Merge pull request #25 from geekidea/dev

🏇 拦截器启用禁用配置,更改core包目录,下载上传拦截器,logback.xml优化显示行号

Former-commit-id: 2a0885f4c7d38dae871e15c407b7f8b5bbf5b229

Author: springboot-plus

CHANGELOG.md

@@ -1,5 +1,31 @@
 # 更新日志 CHANGELOG
 
+## [V1.2.2-RELEASE] 2019.08.26 🏇 
+###  ⭐️  New Features
+- 拦截器启用禁用配置
+- 文件上传下载安全/权限控制
+- 启用 `logback.xml` 日志配置
+
+### ⚡️ Optimization
+- 更改core包目录
+- 下载上传拦截器
+- logback.xml显示行号
+- `application.yml` 拦截器配置新增 `include-path` 拦截路径配置
+ 	
+
+### 📝 Added/Modified
+- Add `UploadInterceptor` 文件上传全局拦截器
+- Add `DownloadInterceptor` 文件下载全局拦截器
+- Add `DownloadHandler` `DefaultDownloadHandler` 文件下载回调自定义处理器
+- Modify `config/WebMvcConfig` --> `core/SpringBootPlusWebMvcConfig`
+- Modify `ImageController` --> `ResouceController`，请求路径 `/api/resource`
+
+
+### 🐞  Bug Fixes
+- Fix 文件下载路径潜在安全漏洞，过滤 `../` 非法路径参数
+- Fix 优化文件下载，Firefox 中文乱码问题
+
+
 ## [V1.2.1-RELEASE] 2019.08.21
 
 ###  ⭐️  New Features

src/main/java/io/geekidea/springbootplus/SpringBootPlusApplication.java

@@ -47,10 +47,6 @@ public static void main(String[] args) {
         ConfigurableApplicationContext context = SpringApplication.run(SpringBootPlusApplication.class, args);
         // 打印项目信息
         PrintApplicationInfo.print(context);
-        /**
-         * TODO 日志现实行号
-         * 拦截器配置是否启用，参照文件上传拦截器
-         */
     }
 
 }

src/main/java/io/geekidea/springbootplus/resource/web/controller/ResourceController.java

@@ -28,13 +28,14 @@
 
 /**
  * 图片等文件资源访问控制器
+ * /api/resource 访问路径 用于区分 文件访问虚拟目录映射 /resource
  * @author geekidea
  * @date 2019/8/20
  * @since 1.2.1-RELEASE
  */
 @Slf4j
 @Controller
-@RequestMapping("/image")
+@RequestMapping("/api/resource")
 public class ResourceController {
 
     @Autowired
@@ -43,7 +44,7 @@ public class ResourceController {
     /**
      * 访问图片
      */
-    @GetMapping("/{imageFileName}")
+    @GetMapping("/image/{imageFileName}")
     @ApiOperation(value = "访问图片",notes = "访问图片",response = ApiResult.class)
     public void getImage(@PathVariable(required = true) String imageFileName, HttpServletResponse response) throws Exception{
         log.info("imageFileName:{}",imageFileName);

src/main/java/io/geekidea/springbootplus/util/DownloadUtil.java

@@ -129,15 +129,6 @@ public static void download( String downloadDir, String downloadFileName, List<S
         FileCopyUtils.copy(in, response.getOutputStream());
     }
 
-    public static void main(String[] args) throws Exception {
-        String downloadFileName = "../../hello/123.txt";
-        // 安全判断，防止../情况
-        if (downloadFileName.contains("..")||downloadFileName.contains("../")){
-            throw new IOException("非法的文件名称");
-        }
-        log.info("ok");
-    }
-
     public static interface DownloadHandler{
         boolean handle(String dir, String fileName,File file,String fileExtension,String contentType,long length) throws Exception;
     }