xw 6 дней назад
Родитель
Сommit
6d2568fccf

+ 8 - 15
fs-admin/src/main/java/com/fs/web/controller/common/CommonController.java

@@ -26,11 +26,14 @@ import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import com.fs.common.config.FSConfig;
+import com.fs.common.annotation.RateLimiter;
+import com.fs.common.enums.LimitType;
 import com.fs.common.constant.Constants;
 import com.fs.common.core.domain.AjaxResult;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.file.FileUploadUtils;
 import com.fs.common.utils.file.FileUtils;
+import com.fs.common.utils.file.OssUploadUtils;
 
 import java.io.File;
 import java.io.IOException;
@@ -166,33 +169,23 @@ public class CommonController
         }
     }
 
+    @RateLimiter(time = 60, count = 30, limitType = LimitType.IP, msg = "上传过于频繁,请稍后再试")
     @PostMapping("common/uploadOSS")
     public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
     {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
-        return R.ok().put("url",url);
+        return R.ok().put("url", url);
     }
+    @RateLimiter(time = 60, count = 30, limitType = LimitType.IP, msg = "上传过于频繁,请稍后再试")
     @PostMapping("/common/uploadWang")
     public WangUploadVO uploadWang(@RequestParam(value = "fileName", required = false) MultipartFile file) throws Exception
     {
         WangUploadVO vo=new WangUploadVO();
         try
         {
-            if (file.isEmpty())
-            {
-                throw new OssException("上传文件不能为空");
-            }
-            // 上传文件
-            String fileName = file.getOriginalFilename();
-            String suffix = fileName.substring(fileName.lastIndexOf("."));
+            String suffix = OssUploadUtils.validateAndGetSuffix(file);
             CloudStorageService storage = OSSFactory.build();
             String url = storage.uploadSuffix(file.getBytes(), suffix);
             vo.setErrno(0);

