文件上传,存储至本地目录中
一、代码
1、工具类(敏感后缀过滤)
java
复制代码
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.multipart.MultipartFile;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;
/**
* 校验上传文件敏感后缀
*/
public class FileTypeFilter {
/**文件后缀*/
private static String[] forbidType = {"jsp","php"};
/**初始化文件头类型,不够的自行补充*/
final static HashMap<String, String> FILE_TYPE_MAP = new HashMap<>();
static {
FILE_TYPE_MAP.put("3c25402070616765206c", "jsp");
FILE_TYPE_MAP.put("3c3f7068700a0a2f2a2a0a202a205048", "php");
/* fileTypeMap.put("ffd8ffe000104a464946", "jpg");
fileTypeMap.put("89504e470d0a1a0a0000", "png");
fileTypeMap.put("47494638396126026f01", "gif");
fileTypeMap.put("49492a00227105008037", "tif");
fileTypeMap.put("424d228c010000000000", "bmp");
fileTypeMap.put("424d8240090000000000", "bmp");
fileTypeMap.put("424d8e1b030000000000", "bmp");
fileTypeMap.put("41433130313500000000", "dwg");
fileTypeMap.put("3c21444f435459504520", "html");
fileTypeMap.put("3c21646f637479706520", "htm");
fileTypeMap.put("48544d4c207b0d0a0942", "css");
fileTypeMap.put("696b2e71623d696b2e71", "js");
fileTypeMap.put("7b5c727466315c616e73", "rtf");
fileTypeMap.put("38425053000100000000", "psd");
fileTypeMap.put("46726f6d3a203d3f6762", "eml");
fileTypeMap.put("d0cf11e0a1b11ae10000", "doc");
fileTypeMap.put("5374616E64617264204A", "mdb");
fileTypeMap.put("252150532D41646F6265", "ps");
fileTypeMap.put("255044462d312e350d0a", "pdf");
fileTypeMap.put("2e524d46000000120001", "rmvb");
fileTypeMap.put("464c5601050000000900", "flv");
fileTypeMap.put("00000020667479706d70", "mp4");
fileTypeMap.put("49443303000000002176", "mp3");
fileTypeMap.put("000001ba210001000180", "mpg");
fileTypeMap.put("3026b2758e66cf11a6d9", "wmv");
fileTypeMap.put("52494646e27807005741", "wav");
fileTypeMap.put("52494646d07d60074156", "avi");
fileTypeMap.put("4d546864000000060001", "mid");
fileTypeMap.put("504b0304140000000800", "zip");
fileTypeMap.put("526172211a0700cf9073", "rar");
fileTypeMap.put("235468697320636f6e66", "ini");
fileTypeMap.put("504b03040a0000000000", "jar");
fileTypeMap.put("4d5a9000030000000400", "exe");
fileTypeMap.put("3c25402070616765206c", "jsp");
fileTypeMap.put("4d616e69666573742d56", "mf");
fileTypeMap.put("3c3f786d6c2076657273", "xml");
fileTypeMap.put("494e5345525420494e54", "sql");
fileTypeMap.put("7061636b616765207765", "java");
fileTypeMap.put("406563686f206f66660d", "bat");
fileTypeMap.put("1f8b0800000000000000", "gz");
fileTypeMap.put("6c6f67346a2e726f6f74", "properties");
fileTypeMap.put("cafebabe0000002e0041", "class");
fileTypeMap.put("49545346030000006000", "chm");
fileTypeMap.put("04000000010000001300", "mxp");
fileTypeMap.put("504b0304140006000800", "docx");
fileTypeMap.put("6431303a637265617465", "torrent");
fileTypeMap.put("6D6F6F76", "mov");
fileTypeMap.put("FF575043", "wpd");
fileTypeMap.put("CFAD12FEC5FD746F", "dbx");
fileTypeMap.put("2142444E", "pst");
fileTypeMap.put("AC9EBD8F", "qdf");
fileTypeMap.put("E3828596", "pwl");
