open-source/file-online-preview
1
0
Fork 0
mirror of https://gitee.com/kekingcn/file-online-preview.git synced 2026-03-18 23:23:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

【新特性】支持限制预览源站点,保护预览服务不被滥用

Browse Source
This commit is contained in:
陈精华
2020-02-18 19:36:15 +08:00
committed by kl
parent a8022df1d9
commit 2144b776b1
9 changed files with 215 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jodconverter-web/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
View File

@@ -1,6 +1,5 @@
package cn.keking.web.controller;
import cn.keking.config.ConfigConstants;
import cn.keking.model.FileAttribute;
import cn.keking.service.FilePreview;
import cn.keking.service.FilePreviewFactory;
@@ -34,16 +33,14 @@ public class OnlinePreviewController {
private static final Logger LOGGER = LoggerFactory.getLogger(OnlinePreviewController.class);
@Autowired
FilePreviewFactory previewFactory;
private FilePreviewFactory previewFactory;
@Autowired
CacheService cacheService;
private CacheService cacheService;
@Autowired
private FileUtils fileUtils;
private String fileDir = ConfigConstants.getFileDir();
/**
* @param url
* @param model

48
jodconverter-web/src/main/java/cn/keking/web/filter/ChinesePathFilter.java Normal file
View File

@@ -0,0 +1,48 @@
package cn.keking.web.filter;
import cn.keking.config.ConfigConstants;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
*
* @author yudian-it
* @date 2017/11/30
*/
public class ChinesePathFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
String baseUrl;
String localBaseUrl;
StringBuilder pathBuilder = new StringBuilder();
pathBuilder.append(request.getScheme()).append("://").append(request.getServerName()).append(":")
.append(request.getServerPort()).append(((HttpServletRequest) request).getContextPath()).append("/");
localBaseUrl = pathBuilder.toString();
String baseUrlTmp = ConfigConstants.getBaseUrl();
if (baseUrlTmp != null && !ConfigConstants.DEFAULT_BASE_URL.equals(baseUrlTmp.toLowerCase())) {
if (!baseUrlTmp.endsWith("/")) {
baseUrlTmp = baseUrlTmp.concat("/");
}
baseUrl = baseUrlTmp;
} else {
baseUrl = localBaseUrl;
}
request.setAttribute("baseUrl", baseUrl);
request.setAttribute("localBaseUrl", localBaseUrl);
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}

41
jodconverter-web/src/main/java/cn/keking/web/filter/FilterConfiguration.java Normal file
View File

@@ -0,0 +1,41 @@
package cn.keking.web.filter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashSet;
import java.util.Set;
/**
*
* @author yudian-it
* @date 2017/11/30
*/
@Configuration
public class FilterConfiguration {
@Bean
public FilterRegistrationBean getChinesePathFilter() {
ChinesePathFilter filter = new ChinesePathFilter();
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(filter);
return registrationBean;
}
@Bean
public FilterRegistrationBean getTrustHostFilter() {
Set<String> filterUri = new HashSet<>();
filterUri.add("/onlinePreview");
filterUri.add("/picturesPreview");
filterUri.add("/getCorsFile");
filterUri.add("/addTask");
TrustHostFilter filter = new TrustHostFilter();
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(filter);
registrationBean.setUrlPatterns(filterUri);
return registrationBean;
}
}

75
jodconverter-web/src/main/java/cn/keking/web/filter/TrustHostFilter.java Normal file
View File

@@ -0,0 +1,75 @@
package cn.keking.web.filter;
import cn.keking.config.ConfigConstants;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.io.ClassPathResource;
import org.springframework.util.FileCopyUtils;
import javax.servlet.*;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
/**
* @author chenjh
* @since 2020/2/18 19:13
*/
public class TrustHostFilter implements Filter {
private String notTrustHost;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
ClassPathResource classPathResource = new ClassPathResource("web/notTrustHost.html");
try {
classPathResource.getInputStream();
byte[] bytes = FileCopyUtils.copyToByteArray(classPathResource.getInputStream());
this.notTrustHost = new String(bytes, StandardCharsets.UTF_8);
} catch (IOException e) {
e.printStackTrace();
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String url = getSourceUrl(request);
String host = getHost(url);
if (!ConfigConstants.getTrustHostSet().isEmpty() && !ConfigConstants.getTrustHostSet().contains(host)) {
String html = this.notTrustHost.replace("${current_host}", host);
response.getWriter().write(html);
response.getWriter().close();
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
private String getSourceUrl(ServletRequest request) {
String url = request.getParameter("url");
String currentUrl = request.getParameter("currentUrl");
String urlPath = request.getParameter("urlPath");
if (StringUtils.isNotBlank(url)) {
return url;
}
if (StringUtils.isNotBlank(currentUrl)) {
return currentUrl;
}
if (StringUtils.isNotBlank(urlPath)) {
return urlPath;
}
return null;
}
private String getHost(String urlStr) {
try {
URL url = new URL(urlStr);
return url.getHost().toLowerCase();
} catch (MalformedURLException e) {
}
return null;
}
}