解决未授权下载文件

6891ea1f · zengtianlai3 · b78f826e · 6891ea1f · 6891ea1f
Commit 6891ea1f authored Aug 04, 2022 by zengtianlai3
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 8 deletions

ResourceContrller.java ...ava/iot/sixiang/license/controller/ResourceContrller.java +4 -4

JwtFilter.java license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java +2 -4

No files found.
--- a/license/src/main/java/iot/sixiang/license/controller/ResourceContrller.java
+++ b/license/src/main/java/iot/sixiang/license/controller/ResourceContrller.java
@@ -3,6 +3,7 @@ package iot.sixiang.license.controller;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
+import iot.sixiang.license.jwt.UserUtils;
 import iot.sixiang.license.log.BusinessType;
 import iot.sixiang.license.log.MyLog;
 import iot.sixiang.license.resource.ResourceManager;
@@ -27,10 +28,9 @@ public class ResourceContrller {

    @ApiOperation(value = "资源下载接口", notes = "用于下载资源")
    @GetMapping("/download")
-    @MyLog(title = "下载资源", optParam = "#{userId}", businessType = BusinessType.OTHER)
-    @ApiImplicitParam(name = "userId",value = "用户Id",required = true, dataType = "int")
-    public void downloadWorkHourRecordTemplate(HttpServletResponse response, @RequestParam(value = "userId") int userId) {
-        userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
+    @MyLog(title = "下载资源", businessType = BusinessType.OTHER)
+    public void downloadWorkHourRecordTemplate(HttpServletResponse response) {
+        int userId = Integer.valueOf(XssUtil.checkXSS(UserUtils.getLoginUserId()));
        resourceManager.downloadDeviceInfoExcle(response, userId);
    }


--- a/license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java
+++ b/license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java
@@ -16,8 +16,6 @@ import java.util.Map;
 @WebFilter(filterName = "jwtFilter", urlPatterns = "/*")
 public class JwtFilter implements Filter {
    private static final String url1 = "/login";
-    private static final String url2 = "/resource";
-
    private static final String url3 = "/doc.html";
    private static final String url4 = "/v2/api-docs";
    private static final String url7 = "/swagger-resources";
@@ -44,8 +42,8 @@ public class JwtFilter implements Filter {
        boolean check = true;
        String uri = request.getRequestURI();

-        if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
-            if (uri.contains(url1) || uri.contains(url2)) {
+        if (uri.contains(url1)|| uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
+            if (uri.contains(url1)) {
                uri = XssUtil.checkXSS(uri);
                UserUtils.setUri(uri);
            }