+ 210 - 0
fs-common/src/main/java/com/fs/common/utils/file/OssUploadUtils.java

@@ -0,0 +1,210 @@
+package com.fs.common.utils.file;
+
+import java.nio.charset.StandardCharsets;
+import org.springframework.web.multipart.MultipartFile;
+import com.fs.common.exception.file.FileNameLengthLimitExceededException;
+import com.fs.common.exception.file.FileSizeLimitExceededException;
+import com.fs.common.exception.file.InvalidExtensionException;
+import com.fs.common.exception.file.OssException;
+import com.fs.common.utils.StringUtils;
+
+/**
+ * OSS 文件上传安全校验工具类
+ */
+public class OssUploadUtils
+{
+    /** OSS 单文件最大 10MB */
+    public static final long OSS_MAX_SIZE = 10L * 1024 * 1024;
+
+    /** OSS 允许上传的文件后缀白名单(不含 html/js 等可执行类型) */
+    public static final String[] OSS_ALLOWED_EXTENSION = {
+            "bmp", "gif", "jpg", "jpeg", "png",
+            "doc", "docx", "xls", "xlsx", "ppt", "pptx", "pdf", "txt",
+            "rar", "zip", "gz", "bz2",
+            "mp4", "avi", "rmvb",
+            "mp3", "wav"
+    };
+
+    private OssUploadUtils()
+    {
+    }
+
+    /**
+     * 校验上传文件并返回经文件头验证后的后缀(带点,如 ".jpg")
+     */
+    public static String validateAndGetSuffix(MultipartFile file)
+            throws FileSizeLimitExceededException, FileNameLengthLimitExceededException, InvalidExtensionException
+    {
+        if (file == null || file.isEmpty())
+        {
+            throw new OssException("上传文件不能为空");
+        }
+
+        String fileName = file.getOriginalFilename();
+        if (StringUtils.isEmpty(fileName))
+        {
+            throw new OssException("文件名不能为空");
+        }
+        if (fileName.length() > FileUploadUtils.DEFAULT_FILE_NAME_LENGTH)
+        {
+            throw new FileNameLengthLimitExceededException(FileUploadUtils.DEFAULT_FILE_NAME_LENGTH);
+        }
+
+        long size = file.getSize();
+        if (size > OSS_MAX_SIZE)
+        {
+            throw new FileSizeLimitExceededException(OSS_MAX_SIZE / 1024 / 1024);
+        }
+
+        String extension = FileUploadUtils.getExtension(file);
+        if (!FileUploadUtils.isAllowedExtension(extension, OSS_ALLOWED_EXTENSION))
+        {
+            throw new InvalidExtensionException(OSS_ALLOWED_EXTENSION, extension, fileName);
+        }
+
+        byte[] bytes;
+        try
+        {
+            bytes = file.getBytes();
+        }
+        catch (Exception e)
+        {
+            throw new OssException("读取上传文件失败");
+        }
+
+        assertNotDangerousContent(bytes, fileName);
+        assertMagicBytesMatch(bytes, extension, fileName);
+
+        return "." + extension.toLowerCase();
+    }
+
+    private static void assertNotDangerousContent(byte[] bytes, String fileName)
+    {
+        if (bytes.length == 0)
+        {
+            throw new OssException("上传文件内容为空");
+        }
+
+        int checkLen = Math.min(bytes.length, 512);
+        String head = new String(bytes, 0, checkLen, StandardCharsets.UTF_8).trim().toLowerCase();
+        if (head.startsWith("<!doctype html") || head.startsWith("<html")
+                || head.startsWith("<script") || head.startsWith("<?php")
+                || head.contains("<script") || head.contains("javascript:"))
+        {
+            throw new OssException("文件内容非法,不允许上传脚本或网页文件");
+        }
+    }
+
+    private static void assertMagicBytesMatch(byte[] bytes, String extension, String fileName)
+    {
+        String ext = extension.toLowerCase();
+        if (FileUploadUtils.isAllowedExtension(ext, MimeTypeUtils.IMAGE_EXTENSION))
+        {
+            assertImageMagicBytes(bytes, ext, fileName);
+            return;
+        }
+
+        switch (ext)
+        {
+            case "pdf":
+                assertStartsWith(bytes, "%PDF".getBytes(StandardCharsets.US_ASCII), fileName);
+                break;
+            case "docx":
+            case "xlsx":
+            case "pptx":
+            case "zip":
+                assertStartsWith(bytes, new byte[] { 0x50, 0x4B, 0x03, 0x04 }, fileName);
+                break;
+            case "doc":
+            case "xls":
+            case "ppt":
+                assertStartsWith(bytes, new byte[] { (byte) 0xD0, (byte) 0xCF, 0x11, (byte) 0xE0 }, fileName);
+                break;
+            case "rar":
+                assertStartsWith(bytes, new byte[] { 0x52, 0x61, 0x72, 0x21 }, fileName);
+                break;
+            case "gz":
+                assertStartsWith(bytes, new byte[] { 0x1F, (byte) 0x8B }, fileName);
+                break;
+            case "bz2":
+                assertStartsWith(bytes, new byte[] { 0x42, 0x5A, 0x68 }, fileName);
+                break;
+            case "mp4":
+                assertMp4MagicBytes(bytes, fileName);
+                break;
+            case "mp3":
+                assertMp3MagicBytes(bytes, fileName);
+                break;
+            case "wav":
+                assertStartsWith(bytes, "RIFF".getBytes(StandardCharsets.US_ASCII), fileName);
+                break;
+            default:
+                break;
+        }
+    }
+
+    private static void assertImageMagicBytes(byte[] bytes, String extension, String fileName)
+    {
+        if (bytes.length < 10)
+        {
+            throw new OssException("图片文件内容不完整");
+        }
+        String detectedType = FileTypeUtils.getFileExtendName(bytes).toLowerCase();
+        String expectedType = normalizeImageType(extension);
+        if (!detectedType.equals(expectedType))
+        {
+            throw new OssException(StringUtils.format("文件头与后缀不匹配,拒绝上传:{}", fileName));
+        }
+    }
+
+    private static String normalizeImageType(String extension)
+    {
+        if ("jpeg".equalsIgnoreCase(extension))
+        {
+            return "jpg";
+        }
+        return extension.toLowerCase();
+    }
+
+    private static void assertMp4MagicBytes(byte[] bytes, String fileName)
+    {
+        if (bytes.length < 12)
+        {
+            throw new OssException(StringUtils.format("视频文件内容不完整:{}", fileName));
+        }
+        String ftyp = new String(bytes, 4, 4, StandardCharsets.US_ASCII);
+        if (!"ftyp".equals(ftyp))
+        {
+            throw new OssException(StringUtils.format("文件头与后缀不匹配,拒绝上传:{}", fileName));
+        }
+    }
+
+    private static void assertMp3MagicBytes(byte[] bytes, String fileName)
+    {
+        if (bytes.length < 3)
+        {
+            throw new OssException(StringUtils.format("音频文件内容不完整:{}", fileName));
+        }
+        boolean id3 = bytes[0] == 'I' && bytes[1] == 'D' && bytes[2] == '3';
+        boolean frameSync = (bytes[0] & (byte) 0xFF) == (byte) 0xFF && (bytes[1] & (byte) 0xE0) == (byte) 0xE0;
+        if (!id3 && !frameSync)
+        {
+            throw new OssException(StringUtils.format("文件头与后缀不匹配,拒绝上传:{}", fileName));
+        }
+    }
+
+    private static void assertStartsWith(byte[] bytes, byte[] magic, String fileName)
+    {
+        if (bytes.length < magic.length)
+        {
+            throw new OssException(StringUtils.format("文件内容不完整:{}", fileName));
+        }
+        for (int i = 0; i < magic.length; i++)
+        {
+            if (bytes[i] != magic[i])
+            {
+                throw new OssException(StringUtils.format("文件头与后缀不匹配,拒绝上传:{}", fileName));
+            }
+        }
+    }
+}

