CC/Jarvis_java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
272255122541fdb73f8f6f0f1ee66d32fdb1d1bb
Jarvis_java/src/main/java/cn/van/business/controller/ImageController.java
6b36f0ee52 1
2025-11-03 11:54:11 +08:00

89 lines
3.0 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package cn.van.business.controller;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
/**
* 图片访问控制器
* 用于访问转换后的jpg图片
*
* @author System
*/
@Slf4j
@RestController
@RequestMapping("/images")
public class ImageController {
/**
* 图片存储根目录
*/
@Value("${image.convert.storage-path:${java.io.tmpdir}/comment-images}")
private String storagePath;
/**
* 获取转换后的图片
*
* @param filename 文件名通常是MD5值.jpg
* @return 图片文件
*/
@GetMapping("/{filename:.+}")
public ResponseEntity<Resource> getImage(@PathVariable String filename) {
try {
// 安全检查:防止路径遍历攻击
if (filename.contains("..") || filename.contains("/") || filename.contains("\\")) {
log.warn("非法的文件名请求: {}", filename);
return ResponseEntity.badRequest().build();
}
Path filePath = Paths.get(storagePath, filename);
File file = filePath.toFile();
if (!file.exists() || !file.isFile()) {
log.warn("图片文件不存在: {}", filePath);
return ResponseEntity.notFound().build();
}
// 检查文件是否在存储目录内(防止路径遍历)
Path storageDir = Paths.get(storagePath).toAbsolutePath().normalize();
Path resolvedPath = filePath.toAbsolutePath().normalize();
if (!resolvedPath.startsWith(storageDir)) {
log.warn("非法的文件路径访问: {}", resolvedPath);
return ResponseEntity.badRequest().build();
}
Resource resource = new FileSystemResource(file);
// 判断文件类型
String contentType = Files.probeContentType(filePath);
if (contentType == null) {
// 如果无法探测默认使用image/jpeg
contentType = MediaType.IMAGE_JPEG_VALUE;
}
return ResponseEntity.ok()
.contentType(MediaType.parseMediaType(contentType))
.header(HttpHeaders.CONTENT_DISPOSITION, "inline; filename=\"" + filename + "\"")
.body(resource);
} catch (Exception e) {
log.error("获取图片失败: {}", filename, e);
return ResponseEntity.internalServerError().build();
}
}
}
Reference in New Issue View Git Blame Copy Permalink