add upload permission

2026-01-29 12:05:27 +08:00
parent e619f3a1e2
commit cd7bc31e6b
10 changed files with 107 additions and 12 deletions
--- a/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java
+++ b/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java
@ -139,6 +139,10 @@ public enum SettingKey {
 	JOURNAL_APP_SECRET,
 	JOURNAL_MEMO,
 	JOURNAL_OPEN_ID_WHITE_LIST,
 	// ---------- 临时文件 ----------
 	/** 临时文件最小缓存时间 */
--- a/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java
+++ b/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java
@ -4,9 +4,9 @@ import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.reflect.TypeToken;
 import com.imyeyu.java.bean.timi.TimiException;
 import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.entity.Setting;
 import com.imyeyu.java.bean.timi.TimiException;
 import com.imyeyu.spring.service.UpdatableService;
 import java.util.Arrays;
--- a/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java
+++ b/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java
@ -46,6 +46,12 @@ public class SettingServiceImplement extends AbstractEntityService<Setting, Stri
 		return mapper;
 	}
 	@Override
 	public void update(Setting setting) {
 		super.update(setting);
 		clearCache(setting.getKey());
 	}
 	public Setting getByKey(SettingKey key) {
 		if (key == null) {
 			throw new TimiException(TimiCode.ARG_MISS).msgKey("key can not be null");
--- a/src/main/java/com/imyeyu/api/modules/journal/bean/RequiredUploadPermission.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/bean/RequiredUploadPermission.java
@ -0,0 +1,8 @@
 package com.imyeyu.api.modules.journal.bean;
 /**
 * @author 夜雨
 * @since 2026-01-29 10:59
 */
 public @interface RequiredUploadPermission {
 }
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java
@ -7,8 +7,10 @@ import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.entity.Attachment;
 import com.imyeyu.api.modules.common.service.AttachmentService;
 import com.imyeyu.api.modules.common.service.SettingService;
 import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.Journal;
 import com.imyeyu.api.modules.journal.service.JournalService;
 import com.imyeyu.api.modules.journal.util.JournalAPIInterceptor;
 import com.imyeyu.api.modules.journal.vo.journal.ArchiveRequest;
 import com.imyeyu.api.modules.journal.vo.journal.JournalRequest;
 import com.imyeyu.api.modules.journal.vo.journal.JournalResponse;
@ -52,6 +54,8 @@ public class JournalController {
 	private final SettingService settingService;
 	private final AttachmentService attachmentService;
 	private final JournalAPIInterceptor apiInterceptor;
 	/**
 	 * 初始化用户 OpenId
 	 *
@ -76,6 +80,11 @@ public class JournalController {
 		}
 	}
 	@PostMapping("/can-upload")
 	public boolean canUpload() {
 		return apiInterceptor.canUploadKey();
 	}
 	@AOPLog
 	@RequestRateLimit
 	@RequestMapping("/{id}")
@ -103,6 +112,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody JournalRequest request) {
 		service.create(request);
@ -115,6 +125,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid UpdateRequest request) {
 		service.update(request);
@ -126,6 +137,7 @@ public class JournalController {
 	 * @param id 记录 ID
 	 */
 	@AOPLog
 	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
@ -213,6 +225,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/moment/create")
 	public List<Attachment> createMoment(@RequestBody String[] tempFileIds) {
 		return service.createMoment(tempFileIds);
@ -260,6 +273,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/moment/delete")
 	public void deleteMoment(@RequestBody Long[] thumbIds) {
 		service.deleteMoment(thumbIds);
@ -272,6 +286,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/moment/archive")
 	public void archiveMoment(@RequestBody ArchiveRequest request) {
 		service.archiveMoment(request);
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/ToolController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/ToolController.java
@ -0,0 +1,39 @@
 package com.imyeyu.api.modules.journal.controller;
 import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.entity.Setting;
 import com.imyeyu.api.modules.common.service.SettingService;
 import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.spring.annotation.RequestSingleParam;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 /**
 * @author 夜雨
 * @since 2026-01-28 11:36
 */
@Slf4j
@RestController
@RequiredArgsConstructor
@RequestMapping("/journal/tool")
 public class ToolController {
 	private final SettingService settingService;
 	@GetMapping("/memo")