+ 3 - 9
fs-company-app/src/main/java/com/fs/app/controller/CommonController.java

@@ -14,6 +14,7 @@ import com.fs.common.core.domain.R;
 import com.fs.common.exception.file.OssException;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.file.FileUploadUtils;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.company.domain.CompanyUser;
 import com.fs.company.service.ICompanySmsLogsService;
 import com.fs.company.service.ICompanyUserService;
@@ -215,17 +216,10 @@ public class CommonController extends AppBaseController {
 	@PostMapping("uploadOSS")
 	public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
 	{
-
-		if (file.isEmpty())
-		{
-			throw new OssException("上传文件不能为空");
-		}
-		// 上传文件
-		String fileName = file.getOriginalFilename();
-		String suffix = fileName.substring(fileName.lastIndexOf("."));
+		String suffix = OssUploadUtils.validateAndGetSuffix(file);
 		CloudStorageService storage = OSSFactory.build();
 		String url = storage.uploadSuffix(file.getBytes(), suffix);
-		return R.ok().put("url",url);
+		return R.ok().put("url", url);
 	}
 
 

+ 8 - 33
fs-company/src/main/java/com/fs/company/controller/common/CommonController.java

@@ -11,6 +11,7 @@ import com.fs.common.utils.ServletUtils;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.file.FileUploadUtils;
 import com.fs.common.utils.file.FileUtils;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.company.service.ICompanyService;
 import com.fs.company.utils.AudioUtils;
 import com.fs.company.vo.WangUploadVO;
@@ -224,32 +225,19 @@ public class CommonController
     @PostMapping("common/uploadOSS")
     public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
     {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
-        return R.ok().put("url",url);
+        return R.ok().put("url", url);
     }
 
     @PostMapping("common/uploadOSS2")
     public R uploadOSS2(@RequestParam("file") MultipartFile file) throws Exception
     {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
-        String prefix = fileName.substring(0, fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
-        String url = storage.upload(file.getBytes(), prefix+System.currentTimeMillis()+suffix);
-        return R.ok().put("url",url).put("fileName",fileName);
+        String url = storage.uploadSuffix(file.getBytes(), suffix);
+        return R.ok().put("url", url).put("fileName", file.getOriginalFilename());
     }
 
