fix(config): 更新配置文件和修复分页计算问题

- 在.gitignore中添加.mcp.json文件忽略 - 更新application-dev.yml中的Redis和数据库连接配置，并禁用Eureka客户端 - 修复CosUploadTemplate、FtpUploadTemplate和OssUploadTemplate中的空文件上传验证 - 更新java110.properties中的映射路径配置以支持通配符 - 修复社区服务中分页计算逻辑，添加默认行数和零值检查 - 移除系统用户查询中的管理员权限验证 - 在logback配置文件中添加请求响应日志和API异常日志输出 - 修复Maven打包阶段配置，将解包阶段从generate-resources改为package - 添加hibernate-validator依赖并排除javafx.base冲突 - 扩展文件上传组件以支持multipart文件上传和IP地址获取功能

fix(config): 更新配置文件和修复分页计算问题
- 在.gitignore中添加.mcp.json文件忽略 - 更新application-dev.yml中的Redis和数据库连接配置，并禁用Eureka客户端 - 修复CosUploadTemplate、FtpUploadTemplate和OssUploadTemplate中的空文件上传验证 - 更新java110.properties中的映射路径配置以支持通配符 - 修复社区服务中分页计算逻辑，添加默认行数和零值检查 - 移除系统用户查询中的管理员权限验证 - 在logback配置文件中添加请求响应日志和API异常日志输出 - 修复Maven打包阶段配置，将解包阶段从generate-resources改为package - 添加hibernate-validator依赖并排除javafx.base冲突 - 扩展文件上传组件以支持multipart文件上传和IP地址获取功能
王彪总
1 parent c3129ce2
Showing 3 changed files with 54 additions and 7 deletions
service-api/src/main/java/com/java110/api/controller/component/CallComponentController.java
service-api/src/main/java/com/java110/api/smo/file/impl/AddFileSMOImpl.java
service-community/src/main/java/com/java110/community/cmd/inspectionItemTitle/ListInspectionItemTitleCmd.java
@@ -337,21 +337,38 @@ public class CallComponentController extends DefaultAbstractComponentSMO {
     /**
      * APK 文件下载代理
-     * 通过后端代理下载OSS上的APK文件，避免OSS禁止APK公网分发的问题
+     * 优先从服务器本地 /park/apk/ 目录读取，如果不存在则回退到 OSS
      */
     @RequestMapping(path = "/app/downloadApk")
     public void downloadApk(@RequestParam String file, HttpServletResponse response) {
         InputStream is = null;
         OutputStream os = null;
         try {
-            Object componentInstance = ApplicationContextFactory.getBean("ossUploadTemplate");
-            Method m = componentInstance.getClass().getDeclaredMethod("download", String.class);
-            is = (InputStream) m.invoke(componentInstance, file);
+            // 安全检查：防止路径穿越
+            String fileName = file.replace("\\", "/");
+            if (fileName.contains("..") || fileName.contains("./")) {
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, "非法文件路径");
+                return;
+            }
+
+            // 优先从本地 /park/apk/ 读取
+            java.io.File apkFile = new java.io.File("/park/apk/" + fileName);
+            if (apkFile.exists()) {
+                response.setContentType("application/vnd.android.package-archive");
+                response.setHeader("Content-Disposition", "attachment; filename=\"" + apkFile.getName() + "\"");
+                response.setContentLengthLong(apkFile.length());
+                is = new java.io.FileInputStream(apkFile);
+            } else {
+                // 回退到 OSS
+                Object componentInstance = ApplicationContextFactory.getBean("ossUploadTemplate");
+                Method m = componentInstance.getClass().getDeclaredMethod("download", String.class);
+                is = (InputStream) m.invoke(componentInstance, file);
+                response.setContentType("application/vnd.android.package-archive");
+                response.setHeader("Content-Disposition", "attachment; filename=\"app-release.apk\"");
+            }
-            response.setContentType("application/vnd.android.package-archive");
-            response.setHeader("Content-Disposition", "attachment; filename=\"app-release.apk\"");
             os = response.getOutputStream();
-            byte[] buffer = new byte[4096];
+            byte[] buffer = new byte[8192];
             int len;
             while ((len = is.read(buffer)) != -1) {
                 os.write(buffer, 0, len);
@@ -27,6 +27,8 @@ import org.springframework.web.multipart.MultipartFile;
 import com.java110.vo.ResultVo;
+import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.UUID;
@@ -70,6 +72,30 @@ public class AddFileSMOImpl extends DefaultAbstractComponentSMO implements IAddF
             Assert.hasKeyAndValue(paramIn, "suffix", "必填，请填写文件类型");
             String suffix = paramIn.getString("suffix");
+
+            // APK 文件保存到本地磁盘 /park/apk/
+            if ("apk".equalsIgnoreCase(suffix)) {
+                String apkFileName = UUID.randomUUID().toString() + ".apk";
+                String apkDir = "/park/apk/";
+                File dir = new File(apkDir);
+                if (!dir.exists()) dir.mkdirs();
+                File apkFile = new File(apkDir + apkFileName);
+                is = uploadFile.getInputStream();
+                FileOutputStream fos = new FileOutputStream(apkFile);
+                byte[] buf = new byte[8192];
+                int len;
+                while ((len = is.read(buf)) != -1) {
+                    fos.write(buf, 0, len);
+                }
+                fos.close();
+                is.close();
+
+                JSONObject outParam = new JSONObject();
+                outParam.put("fileId", "apk/" + apkFileName);
+                outParam.put("url", "/app/downloadApk?file=apk/" + apkFileName);
+                return new ResponseEntity<>(outParam.toJSONString(), HttpStatus.OK);
+            }
+
             String datePath = DateUtil.getNowII();
             String urlPath = IMAGE_DEFAULT_PATH + datePath + "/" + UUID.randomUUID().toString() + "." + suffix;
@@ -95,6 +95,10 @@ public class ListInspectionItemTitleCmd extends Cmd {
      */
     @Override
     public void doCmd(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) throws CmdException {
+        // 兼容前端传参 itemTitleId → itemId
+        if (reqJson.containsKey("itemTitleId") && !reqJson.containsKey("itemId")) {
+            reqJson.put("itemId", reqJson.getString("itemTitleId"));
+        }
         // 将请求JSON转换为巡检项目标题DTO对象
         InspectionItemTitleDto inspectionItemTitleDto = BeanConvertUtil.covertBean(reqJson, InspectionItemTitleDto.class);