【修复】访问数据库存储的文件，path 多层级时，无法访问的问题

2022-11-12 19:37:07 +08:00 · 2022-11-12 19:37:07 +08:00 · d87343d70c
commit d87343d70c
parent cdfa049cc6
2 changed files with 16 additions and 9 deletions
--- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java
+++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/controller/admin/file/FileController.java
@ -1,6 +1,7 @@
 package cn.iocoder.yudao.module.infra.controller.admin.file;

 import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.util.StrUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
@ -13,7 +14,6 @@ import cn.iocoder.yudao.module.infra.dal.dataobject.file.FileDO;
 import cn.iocoder.yudao.module.infra.service.file.FileService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
-import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@ -24,6 +24,7 @@ import org.springframework.web.multipart.MultipartFile;

 import javax.annotation.Resource;
 import javax.annotation.security.PermitAll;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;

@ -57,16 +58,20 @@ public class FileController {
        return success(true);
    }

-    @GetMapping("/{configId}/get/{path}")
+    @GetMapping("/{configId}/get/**")
    @PermitAll
    @ApiOperation("下载文件")
-    @ApiImplicitParams({
-            @ApiImplicitParam(name = "configId", value = "配置编号",  required = true, dataTypeClass = Long.class),
-            @ApiImplicitParam(name = "path", value = "文件路径", required = true, dataTypeClass = String.class)
-    })
-    public void getFileContent(HttpServletResponse response,
-                               @PathVariable("configId") Long configId,
-                               @PathVariable("path") String path) throws Exception {
+    @ApiImplicitParam(name = "configId", value = "配置编号",  required = true, dataTypeClass = Long.class)
+    public void getFileContent(HttpServletRequest request,
+                               HttpServletResponse response,
+                               @PathVariable("configId") Long configId) throws Exception {
+        // 获取请求的路径
+        String path = StrUtil.subAfter(request.getRequestURI(), "/get/", false);
+        if (StrUtil.isEmpty(path)) {
+            throw new IllegalArgumentException("结尾的 path 路径必须传递");
+        }
+
+        // 读取内容
        byte[] content = fileService.getFileContent(configId, path);
        if (content == null) {
            log.warn("[getFileContent][configId({}) path({}) 文件不存在]", configId, path);
--- a/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java
@ -36,6 +36,8 @@ public class SecurityConfiguration {
                // Spring Boot Admin Server 的安全配置
                registry.antMatchers(adminSeverContextPath).anonymous()
                        .antMatchers(adminSeverContextPath + "/**").anonymous();
+                // 文件读取
+                registry.antMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();

                // TODO 芋艿：这个每个项目都需要重复配置，得捉摸有没通用的方案
                // RPC 服务的安全配置