     @PostMapping("common/uploadOSSByHOOKImage")
@@ -284,14 +272,7 @@ public class CommonController
     @PostMapping("common/uploadOSSByHOOKVoice")
     public R uploadOSSByQw(@RequestParam("file") MultipartFile file) throws Exception
     {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String mp3Url = storage.uploadSuffix(file.getBytes(), suffix);
         String silkUrl="";
@@ -309,13 +290,7 @@ public class CommonController
         WangUploadVO vo=new WangUploadVO();
         try
         {
-            if (file.isEmpty())
-            {
-                throw new OssException("上传文件不能为空");
-            }
-            // 上传文件
-            String fileName = file.getOriginalFilename();
-            String suffix = fileName.substring(fileName.lastIndexOf("."));
+            String suffix = OssUploadUtils.validateAndGetSuffix(file);
             CloudStorageService storage = OSSFactory.build();
             String url = storage.uploadSuffix(file.getBytes(), suffix);
             vo.setErrno(0);

+ 1 - 3
fs-company/src/main/java/com/fs/framework/config/SecurityConfig.java

@@ -93,10 +93,8 @@ public class SecurityConfig
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/msg/**/**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/msg")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/getId**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadOSS**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/company/user/common/uploadOSS")).permitAll();
+                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadOSSByHOOK**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/pay/wxPay/payNotify**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadWang**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/test")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download/resource**")).permitAll();

+ 3 - 10
fs-doctor-app/src/main/java/com/fs/app/controller/CommonController.java

@@ -15,7 +15,7 @@ import com.fs.common.core.domain.AjaxResult;
 
 import com.fs.common.core.domain.R;
 import com.fs.common.core.redis.RedisCache;
-import com.fs.common.exception.file.OssException;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.common.utils.sign.Base64;
 import com.fs.common.utils.uuid.IdUtils;
 import com.fs.his.config.FsSysConfig;
@@ -162,17 +162,10 @@ public class CommonController {
 	@PostMapping("uploadOSS")
 	public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
 	{
-
-		if (file.isEmpty())
-		{
-			throw new OssException("上传文件不能为空");
-		}
-		// 上传文件
-		String fileName = file.getOriginalFilename();
-		String suffix = fileName.substring(fileName.lastIndexOf("."));
+		String suffix = OssUploadUtils.validateAndGetSuffix(file);
 		CloudStorageService storage = OSSFactory.build();
 		String url = storage.uploadSuffix(file.getBytes(), suffix);
-		return R.ok().put("url",url);
+		return R.ok().put("url", url);
 	}
 
 

+ 0 - 2
fs-framework/src/main/java/com/fs/framework/config/SecurityConfig.java

@@ -109,9 +109,7 @@ public class SecurityConfig
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/tzPay/*")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("//his/pay/*")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/getId**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadOSS**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/chat/upload/uploadFile**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadWang**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download/resource**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/unbindQwUserByServerIds")).permitAll();

+ 3 - 10
fs-qw-api/src/main/java/com/fs/app/controller/CommonController.java

@@ -1,7 +1,7 @@
 package com.fs.app.controller;
 
 import com.fs.common.core.domain.R;
-import com.fs.common.exception.file.OssException;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.course.param.UserCourseComplaintRecordParam;
 import com.fs.course.service.IFsUserCourseComplaintTypeService;
 import com.fs.course.vo.FsUserCourseComplaintTypeListVO;
@@ -32,17 +32,10 @@ public class CommonController {
     @PostMapping("uploadOSS")
     public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
     {
-
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
-        return R.ok().put("url",url);
+        return R.ok().put("url", url);
     }
 
 }

+ 2 - 7
fs-service/src/main/java/com/fs/company/service/impl/CompanyUserServiceImpl.java

@@ -15,6 +15,7 @@ import com.fs.common.exception.CustomException;
 import com.fs.common.exception.ServiceException;
 import com.fs.common.exception.file.OssException;
 import com.fs.common.utils.*;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.company.domain.*;
 import com.fs.company.mapper.*;
 import com.fs.company.param.CompanyUserAreaParam;
@@ -989,13 +990,7 @@ public class CompanyUserServiceImpl implements ICompanyUserService
     }
     @Override
     public String uploadQrCode(MultipartFile file, String userId) throws IOException {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
 

+ 0 - 2
fs-store/src/main/java/com/fs/framework/config/SecurityConfig.java

@@ -104,8 +104,6 @@ public class SecurityConfig
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/app/voiceApi/callNotify")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/getId**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadOSS**")).permitAll();
-                    auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/uploadWang**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/common/download/resource**")).permitAll();
                     auth.requestMatchers(SecurityPathMatchers.antMatchers("/swagger-ui.html")).permitAll();

