matianxiang 1 mēnesi atpakaļ
vecāks
revīzija
0a5aa29286

+ 23 - 35
eitc-admin/src/main/java/com/eitc/web/controller/common/DownloadController.java

@@ -24,54 +24,42 @@ import javax.servlet.http.HttpServletResponse;
24 24
 @RestController
25 25
 @RequestMapping("/download")
26 26
 public class DownloadController extends BaseController {
27
-    private static final Logger log = LoggerFactory.getLogger(DownloadController.class);
28 27
 
29 28
     /**
30 29
      * 硬件app
31 30
      */
32 31
     @GetMapping("/hardware")
33
-    public void hardware(HttpServletRequest request, HttpServletResponse response) {
34
-        try {
35
-            String resource = "/profile/app/huishitong.apk";
36
-            resourceDownload(resource, request, response);
37
-        } catch (Exception e) {
38
-            log.error("下载文件失败", e);
39
-        }
32
+    public void hardware(HttpServletRequest request, HttpServletResponse response) throws Exception {
33
+        String resource = "/profile/app/huishitong.apk";
34
+        resourceDownload(resource, response);
40 35
     }
41 36
 
42 37
     @GetMapping("/hospital")
43
-    public void hospital(HttpServletRequest request, HttpServletResponse response) {
44
-        try {
45
-            String resource = "/profile/app/kouqiangyiyuan_1.0.0_1_240830_release.apk";
46
-            resourceDownload(resource, request, response);
47
-        } catch (Exception e) {
48
-            log.error("下载文件失败", e);
49
-        }
38
+    public void hospital(HttpServletResponse response) throws Exception {
39
+        String resource = "/profile/app/kouqiangyiyuan_1.0.0_1_240830_release.apk";
40
+        resourceDownload(resource, response);
50 41
     }
51 42
 
52 43
     @GetMapping("/document")
53
-    public void document(HttpServletRequest request, HttpServletResponse response) {
54
-        try {
55
-            String resource = "/profile/app/document.pdf";
56
-            resourceDownload(resource, request, response);
57
-        } catch (Exception e) {
58
-            log.error("下载文件失败", e);
59
-        }
44
+    public void document(HttpServletResponse response) throws Exception {
45
+        String resource = "/profile/app/document.pdf";
46
+        resourceDownload(resource, response);
60 47
     }
61 48
 
62
-    public void resourceDownload(String resource, HttpServletRequest request, HttpServletResponse response) throws Exception {
63
-            if (!FileUtils.checkAllowDownload(resource)) {
64
-                throw new Exception(StringUtils.format("资源文件({})非法,不允许下载。 ", resource));
65
-            }
66
-            // 本地资源路径
67
-            String localPath = EitcConfig.getProfile();
68
-            // 数据库资源地址
69
-            String downloadPath = localPath + StringUtils.substringAfter(resource, Constants.RESOURCE_PREFIX);
70
-            // 下载名称
71
-            String downloadName = StringUtils.substringAfterLast(downloadPath, "/");
72
-            response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
73
-            FileUtils.setAttachmentResponseHeader(response, downloadName);
74
-            FileUtils.writeBytes(downloadPath, response.getOutputStream());
49
+    public void resourceDownload(String resource, HttpServletResponse response) throws Exception {
50
+        // 禁止目录上跳级别
51
+        if (StringUtils.contains(resource, "..")) {
52
+            throw new Exception(StringUtils.format("资源文件({})非法,不允许下载。 ", resource));
53
+        }
54
+        // 本地资源路径
55
+        String localPath = EitcConfig.getProfile();
56
+        // 数据库资源地址
57
+        String downloadPath = localPath + StringUtils.substringAfter(resource, Constants.RESOURCE_PREFIX);
58
+        // 下载名称
59
+        String downloadName = StringUtils.substringAfterLast(downloadPath, "/");
60
+        response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
61
+        FileUtils.setAttachmentResponseHeader(response, downloadName);
62
+        FileUtils.writeBytes(downloadPath, response.getOutputStream());
75 63
     }
76 64
 
77 65
 }