修复引入多租户后,前端 <img /> 读取图片报错的问题

This commit is contained in:
YunaiV 2021-12-15 13:08:15 +08:00
parent b99f364d92
commit abf61bfdea
6 changed files with 671 additions and 727 deletions

File diff suppressed because it is too large Load Diff

View File

@ -10,6 +10,7 @@ import cn.iocoder.yudao.framework.common.pojo.CommonResult;
import cn.iocoder.yudao.framework.common.pojo.PageResult; import cn.iocoder.yudao.framework.common.pojo.PageResult;
import cn.iocoder.yudao.adminserver.modules.infra.convert.file.InfFileConvert; import cn.iocoder.yudao.adminserver.modules.infra.convert.file.InfFileConvert;
import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiImplicitParams;
@ -64,6 +65,7 @@ public class InfFileController {
@ApiOperation("下载文件") @ApiOperation("下载文件")
@ApiImplicitParam(name = "path", value = "文件附件", required = true, dataTypeClass = MultipartFile.class) @ApiImplicitParam(name = "path", value = "文件附件", required = true, dataTypeClass = MultipartFile.class)
public void getFile(HttpServletResponse response, @PathVariable("path") String path) throws IOException { public void getFile(HttpServletResponse response, @PathVariable("path") String path) throws IOException {
TenantContextHolder.setNullTenantId();
InfFileDO file = fileCoreService.getFile(path); InfFileDO file = fileCoreService.getFile(path);
if (file == null) { if (file == null) {
log.warn("[getFile][path({}) 文件不存在]", path); log.warn("[getFile][path({}) 文件不存在]", path);

View File

@ -2,11 +2,27 @@ package cn.iocoder.yudao.coreservice.modules.infra.dal.mysql.file;
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX; import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
import cn.iocoder.yudao.coreservice.modules.infra.dal.dataobject.file.InfFileDO; import cn.iocoder.yudao.coreservice.modules.infra.dal.dataobject.file.InfFileDO;
import com.baomidou.mybatisplus.annotation.InterceptorIgnore;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
@Mapper @Mapper
public interface InfFileCoreMapper extends BaseMapperX<InfFileDO> { public interface InfFileCoreMapper extends BaseMapperX<InfFileDO> {
default Integer selectCountById(String id) { default Integer selectCountById(String id) {
return selectCount("id", id); return selectCount("id", id);
} }
/**
* 基于 Path 获取文件
* 实际上是基于 ID 查询
* 由于前端使用 <img /> 的方式获取图片所以需要忽略租户的查询
*
* @param path 路径
* @return 文件
*/
@InterceptorIgnore(tenantLine = "true")
default InfFileDO selectByPath(String path) {
return selectById(path);
}
} }

View File

@ -58,7 +58,7 @@ public class InfFileCoreServiceImpl implements InfFileCoreService {
@Override @Override
public InfFileDO getFile(String path) { public InfFileDO getFile(String path) {
return fileMapper.selectById(path); return fileMapper.selectByPath(path);
} }
} }

View File

@ -11,6 +11,11 @@ public class TenantContextHolder {
private static final ThreadLocal<Long> TENANT_ID = new TransmittableThreadLocal<>(); private static final ThreadLocal<Long> TENANT_ID = new TransmittableThreadLocal<>();
/**
* 租户编号 -
*/
private static final Long TENANT_ID_NULL = 0L;
/** /**
* 获得租户编号 * 获得租户编号
* *
@ -33,6 +38,15 @@ public class TenantContextHolder {
return tenantId; return tenantId;
} }
/**
* 在一些前端场景下可能无法请求带上租户例如说<img /> 方式获取图片等
* 此时暂时的解决方案是在该接口的 Controller 方法上调用该方法
* TODO 芋艿思考有没更合适的方案目标是去掉该方法
*/
public static void setNullTenantId() {
TENANT_ID.set(TENANT_ID_NULL);
}
public static void setTenantId(Long tenantId) { public static void setTenantId(Long tenantId) {
TENANT_ID.set(tenantId); TENANT_ID.set(tenantId);
} }

View File

@ -30,6 +30,7 @@ public class TenantSecurityWebFilter extends OncePerRequestFilter {
throws ServletException, IOException { throws ServletException, IOException {
LoginUser user = SecurityFrameworkUtils.getLoginUser(); LoginUser user = SecurityFrameworkUtils.getLoginUser();
assert user != null; // shouldNotFilter 已经校验 assert user != null; // shouldNotFilter 已经校验
// 校验租户是否匹配
if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) { if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]", log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
user.getTenantId(), user.getId(), user.getUserType(), user.getTenantId(), user.getId(), user.getUserType(),