fileTypeMap.put("2E7261FD", "ram");*/
}
/**
* @param fileName
* @return String
* @description 通过文件后缀名获取文件类型
*/
private static String getFileTypeBySuffix(String fileName) {
return fileName.substring(fileName.lastIndexOf(".") + 1, fileName.length());
}
/**
* 文件类型过滤
*
* @param file
*/
public static void fileTypeFilter(MultipartFile file) throws Exception {
String suffix = getFileType(file);
for (String type : forbidType) {
if (type.contains(suffix)) {
throw new Exception("上传失败,非法文件类型:" + suffix);
}
}
}
/**
* 通过读取文件头部获得文件类型
*
* @param file
* @return 文件类型
* @throws Exception
*/
private static String getFileType(MultipartFile file) throws Exception {
String fileExtendName = null;
InputStream is;
try {
//is = new FileInputStream(file);
is = file.getInputStream();
byte[] b = new byte[10];
is.read(b, 0, b.length);
String fileTypeHex = String.valueOf(bytesToHexString(b));
Iterator<String> keyIter = FILE_TYPE_MAP.keySet().iterator();
while (keyIter.hasNext()) {
String key = keyIter.next();
// 验证前5个字符比较
if (key.toLowerCase().startsWith(fileTypeHex.toLowerCase().substring(0, 5))
|| fileTypeHex.toLowerCase().substring(0, 5).startsWith(key.toLowerCase())) {
fileExtendName = FILE_TYPE_MAP.get(key);
break;
}
}
// 如果不是上述类型,则判断扩展名
if (StringUtils.isBlank(fileExtendName)) {
String fileName = file.getOriginalFilename();
return getFileTypeBySuffix(fileName);
}
is.close();
return fileExtendName;
} catch (Exception exception) {
throw new Exception(exception.getMessage(), exception);
}
}
/**
* 获得文件头部字符串
*
* @param src
* @return
*/
private static String bytesToHexString(byte[] src) {
StringBuilder stringBuilder = new StringBuilder();
if (src == null || src.length <= 0) {
return null;
}
for (int i = 0; i < src.length; i++) {
int v = src[i] & 0xFF;
String hv = Integer.toHexString(v);
if (hv.length() < 2) {
stringBuilder.append(0);
}
stringBuilder.append(hv);
}
return stringBuilder.toString();
}
}
2、文件上传,存储至本地
java
复制代码
import lombok.extern.slf4j.Slf4j;
import org.apache.tomcat.util.buf.HexUtils;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.FileCopyUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.Date;
@Slf4j
@RestController
@RequestMapping("/file")
public class FileUploadController {
private static String FILE_NAME_REGEX = "[^A-Za-z\\.\\(\\)\\-()\\_0-9\\u4e00-\\u9fa5]";
/**
* 文件上传统一方法
*/
@Transactional
@PostMapping(value = "/upload")
public String upload(HttpServletRequest request) {
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
// 获取上传文件对象
MultipartFile file = multipartRequest.getFile("file");
if (file == null) {
throw new NullPointerException("请选择文件上传!");
}
// todo 文件名称:从流里面取
String fileName = file.getOriginalFilename();
try {
// 过滤上传文件类型
FileTypeFilter.fileTypeFilter(file);
// todo 计算哈希值,校验是否重复上传:大文件请关闭
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] digest = md5.digest(file.getBytes());
String fileMd5 = HexUtils.toHexString(digest);
if (fileMd5.equals("xxxxxxxx")) {
// ......
