From ebc370078dc68607fadf3869d4f30e1007f386d4 Mon Sep 17 00:00:00 2001
From: junleea <354425203@qq.com>
Date: Fri, 16 May 2025 16:24:04 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=8E=B7=E5=8F=96=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E9=93=BE=E6=8E=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 handler/file.go        | 51 +++++++++++++++++++++++++++++++++++++++++-
 handler/tool.go        |  1 +
 proto/tool.go          |  4 ++++
 service/userService.go | 21 +++++++++++++++++
 4 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/handler/file.go b/handler/file.go
index 431aff8..809f506 100644
--- a/handler/file.go
+++ b/handler/file.go
@@ -16,7 +16,7 @@ func SetUpFileGroup(router *gin.Engine) {
 	fileGroup.POST("/config_update", UpdateConfigFile)
 	fileGroup.POST("/config_search", SearchConfigFile)
 	fileGroup.POST("/upload", UploadFileV2)
-	fileGroup.GET("/general/:filename", GetFile)
+	fileGroup.GET("/general/:filename", GetFileV2)
 	fileGroup.POST("/file_list", GetUserFileList)
 	fileGroup.POST("/file_delete", DeleteUserFile)
 	fileGroup.POST("/file_update", UpdateUserFile)
@@ -33,6 +33,55 @@ type GetUserFileListReq struct {
 	Type     string `json:"type" form:"type"`           // all,search
 }
 
+func GetFileV2(c *gin.Context) {
+	//先查看是否有权限
+	filename := c.Param("filename")
+	var resp proto.FileContentResp
+	var req proto.GetFileRequest
+	err := c.ShouldBindQuery(&req)
+
+	if err != nil || filename == "" {
+		resp.Code = proto.ParameterError
+		resp.Message = "upload form parameter decode error:" + err.Error()
+		c.JSON(http.StatusOK, resp)
+		return
+	} else {
+		//查询文件信息
+		file := dao.FindFileByName(filename)
+		if file.ID == 0 {
+			resp.Code = proto.FileNotFound
+			resp.Message = "file not found"
+			c.JSON(http.StatusOK, resp)
+			return
+		}
+		//下载文件
+		if file.NeedAuth == false {
+			c.Header("Content-Disposition", "attachment; filename="+file.FileName)
+			c.File(file.FilePath + "/" + file.FileStoreName)
+		} else {
+			if req.Token == "" {
+				resp.Code = proto.TokenIsNull
+				resp.Message = "token is null"
+				c.JSON(http.StatusOK, resp)
+			} else {
+				user, err2 := service.GetUserInfoByToken(req.Token)
+				if err2 != nil {
+					resp.Code = proto.TokenInvalid
+					resp.Message = "token error"
+					c.JSON(http.StatusOK, resp)
+				} else if int(user.ID) != file.AuthID {
+					resp.Code = proto.PermissionDenied
+					resp.Message = "permission denied"
+					c.JSON(http.StatusOK, resp)
+				} else {
+					c.Header("Content-Disposition", "attachment; filename="+file.FileName)
+					c.File(file.FilePath + "/" + file.FileStoreName)
+				}
+			}
+		}
+	}
+}
+
 func GetUserFileList(c *gin.Context) {
 	id, _ := c.Get("id")
 	userId := int(id.(float64))
diff --git a/handler/tool.go b/handler/tool.go
index 9264bd5..18d2b07 100644
--- a/handler/tool.go
+++ b/handler/tool.go
@@ -229,6 +229,7 @@ func GetFile(c *gin.Context) {
 	}
 	//下载文件
 	if file.NeedAuth == false {
+		c.Header("Content-Disposition", "attachment; filename="+file.FileName)
 		c.File(file.FilePath + "/" + file.FileStoreName)
 	} else {
 		c.JSON(http.StatusOK, gin.H{"code": proto.SuccessCode, "message": "file must auth", "data": "file must auth"})
diff --git a/proto/tool.go b/proto/tool.go
index ad9a943..4d7da56 100644
--- a/proto/tool.go
+++ b/proto/tool.go
@@ -37,6 +37,10 @@ type FileContentReq struct {
 	FileContent string `json:"file_content" form:"file_content"` // 文件内容
 }
 
+type GetFileRequest struct {
+	Token string `json:"token" form:"token"` // token
+}
+
 type FileContentResp struct {
 	Code    int    `json:"code"`
 	Message string `json:"message"`
diff --git a/service/userService.go b/service/userService.go
index 56734e8..1dbc9a3 100644
--- a/service/userService.go
+++ b/service/userService.go
@@ -436,3 +436,24 @@ func CalculateUserTokenAndSetCache(user dao.User) (string, error) {
 
 	return tokenString, err
 }
+
+func GetUserInfoByToken(token string) (dao.User, error) {
+	//解析token
+	claims := jwt.MapClaims{}
+	var user dao.User
+	tkn, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
+		return proto.SigningKey, nil
+	})
+	if err != nil {
+		return user, err
+	}
+	if !tkn.Valid {
+		return user, errors.New("token is invalid")
+	}
+	id := int(claims["id"].(float64))
+	user = GetUserByIDWithCache(id)
+	if user.ID == 0 {
+		return user, errors.New("user not found")
+	}
+	return user, nil
+}