTree = compressFileReader.unRar(filePath, fileName);
if (fileTree != null && !"null".equals(fileTree)) {
if (ConfigConstants.isCacheEnabled()) {
// 加入缓存
fileHandlerService.addConvertedFile(fileName, fileTree);
}
}
} else {
fileTree = fileHandlerService.getConvertedFile(fileName);
}

7
server/src/main/java/cn/keking/service/impl/OfficeFilePreviewImpl.java
View File

@ -14,6 +14,7 @@ import org.springframework.stereotype.Service;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import java.net.URLEncoder;
import java.util.List;
/**
@ -50,7 +51,7 @@ public class OfficeFilePreviewImpl implements FilePreview {
String pdfName = fileName.substring(0, fileName.lastIndexOf(".") + 1) + (isHtml ? "html" : "pdf");
String cacheFileName = userToken == null ? pdfName : userToken + "_" + pdfName;
String outFilePath = FILE_DIR + cacheFileName;
if ( !fileHandlerService.listConvertedFiles().containsKey(pdfName) || !ConfigConstants.isCacheEnabled()) {
// 下载远程文件到本地如果文件在本地已存在不会重复下载
ReturnResponse<String> response = DownloadUtils.downLoad(fileAttribute, fileName);
if (response.isFailure()) {
@ -115,11 +116,11 @@ public class OfficeFilePreviewImpl implements FilePreview {
}
}
}
}
if (!isHtml && baseUrl != null && (OFFICE_PREVIEW_TYPE_IMAGE.equals(officePreviewType) || OFFICE_PREVIEW_TYPE_ALL_IMAGES.equals(officePreviewType))) {
return getPreviewType(model, fileAttribute, officePreviewType, baseUrl, cacheFileName, outFilePath, fileHandlerService, OFFICE_PREVIEW_TYPE_IMAGE, otherFilePreview);
}
cacheFileName = URLEncoder.encode(cacheFileName).replaceAll("\\+", "%20");
model.addAttribute("pdfUrl", cacheFileName);
return isHtml ? EXEL_FILE_PREVIEW_PAGE : PDF_FILE_PREVIEW_PAGE;
}

2
server/src/main/java/cn/keking/service/impl/PdfFilePreviewImpl.java
View File

@ -10,6 +10,7 @@ import cn.keking.web.filter.BaseUrlFilter;
import org.springframework.stereotype.Service;
import org.springframework.ui.Model;
import java.net.URLEncoder;
import java.util.List;
/**
@ -73,6 +74,7 @@ public class PdfFilePreviewImpl implements FilePreview {
fileHandlerService.addConvertedFile(pdfName, fileHandlerService.getRelativePath(outFilePath));
}
} else {
pdfName = URLEncoder.encode(pdfName).replaceAll("\\+", "%20");
model.addAttribute("pdfUrl", pdfName);
}
} else {

6
server/src/main/java/cn/keking/utils/DownloadUtils.java
View File

@ -50,6 +50,11 @@ public class DownloadUtils {
response.setMsg("下载失败:文件名不合法!" + urlStr);
return response;
}
if(realPath.equals("cunzhai")){
response.setContent(fileDir + fileName);
response.setMsg(fileName);
return response;
}
try {
URL url = WebUtils.normalizedURL(urlStr);
if (!fileAttribute.getSkipDownLoad()) {
@ -110,6 +115,7 @@ public class DownloadUtils {
File realFile = new File(realPath);
if (realFile.exists()) {
fileAttribute.setSkipDownLoad(true);
return "cunzhai";
}
return realPath;
}

2
server/src/main/java/cn/keking/utils/KkFileUtils.java
View File

@ -102,7 +102,7 @@ public class KkFileUtils {
public static String htmlEscape(String input) {
if(StringUtils.hasText(input)){
//input = input.replaceAll("\\{", "%7B").replaceAll("}", "%7D").replaceAll("\\\\", "%5C");
return HtmlUtils.htmlEscape(input);
return HtmlUtils.htmlEscape(input, "UTF-8");
}
return input;
}

27
server/src/main/java/cn/keking/utils/OfficeUtils.java
View File

@ -7,6 +7,7 @@ import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey;
import org.springframework.lang.Nullable;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
@ -27,8 +28,10 @@ public class OfficeUtils {
* @return 是否受密码保护
*/
public static boolean isPwdProtected(String path) {
InputStream propStream = null;
try {
ExtractorFactory.createExtractor(Files.newInputStream(Paths.get(path)));
propStream = Files.newInputStream(Paths.get(path));
ExtractorFactory.createExtractor(propStream);
} catch (IOException | EncryptedDocumentException e) {
if (e.getMessage().toLowerCase().contains(POI_INVALID_PASSWORD_MSG)) {
return true;
@ -42,10 +45,17 @@ public class OfficeUtils {
}
}
}
}finally {
if(propStream!=null) {//如果文件输入流不是null
try {
propStream.close();//关闭文件输入流
} catch (IOException e) {
e.printStackTrace();
}
}
}
return false;
}
/**
* 判断office文件是否可打开兼容
*
@ -54,15 +64,24 @@ public class OfficeUtils {
* @return 是否可打开兼容
*/
public static synchronized boolean isCompatible(String path, @Nullable String password) {
InputStream propStream = null;
try {
propStream = Files.newInputStream(Paths.get(path));
Biff8EncryptionKey.setCurrentUserPassword(password);
ExtractorFactory.createExtractor(Files.newInputStream(Paths.get(path)));
ExtractorFactory.createExtractor(propStream);
} catch (Exception e) {
return false;
} finally {
Biff8EncryptionKey.setCurrentUserPassword(null);
if(propStream!=null) {//如果文件输入流不是null
try {
propStream.close();//关闭文件输入流
} catch (IOException e) {
e.printStackTrace();
}
}
}
return true;
}
}
}