+ 4 - 15
fs-store/src/main/java/com/fs/store/controller/common/CommonController.java

@@ -9,6 +9,7 @@ import com.fs.common.exception.file.OssException;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.file.FileUploadUtils;
 import com.fs.common.utils.file.FileUtils;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.framework.config.ServerConfig;
 import com.fs.system.oss.CloudStorageService;
 import com.fs.system.oss.OSSFactory;
@@ -128,16 +129,10 @@ public class CommonController
     @PostMapping("common/uploadOSS")
     public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
     {
-        if (file.isEmpty())
-        {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
-        return R.ok().put("url",url);
+        return R.ok().put("url", url);
     }
     @PostMapping("/common/uploadWang")
     public WangUploadVO uploadWang(@RequestParam(value = "fileName", required = false) MultipartFile file) throws Exception
@@ -145,13 +140,7 @@ public class CommonController
         WangUploadVO vo=new WangUploadVO();
         try
         {
-            if (file.isEmpty())
-            {
-                throw new OssException("上传文件不能为空");
-            }
-            // 上传文件
-            String fileName = file.getOriginalFilename();
-            String suffix = fileName.substring(fileName.lastIndexOf("."));
+            String suffix = OssUploadUtils.validateAndGetSuffix(file);
             CloudStorageService storage = OSSFactory.build();
             String url = storage.uploadSuffix(file.getBytes(), suffix);
             vo.setErrno(0);

+ 3 - 9
fs-user-app/src/main/java/com/fs/app/controller/CommonController.java

@@ -27,6 +27,7 @@ import com.fs.common.core.domain.ResponseResult;
 import com.fs.common.core.redis.RedisCache;
 import com.fs.common.exception.file.OssException;
 import com.fs.common.utils.file.FileUploadUtils;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.common.utils.http.HttpUtils;
 import com.fs.common.utils.sign.Md5Utils;
 import com.fs.company.domain.CompanyMoneyLogs;
@@ -349,17 +350,10 @@ public class CommonController {
 	@PostMapping("uploadOSS")
 	public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception
 	{
-
-		if (file.isEmpty())
-		{
-			throw new OssException("上传文件不能为空");
-		}
-		// 上传文件
-		String fileName = file.getOriginalFilename();
-		String suffix = fileName.substring(fileName.lastIndexOf("."));
+		String suffix = OssUploadUtils.validateAndGetSuffix(file);
 		CloudStorageService storage = OSSFactory.build();
 		String url = storage.uploadSuffix(file.getBytes(), suffix);
-		return R.ok().put("url",url);
+		return R.ok().put("url", url);
 	}
 
 	@PostMapping("/uploadHuaWeiVod")

+ 2 - 8
fs-user-app/src/main/java/com/fs/app/controller/store/CommonScrmController.java

@@ -10,7 +10,7 @@ import com.fs.app.param.SignParam;
 import com.fs.app.utils.JwtUtils;
 import com.fs.common.config.FSSysConfig;
 import com.fs.common.core.domain.R;
-import com.fs.common.exception.file.OssException;
+import com.fs.common.utils.file.OssUploadUtils;
 import com.fs.company.service.ICompanyMoneyLogsService;
 import com.fs.company.service.ICompanyService;
 import com.fs.company.service.ICompanyUserService;
@@ -358,13 +358,7 @@ public class CommonScrmController extends AppBaseController {
      */
     @PostMapping("uploadOSS")
     public R uploadOSS(@RequestParam("file") MultipartFile file) throws Exception {
-
-        if (file.isEmpty()) {
-            throw new OssException("上传文件不能为空");
-        }
-        // 上传文件
-        String fileName = file.getOriginalFilename();
-        String suffix = fileName.substring(fileName.lastIndexOf("."));
+        String suffix = OssUploadUtils.validateAndGetSuffix(file);
         CloudStorageService storage = OSSFactory.build();
         String url = storage.uploadSuffix(file.getBytes(), suffix);
         return R.ok().put("url", url);