 	public String getMemo() {
 		return settingService.getAsString(SettingKey.JOURNAL_MEMO);
 	}
 	@RequiredUploadPermission
 	@PostMapping("/memo/update")
 	public void updateMemo(@RequestSingleParam String data) {
 		Setting setting = settingService.getByKey(SettingKey.JOURNAL_MEMO);
 		setting.setValue(data);
 		settingService.update(setting);
 	}
 }
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java
@ -1,6 +1,6 @@
 package com.imyeyu.api.modules.journal.controller;
-import com.imyeyu.api.modules.common.service.AttachmentService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.Travel;
 import com.imyeyu.api.modules.journal.service.TravelService;
 import com.imyeyu.spring.annotation.AOPLog;
@ -31,7 +31,6 @@ import org.springframework.web.bind.annotation.RestController;
 public class TravelController {
 	private final TravelService service;
 	private final AttachmentService attachmentService;
 	/**
 	 * 创建旅行计划
@ -40,6 +39,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody @Valid Travel travel) {
 		service.create(travel);
@ -52,6 +52,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid Travel travel) {
 		service.update(travel);
@ -64,6 +65,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java
@ -4,6 +4,7 @@ import com.imyeyu.api.bean.PreviewPage;
 import com.imyeyu.api.modules.common.bean.MediaAttach;
 import com.imyeyu.api.modules.common.entity.Attachment;
 import com.imyeyu.api.modules.common.service.AttachmentService;
 import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.TravelLocation;
 import com.imyeyu.api.modules.journal.service.TravelLocationService;
 import com.imyeyu.spring.annotation.AOPLog;
@ -45,6 +46,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody @Valid TravelLocation location) {
 		service.create(location);
@ -57,6 +59,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid TravelLocation location) {
 		service.update(location);
@ -69,6 +72,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
 	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
--- a/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java
@ -2,6 +2,7 @@ package com.imyeyu.api.modules.journal.util;
 import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.service.SettingService;
 import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.java.TimiJava;
 import com.imyeyu.java.bean.timi.TimiCode;
 import com.imyeyu.java.bean.timi.TimiException;
@ -13,8 +14,11 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.lang.NonNull;
 import org.springframework.stereotype.Component;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 import java.util.Set;
 /**
 * @author 夜雨
 * @version 2023-11-23 17:09
@ -28,20 +32,34 @@ public class JournalAPIInterceptor implements HandlerInterceptor {
 	private final SettingService settingService;
-	private String[] keys;
+	private Set<String> keys, openIds;
 	@PostConstruct
 	private void postConstruct() {
-		keys = settingService.getAsString(SettingKey.JOURNAL_KEY).split(",");
+		keys = Set.of(settingService.getAsString(SettingKey.JOURNAL_KEY).split(","));
 		openIds = Set.of(settingService.getAsString(SettingKey.JOURNAL_OPEN_ID_WHITE_LIST).split(","));
 	}
 	public boolean preHandle(@NonNull HttpServletRequest req, @NonNull HttpServletResponse resp, @NonNull Object handler) {
-		String key = TimiJava.firstNotEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
+		boolean requiredUploadPermission = false;
-		for (int i = 0; i < keys.length; i++) {
+		if (handler instanceof HandlerMethod handlerMethod) {
-			if (keys[i].equals(key)) {
+			requiredUploadPermission = handlerMethod.getMethodAnnotation(RequiredUploadPermission.class) != null;
 				return true;
 			}
 		}
 		if (!canAccess()) {
 			throw new TimiException(TimiCode.PERMISSION_MISS).msgKey("invalid.key");
 		}
 		return !requiredUploadPermission || canUploadKey();
 	}
 	public boolean canAccess() {
 		String reqKey = TimiJava.defaultIfEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
 		return keys.contains(reqKey);
 	}
 	public boolean canUploadKey() {
 		String reqKey = TimiJava.defaultIfEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
 //		String reqOpenId = TimiJava.defaultIfEmpty(TimiSpring.getHeader("OpenId"), TimiSpring.getRequestArg("openid"));
 //		return canAccess() && reqKey.startsWith("i") && openIds.contains(reqOpenId);
 		return canAccess() && reqKey.startsWith("i");
 	}
 }
--- a/src/test/java/test/Test.java
+++ b/src/test/java/test/Test.java
@ -1,6 +1,5 @@
 package test;
 import com.imyeyu.io.IOSize;
 import com.imyeyu.utils.Text;
 import com.imyeyu.utils.Time;