5
server/src/main/java/cn/keking/utils/WebUtils.java
View File

@ -131,6 +131,11 @@ public class WebUtils {
} catch (UnsupportedEncodingException e) {
return null;
}
String urlStrr = url.toLowerCase(); //转换为小写对比
boolean wjl =kuayu("&fullfilename=", urlStrr); //判断是否启用文件流
if(wjl){
url = url.substring(0,url.lastIndexOf("&")); //删除添加的文件流内容
}
String noQueryUrl = url.substring(0, url.indexOf("?"));
String parameterStr = url.substring(url.indexOf("?"));
parameterStr = parameterStr.replaceFirst(fullFileName, encodedFileName);

13
server/src/main/java/cn/keking/web/controller/FileController.java
View File

@ -31,7 +31,7 @@ import java.util.Objects;
/**
* @author yudian-it
* @date 2017/12/1
* 2017/12/1
*/
@RestController
public class FileController {
@ -64,6 +64,15 @@ public class FileController {
if (pos != -1) {
fileName = fileName.substring(pos + 1);
}
String fileType= "";
int i = fileName.lastIndexOf('.');
if (i > 0) {
fileType= fileName.substring(i+1);
fileType= fileType.toLowerCase();
}
if (fileType.length() == 0 || fileType.equals("dll") || fileType.equals("exe") || fileType.equals("msi") ){
return ReturnResponse.failure(fileName+"不允许上传的文件");
}
// 判断是否存在同名文件
if (existsFile(fileName)) {
return ReturnResponse.failure("存在同名文件,请先删除原有文件再次上传");
@ -75,6 +84,8 @@ public class FileController {
logger.info("上传文件:{}", fileDir + demoPath + fileName);
try (InputStream in = file.getInputStream(); OutputStream out = Files.newOutputStream(Paths.get(fileDir + demoPath + fileName))) {
StreamUtils.copy(in, out);
in.close();
out.close();
return ReturnResponse.success(null);
} catch (IOException e) {
logger.error("文件上传失败", e);

2
server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
View File

@ -19,7 +19,7 @@ public class SecurityFilterProxy extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toLowerCase()+",") > -1) {
if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toUpperCase()+",") > -1) {
response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
response.setHeader("Content-Type", "text/html; charset=iso-8859-1");
response.getWriter().println("Method Not Allowed");

1575
server/src/main/resources/static/ofd/js/cnofd.umd.min.js vendored
View File

File diff suppressed because it is too large Load Diff

1
server/src/main/resources/web/eml.ftl
View File

@ -6,6 +6,7 @@
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
</head>
<#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")>
<#assign finalUrl="${currentUrl}">

1
server/src/main/resources/web/epub.ftl
View File

@ -6,6 +6,7 @@
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
<script src="epub/epub.js"></script>
<script src="js/jszip.min.js"></script>
<link rel="stylesheet" type="text/css" href="epub/examples.css">

7
server/src/main/resources/web/index.ftl
View File

@ -238,6 +238,13 @@
$("#btnSubmit").click(function () {
var _fileName = $("#fileName").text()
var index= _fileName.lastIndexOf(".");
//获取后缀
var ext = _fileName.substr(index+1);
if (!ext || ext == "dll"|| ext == "exe"|| ext == "msi" ){
window.alert(ext+"不支持上传")
return ;
}
if(!_fileName){
$("#postFileAlert").addClass("show");
window.setTimeout(function(){

7
server/src/main/resources/web/online3D.ftl
View File

@ -5,7 +5,9 @@
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0">
<title>${file.name}3D预览</title>
<script src="js/base64.min.js" type="text/javascript"></script>
<#include "*/commonHeader.ftl">
</head>
<#if currentUrl?contains("http://") || currentUrl?contains("https://") || currentUrl?contains("file://")>
<#assign finalUrl="${currentUrl}">
@ -22,8 +24,11 @@
var baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/';
if (!url.startsWith(baseUrl)) {
url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(url));
}
document.getElementsByTagName('iframe')[0].src = "${baseUrl}website/index.html#model="+ url + "&fullfilename=/${file.name}";
}else{
document.getElementsByTagName('iframe')[0].src = "${baseUrl}website/index.html#model="+ url;
}
document.getElementsByTagName('iframe')[0].height = document.documentElement.clientHeight - 10;
/**
* 页面变化调整高度

1
server/src/main/resources/web/xmind.ftl
View File

@ -5,6 +5,7 @@
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
<#include "*/commonHeader.ftl">
<script src="js/base64.min.js" type="text/javascript"></script>
<#if currentUrl?contains("http://") || currentUrl?contains("https://")>
<#assign finalUrl="${currentUrl}">
<#elseif currentUrl?contains("ftp://") >