From 8098cd73cf3a99c5588a90dcfa4f5d487c3e5408 Mon Sep 17 00:00:00 2001
From: jmal <zhushilun084@gmail.com>
Date: Fri, 5 Mar 2021 11:27:38 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E5=A4=B4=E5=83=8F=E4=B8=8A=E4=BC=A0=20=E6=94=B9=E8=BF=9B?=
 =?UTF-8?q?=EF=BC=9A=E6=96=87=E4=BB=B6=E7=B3=BB=E7=BB=9F=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/Dockerfile                               |  2 +-
 pom.xml                                         |  6 +++++-
 .../controller/rest/ShareController.java        |  7 +++++++
 .../clouddisk/interceptor/FileInterceptor.java  |  2 +-
 .../clouddisk/service/impl/FileServiceImpl.java | 17 ++++++++++++++++-
 .../clouddisk/service/impl/UserServiceImpl.java |  2 +-
 6 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index c677a3db..d1388494 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,6 @@
 FROM registry.cn-guangzhou.aliyuncs.com/jmalcloud/jmal-mongo:latest
 MAINTAINER zhushilun084@163.com
-ENV VERSION 2.1.6
+ENV VERSION 2.1.7
 
 RUN mkdir -p /jmalcloud/files /jmal-cloud-view/dist
 
diff --git a/pom.xml b/pom.xml
index c7298bc1..a07c508f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,7 +154,11 @@
             <artifactId>hutool-all</artifactId>
             <version>5.4.4</version>
         </dependency>
-
+        <dependency>
+            <groupId>org.apache.tika</groupId>
+            <artifactId>tika-core</artifactId>
+            <version>1.25</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
diff --git a/src/main/java/com/jmal/clouddisk/controller/rest/ShareController.java b/src/main/java/com/jmal/clouddisk/controller/rest/ShareController.java
index 06ff9c7e..af54de18 100644
--- a/src/main/java/com/jmal/clouddisk/controller/rest/ShareController.java
+++ b/src/main/java/com/jmal/clouddisk/controller/rest/ShareController.java
@@ -4,6 +4,7 @@
 import com.jmal.clouddisk.annotation.Permission;
 import com.jmal.clouddisk.exception.CommonException;
 import com.jmal.clouddisk.exception.ExceptionType;
+import com.jmal.clouddisk.interceptor.FileInterceptor;
 import com.jmal.clouddisk.model.LogOperation;
 import com.jmal.clouddisk.model.rbac.ConsumerDO;
 import com.jmal.clouddisk.model.FileDocument;
@@ -51,6 +52,9 @@ public class ShareController {
     @Autowired
     IUserService userService;
 
+    @Autowired
+    FileInterceptor fileInterceptor;
+
     @ApiOperation("该分享已失效")
     @GetMapping("/public/s/invalid")
     public String invalid() {
@@ -140,6 +144,9 @@ public ResponseEntity<Object> publicThumbnail(String id) {
     private ResponseEntity<Object> thumbnail(String id) {
         ResultUtil.checkParamIsNull(id);
         Optional<FileDocument> file = fileService.thumbnail(id, null);
+        if (fileInterceptor.isNotAllowAccess(file.orElse(null))) {
+            return null;
+        }
         return file.<ResponseEntity<Object>>map(fileDocument ->
                 ResponseEntity.ok()
                         .header(HttpHeaders.CONTENT_DISPOSITION, "fileName=" + fileDocument.getName())
diff --git a/src/main/java/com/jmal/clouddisk/interceptor/FileInterceptor.java b/src/main/java/com/jmal/clouddisk/interceptor/FileInterceptor.java
index a0e691d0..33bc3c35 100644
--- a/src/main/java/com/jmal/clouddisk/interceptor/FileInterceptor.java
+++ b/src/main/java/com/jmal/clouddisk/interceptor/FileInterceptor.java
@@ -146,7 +146,7 @@ private boolean fileAuthError(HttpServletRequest request) throws UnsupportedEnco
      * 如果为公共文件，或者分享有效期内的文件，则允许访问
      * @return true 不允许访问，false 允许访问
      */
-    private boolean isNotAllowAccess(FileDocument fileDocument) {
+    public boolean isNotAllowAccess(FileDocument fileDocument) {
         if (fileDocument == null) {
             return true;
         }
diff --git a/src/main/java/com/jmal/clouddisk/service/impl/FileServiceImpl.java b/src/main/java/com/jmal/clouddisk/service/impl/FileServiceImpl.java
index 7cc4661f..0ff2f32e 100644
--- a/src/main/java/com/jmal/clouddisk/service/impl/FileServiceImpl.java
+++ b/src/main/java/com/jmal/clouddisk/service/impl/FileServiceImpl.java
@@ -26,6 +26,9 @@
 import net.coobird.thumbnailator.Thumbnails;
 import net.coobird.thumbnailator.tasks.UnsupportedFormatException;
 import org.apache.commons.compress.utils.Lists;
+import org.apache.tika.mime.MimeType;
+import org.apache.tika.mime.MimeTypeException;
+import org.apache.tika.mime.MimeTypes;
 import org.bson.BsonNull;
 import org.bson.Document;
 import org.bson.conversions.Bson;
@@ -41,6 +44,7 @@
 import org.springframework.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.socket.WebSocketSession;
+import sun.net.www.content.image.jpeg;
 
