From d0b3578a295416c2bc25b293caa9c15395e4a35d Mon Sep 17 00:00:00 2001
From: wuxw <928255095@qq.com>
Date: 星期二, 18 三月 2025 12:15:50 +0800
Subject: [PATCH] 解决多用户带来的bug

---
 service-api/src/main/java/com/java110/api/controller/app/file/UserDownloadFileController.java |   26 ++++++++++++++++++--------
 1 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/service-api/src/main/java/com/java110/api/controller/app/file/UserDownloadFileController.java b/service-api/src/main/java/com/java110/api/controller/app/file/UserDownloadFileController.java
index b544ee2..67612e5 100644
--- a/service-api/src/main/java/com/java110/api/controller/app/file/UserDownloadFileController.java
+++ b/service-api/src/main/java/com/java110/api/controller/app/file/UserDownloadFileController.java
@@ -1,11 +1,12 @@
 package com.java110.api.controller.app.file;
 
-import com.java110.api.controller.app.payment.NotifyPaymentController;
 import com.java110.core.client.FileUploadTemplate;
 import com.java110.core.log.LoggerFactory;
-import com.java110.dto.userDownloadFile.UserDownloadFileDto;
+import com.java110.dto.user.UserDownloadFileDto;
 import com.java110.intf.job.IUserDownloadFileV1InnerServiceSMO;
 import com.java110.utils.util.Assert;
+import com.java110.utils.util.DateUtil;
+import com.java110.utils.util.PayUtil;
 import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -34,21 +35,30 @@
     @Autowired
     private FileUploadTemplate fileUploadTemplate;
 
-
-    @RequestMapping(path = "/download/{downloadId}", method = RequestMethod.GET)
-    public void download(@PathVariable String downloadId, HttpServletRequest request, HttpServletResponse response) {
+    // /app/file/userfile/download/
+    @RequestMapping(path = "/download/{downloadId}/{token}", method = RequestMethod.GET)
+    public void download(@PathVariable String downloadId,
+                         @PathVariable String token,
+                         HttpServletRequest request, HttpServletResponse response) {
 
         logger.debug("鐢ㄦ埛寮�濮嬩笅杞芥枃浠�" + downloadId);
 
-        String userId = request.getHeader("user-id");
 
         UserDownloadFileDto userDownloadFileDto = new UserDownloadFileDto();
         userDownloadFileDto.setDownloadId(downloadId);
-        userDownloadFileDto.setDownloadUserId(userId);
+        //userDownloadFileDto.setDownloadUserId(userId);
         List<UserDownloadFileDto> userDownloadFileDtos = userDownloadFileV1InnerServiceSMOImpl.queryUserDownloadFiles(userDownloadFileDto);
         Assert.listOnlyOne(userDownloadFileDtos, "鏂囦欢涓嶅瓨鍦�");
+
+        String date = DateUtil.getFormatTimeStringB(DateUtil.getCurrentDate());
+        String newToken = PayUtil.md5(userDownloadFileDtos.get(0).getDownloadId() + date);
+
+        if (!newToken.equals(token)) {
+            throw new IllegalArgumentException("token 澶辨晥璇峰埛鏂伴〉闈㈤噸鏂颁笅杞�");
+        }
+
         String tempUrl = userDownloadFileDtos.get(0).getTempUrl();
-        String fileName = tempUrl.substring(tempUrl.lastIndexOf("/"));
+        String fileName = userDownloadFileDtos.get(0).getFileTypeName() + tempUrl.substring(tempUrl.lastIndexOf("/"));
 
         response.setHeader("content-type", "application/octet-stream");
         response.setHeader("Content-Disposition", "attachment; filename=" + fileName);

--
Gitblit v1.8.0