}
// 获取文件后缀
int begin = fileName.lastIndexOf(".");
String fileSuffix = fileName.substring(begin + 1);
log.info("文件名称:{}", fileName);
log.info("文件大小:{}", file.getBytes().length);
log.info("文件类型:{}", file.getContentType());
log.info("文件md5 算法:{}", fileMd5);
log.info("文件后缀:{}", fileSuffix);
// todo 文件存储 主路径
String filePath = "/opt/test";
// todo 进行存储
File upFile = uploadLocal(file, filePath);
if (upFile == null) {
return "上传存储失败";
}
String savePath = upFile.getPath().replace("\\", "/");
log.info("【存储】文件目录:{}", upFile.getName());
log.info("【存储】文件路径:{}", savePath);
return "成功";
} catch (Exception e) {
return "失败";
}
}
/**
* 本地文件上传
*
* @param mf 文件
* @param bizPath 自定义路径
* @return 文件流
*/
private File uploadLocal(MultipartFile mf, String bizPath) {
String toDay = new SimpleDateFormat("yyyy-MM-dd").format(new Date());
try {
String ctxPath = "";
String fileName;
String fileDir = ctxPath + File.separator + bizPath + File.separator + toDay;
File file = new File(fileDir);
if (!file.exists()) {
// 创建文件根目录
file.mkdirs();
}
log.info("上传目录:{}", file.getPath());
// 获取文件名
String orgName = mf.getOriginalFilename();
if (!StringUtils.hasText(orgName)) {
throw new NullPointerException("请选择文件上传!");
}
orgName = getFileName(orgName);
if (orgName.contains(".")) {
fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));
} else {
fileName = orgName + "_" + System.currentTimeMillis();
}
String savePath = file.getPath() + File.separator + fileName;
File saveFile = new File(savePath);
FileCopyUtils.copy(mf.getBytes(), saveFile);
return saveFile;
} catch (IOException e) {
log.error(e.getMessage(), e);
}
return null;
}
/**
* 判断文件名是否带盘符,重新处理
*
* @param fileName
* @return
*/
public static String getFileName(String fileName) {
//判断是否带有盘符信息
int unixSep = fileName.lastIndexOf('/');
// Check for Windows-style path
int winSep = fileName.lastIndexOf('\\');
// Cut off at latest possible point
int pos = (winSep > unixSep ? winSep : unixSep);
if (pos != -1) {
// Any sort of path separator found...
fileName = fileName.substring(pos + 1);
}
//替换上传文件名字的特殊字符
fileName = fileName.replace("=", "").replace(",", "").replace("&", "")
.replace("#", "").replace(""", "").replace(""", "");
//替换上传文件名字中的空格
fileName = fileName.replaceAll("\\s", "");
fileName = fileName.replaceAll(FILE_NAME_REGEX, "");
return fileName;
}
}
3、文件下载
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.net.URLEncoder;
@Slf4j
@RestController
@RequestMapping("/file")
public class FileDownloadController {
@GetMapping(value = "/download")
public void download(String loadType, HttpServletResponse response) {
// 文件路径
String filePath = "/opt/test/xxxx-xx-xx";
// 文件名称
String fileName = "1 - 副本.JPG";
// 文件类型
String contentType = "image/png";
// 文件大小
Integer fileSize = 17408;
fileLoad(response, filePath, fileName, contentType, fileSize, loadType);
}
public void fileLoad(HttpServletResponse response, String filePath, String fileName, String contentType, Integer fileSize, String loadType) {
File file = new File(filePath);
if (!file.exists()) {
response.setStatus(404);
throw new RuntimeException("文件[" + fileName + "]不存在..");
}
InputStream inputStream = null;
OutputStream outputStream = null;
// 其余处理略
try {
inputStream = new BufferedInputStream(new FileInputStream(filePath));
log.info("下载文件,{},大小:{}.kb", fileName, fileSize / 1024);
// 设置强制下载不打开
response.setContentType(contentType);
String dis = "1".equals(loadType) ? "attachment" : "inline";
response.addHeader("Content-Disposition", dis + ";fileName=" + URLEncoder.encode(fileName, "UTF-8"));
response.addHeader("content-length", String.valueOf(fileSize));
outputStream = response.getOutputStream();
byte[] buf = new byte[1024];
int len;
while ((len = inputStream.read(buf)) > 0) {
outputStream.write(buf, 0, len);
}
response.flushBuffer();
} catch (IOException e) {
log.error("读取文件失败" + e.getMessage());
response.setStatus(404);
e.printStackTrace();
} finally {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException e) {
log.error(e.getMessage(), e);
}
}
if (outputStream != null) {
try {
outputStream.close();
} catch (IOException e) {
log.error(e.getMessage(), e);
}
}
}
}
}
二、效果演示
1、上传
1.1、postMan 请求
1.2、上传效果
2、下载
2.1、下载效果