 import javax.imageio.IIOImage;
 import javax.imageio.ImageIO;
@@ -520,6 +524,9 @@ public Optional<FileDocument> thumbnail(String id, String username) {
         if (fileDocument != null) {
             if (fileDocument.getContent() == null) {
                 String currentDirectory = getUserDirectory(fileDocument.getPath());
+                if (StringUtils.isEmpty(username)) {
+                    username = userService.getUserNameById(fileDocument.getUserId());
+                }
                 File file = new File(fileProperties.getRootDir() + File.separator + username + currentDirectory + fileDocument.getName());
                 if (file.exists()) {
                     fileDocument.setContent(FileUtil.readBytes(file));
@@ -717,6 +724,14 @@ public String uploadConsumerImage(UploadApiParamDTO upload) throws CommonExcepti
         String username = upload.getUsername();
         String userId = upload.getUserId();
         String fileName = upload.getFilename();
+        MimeTypes allTypes = MimeTypes.getDefaultMimeTypes();
+        MimeType mimeType = null;
+        try {
+            mimeType = allTypes.forName(multipartFile.getContentType());
+            fileName += mimeType.getExtension();
+        } catch (MimeTypeException e) {
+            log.error(e.getMessage(), e);
+        }
         Path userImagePaths = Paths.get(fileProperties.getUserImgDir());
         // userImagePaths 不存在则新建
         upsertFolder(userImagePaths, username, userId);
@@ -734,7 +749,7 @@ public String uploadConsumerImage(UploadApiParamDTO upload) throws CommonExcepti
         } catch (IOException e) {
             throw new CommonException(2, "上传失败");
         }
-        return createFile(username, newFile, userId, null);
+        return createFile(username, newFile, userId, true);
     }
 
     @Override
diff --git a/src/main/java/com/jmal/clouddisk/service/impl/UserServiceImpl.java b/src/main/java/com/jmal/clouddisk/service/impl/UserServiceImpl.java
index 94ee42c9..807f52d7 100644
--- a/src/main/java/com/jmal/clouddisk/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/jmal/clouddisk/service/impl/UserServiceImpl.java
@@ -168,7 +168,7 @@ public ResponseResult<Object> update(ConsumerDTO user, MultipartFile blobAvatar)
                 UploadApiParamDTO upload = new UploadApiParamDTO();
                 upload.setUserId(userId);
                 upload.setUsername(consumer.getUsername());
-                upload.setFilename("avatar-" + TimeUntils.getStringTime(System.currentTimeMillis()));
+                upload.setFilename("avatar-" + System.currentTimeMillis());
                 upload.setFile(blobAvatar);
                 fileId = fileService.uploadConsumerImage(upload);
                 update.set("avatar", fileId);