diff --git a/resty-route/src/main/java/cn/dreampie/route/core/RouteBuilder.java b/resty-route/src/main/java/cn/dreampie/route/core/RouteBuilder.java index ba5cea04..6eca5c55 100644 --- a/resty-route/src/main/java/cn/dreampie/route/core/RouteBuilder.java +++ b/resty-route/src/main/java/cn/dreampie/route/core/RouteBuilder.java @@ -87,7 +87,7 @@ public void build() { //文件上传 构建器 file = method.getAnnotation(FILE.class); if (file != null) { - multipartBuilder = new MultipartBuilder(file.dir(), file.max(), file.encoding(), file.denieds()); + multipartBuilder = new MultipartBuilder(file.dir(), file.max(), file.encoding(), file.allows()); } else { multipartBuilder = null; } diff --git a/resty-route/src/main/java/cn/dreampie/route/core/multipart/FILE.java b/resty-route/src/main/java/cn/dreampie/route/core/multipart/FILE.java index 5d8c150b..1dff0310 100644 --- a/resty-route/src/main/java/cn/dreampie/route/core/multipart/FILE.java +++ b/resty-route/src/main/java/cn/dreampie/route/core/multipart/FILE.java @@ -30,5 +30,5 @@ String encoding() default ""; - String[] denieds() default {}; //file content type eg. text/xml + String[] allows() default {}; //file content type eg. text/xml } diff --git a/resty-route/src/main/java/cn/dreampie/route/core/multipart/MultipartBuilder.java b/resty-route/src/main/java/cn/dreampie/route/core/multipart/MultipartBuilder.java index 4e0cc678..fbc70391 100644 --- a/resty-route/src/main/java/cn/dreampie/route/core/multipart/MultipartBuilder.java +++ b/resty-route/src/main/java/cn/dreampie/route/core/multipart/MultipartBuilder.java @@ -16,14 +16,14 @@ public class MultipartBuilder { private String saveDirectory = Constant.uploadDirectory; private int maxPostSize = Constant.uploadMaxSize; - private String[] uploadDenieds = Constant.uploadDenieds; + private String[] uploadAllows; private String encoding = Constant.encoding; private FileRenamePolicy fileRenamePolicy = new DefaultFileRenamePolicy(); public MultipartBuilder() { } - public MultipartBuilder(String saveDirectory, int maxPostSize, String encoding, String[] uploadDenieds) { + public MultipartBuilder(String saveDirectory, int maxPostSize, String encoding, String[] uploadAllows) { if (saveDirectory != null && !"".equals(saveDirectory)) { if (saveDirectory.startsWith("/")) this.saveDirectory = saveDirectory; @@ -34,9 +34,7 @@ public MultipartBuilder(String saveDirectory, int maxPostSize, String encoding, this.maxPostSize = maxPostSize; if (encoding != null && !"".equals(encoding)) this.encoding = encoding; - if (uploadDenieds != null && uploadDenieds.length > 0) { - this.uploadDenieds = uploadDenieds; - } + this.uploadAllows = uploadAllows; } public MultipartParam readMultipart(HttpRequest request) { @@ -52,7 +50,7 @@ public MultipartParam readMultipart(HttpRequest request) { MultipartParam multipartParam = null; try { - MultipartRequest multipartRequest = new MultipartRequest(request, saveDir, maxPostSize, encoding, fileRenamePolicy, uploadDenieds); + MultipartRequest multipartRequest = new MultipartRequest(request, saveDir, maxPostSize, encoding, fileRenamePolicy, uploadAllows, Constant.uploadDenieds); multipartParam = new MultipartParam(multipartRequest.getFiles(), multipartRequest.getParameters()); } catch (IOException e) { throw new WebException(e.getMessage()); diff --git a/resty-upload/src/main/java/cn/dreampie/upload/MultipartRequest.java b/resty-upload/src/main/java/cn/dreampie/upload/MultipartRequest.java index 6d803961..8a3f802d 100644 --- a/resty-upload/src/main/java/cn/dreampie/upload/MultipartRequest.java +++ b/resty-upload/src/main/java/cn/dreampie/upload/MultipartRequest.java @@ -184,7 +184,7 @@ public MultipartRequest(HttpRequest request, int maxPostSize, String encoding, FileRenamePolicy policy) throws IOException { - this(request, new File(saveDirectory), maxPostSize, encoding, policy); + this(request, new File(saveDirectory), maxPostSize, encoding, policy, null, null); } /** @@ -210,7 +210,7 @@ public MultipartRequest(HttpRequest request, File saveDirectory, int maxPostSize, String encoding, - FileRenamePolicy policy, String... denieds) throws IOException { + FileRenamePolicy policy, String[] allows, String[] denieds) throws IOException { // Sanity check values if (request == null) throw new IllegalArgumentException("request cannot be null"); @@ -230,18 +230,21 @@ public MultipartRequest(HttpRequest request, // and populate the meta objects which describe what we found MultipartParser parser = new MultipartParser(request, maxPostSize, true, true, encoding); - List mimeTypes = Lister.of(denieds); - boolean checkType = mimeTypes.size() > 0; - + List deniedTypes = Lister.of(denieds); + List allowTypes = Lister.of(allows); Part part; + FilePart filePart; + String name, value, contentType; + ParamPart paramPart; + Vector existingValues; while ((part = parser.readNextPart()) != null) { - String name = part.getName(); + name = part.getName(); if (part.isParam()) { // It's a parameter part, add it to the vector of values - ParamPart paramPart = (ParamPart) part; - String value = paramPart.getStringValue(); - Vector existingValues = (Vector) parameters.get(name); + paramPart = (ParamPart) part; + value = paramPart.getStringValue(); + existingValues = (Vector) parameters.get(name); if (existingValues == null) { existingValues = new Vector(); parameters.put(name, existingValues); @@ -249,9 +252,9 @@ public MultipartRequest(HttpRequest request, existingValues.addElement(value); } else if (part.isFile()) { // It's a file part - FilePart filePart = (FilePart) part; - - if (checkType && mimeTypes.contains(filePart.getContentType())) { + filePart = (FilePart) part; + contentType = filePart.getContentType(); + if ((allowTypes.size() > 0 && !allowTypes.contains(contentType)) || (deniedTypes.size() > 0 && deniedTypes.contains(contentType))) { logger.warn("Denied upload file %s.", filePart.getFileName()); continue; }