合并代码

2 years ago · 0f6f519ac1
3 changed files with 43 additions and 26 deletions
--- a/24Hour/Controllers/Common/CommonController.cs
+++ b/24Hour/Controllers/Common/CommonController.cs
@ -1,6 +1,7 @@
 using AutoMapper;
 using com.sun.org.apache.xalan.@internal.xsltc.runtime;
 using com.sun.tools.@internal.xjc.api;
+using com.sun.xml.@internal.ws.developer;
 using Elight.Entity;
 using Elight.Entity.SystemModel;
 using Elight.Logic;
@ -13,14 +14,17 @@ using java.util;
 using javax.smartcardio;
 using javax.xml.crypto;
 using jdk.nashorn.@internal.ir;
+using MathNet.Numerics.LinearAlgebra;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using NPOI.SS.Formula.Functions;
 using Quartz.Logging;
 using SqlSugar;
 using sun.security.x509;
 using System.Drawing.Printing;
 using System.Security.AccessControl;
 using static com.sun.tools.@internal.xjc.reader.xmlschema.bindinfo.BIConversion;
+using static javax.jws.soap.SOAPBinding;
 using static sun.font.LayoutPathImpl;
 using User = Elight.Utility.User;

@ -2739,19 +2743,34 @@ namespace _24Hour.Controllers.Common
        #endregion

        #region 文件上传
+        /// <summary>
+        /// 通用文件下载接口
+        /// </summary>
+        /// <param name="filename"></param>
+        /// <returns></returns>
        [HttpGet]
        [Route("RequestDownloadFile")]
        public IActionResult RequestDownloadFile(string filename) //[FromBody] dynamic Json
        {

-            var FileName = System.IO.Path.GetFileName(filename);
-            var currentDate = DateTime.Now;
-
-            var FilePath = filename;
-
-            return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
+            if (System.IO.File.Exists(filename))
+            {
+                filename = filename.Replace(@"\\",@"\");
+                var data = System.IO.Path.Combine(Environment.CurrentDirectory, "wwwroot");
+                if (filename.Contains(data)==false)
+                {
+                    return BadRequest();
+                }
+                var FileName = System.IO.Path.GetFileName(filename);
+                var FilePath = filename;
+                return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
+            }
+            else
+            {
+                return BadRequest();
+            }
        }
-        private string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp",".xlsx",".aks"};
+        private readonly string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp", ".xlsx", ".aks" };
        /// <summary>
        /// 文件上传--附件
        /// <param name="file"></param>
@ -2784,9 +2803,6 @@ namespace _24Hour.Controllers.Common
                        outParm.Message = "不被允许的文件格式!";
                        return Json(outParm);
                    }
-
-
-
                    var _path = Path.Combine("CaseFile", "card", DateTime.Now.ToString("yyyy-MM-dd"));
                    var dic = Path.Combine(Environment.CurrentDirectory, "wwwroot", _path);

@ -2835,7 +2851,7 @@ namespace _24Hour.Controllers.Common

            Result result = new Result();
            var urlpath = file.Replace("/", @"\");
-            var path = Path.Combine(Environment.CurrentDirectory, "wwwroot"+urlpath);
+            var path = Path.Combine(Environment.CurrentDirectory, "wwwroot" + urlpath);
            if (System.IO.File.Exists(path))
            {
                var str = Elight.Utility.Encrypt.DataEncryption.Decryptiones(path);
--- a/24Hour/Controllers/LoginController.cs
+++ b/24Hour/Controllers/LoginController.cs
@ -512,7 +512,7 @@ namespace _24Hour.Controllers
                        _db.BeginTran();
                        data.audit = 2;
                        data.describe = "";
-                        data.photo = "/CaseFile/resource/headicon.png";
+                        data.photo = "/CaseFile/resource/headicon.aks";
                        data.name = UserModel.name;
                        data.sex = UserModel.sex;
                        data.phone = UserModel.phone;
@ -554,7 +554,7 @@ namespace _24Hour.Controllers
                        UserModel.audit = 2;
                        if (string.IsNullOrEmpty(UserModel.photo))
                        {
-                            UserModel.photo = "/CaseFile/resource/headicon.png";
+                            UserModel.photo = "/CaseFile/resource/headicon.aks";
                        }
                        //Ä¬ÈÏÃÜÂë
                        UserModel.Password = Elight.Utility.Encrypt.Md5.Encrypt32($"{UserModel.Password}").ToLower();
@ -598,7 +598,7 @@ namespace _24Hour.Controllers

                    if (string.IsNullOrEmpty(UserModel.photo))
                    {
-                        UserModel.photo = "/CaseFile/resource/headicon.png";
+                        UserModel.photo = "/CaseFile/resource/headicon.aks";
                    }
                    var num = await _db.Insertable(UserModel).ExecuteCommandAsync();
                    _db.CommitTran();
--- a/24Hour/WechatMessagerClient.cs
+++ b/24Hour/WechatMessagerClient.cs
@ -2,6 +2,7 @@
 using com.sun.xml.@internal.xsom;
 using Elight.Utility;
 using Elight.Utility.Code;
+using Elight.Utility.Encrypt;
 using Elight.Utility.Extensions;
 using java.lang.annotation;
 using java.util;
@ -9,6 +10,7 @@ using Microsoft.IdentityModel.Logging;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using System.Runtime.Caching;
+using System.Security.Cryptography;
 using static java.security.cert.CertPathValidatorException;

 namespace _24Hour
@ -56,15 +58,14 @@ namespace _24Hour
            httpCliet.DefaultRequestHeaders.ConnectionClose = true;
            _configuration = configuration;

-            appid = $"{configuration.GetSection("Wechat:appid").Value}";
-            secret = $"{configuration.GetSection("Wechat:secret").Value}";
-            secid = $"{configuration.GetSection("Wechat:secid").Value}";
-            Gzhappid = $"{configuration.GetSection("WechatGzh:appid").Value}";
-            Gzhsecret = $"{configuration.GetSection("WechatGzh:secret").Value}";
-            GzhtemplateId = $"{configuration.GetSection("WechatGzh:templateId").Value}"; 
-            TemplateIdSuccess = $"{configuration.GetSection("Wechat:templateIdSuccess").Value}";
-            TemplateIdFail = $"{configuration.GetSection("Wechat:templateIdFail").Value}";
-            TemplateIdFail = $"{configuration.GetSection("Wechat:templateIdFail").Value}";
+            appid =AES.Decrypt( $"{configuration.GetSection("Wechat:appid").Value}");
+            secret = AES.Decrypt($"{configuration.GetSection("Wechat:secret").Value}");
+            secid = AES.Decrypt($"{configuration.GetSection("Wechat:secid").Value}");
+            Gzhappid = AES.Decrypt($"{configuration.GetSection("WechatGzh:appid").Value}");
+            Gzhsecret = AES.Decrypt($"{configuration.GetSection("WechatGzh:secret").Value}");
+            GzhtemplateId = AES.Decrypt($"{configuration.GetSection("WechatGzh:templateId").Value}");
+            TemplateIdSuccess = AES.Decrypt($"{configuration.GetSection("Wechat:templateIdSuccess").Value}");
+            TemplateIdFail = AES.Decrypt($"{configuration.GetSection("Wechat:templateIdFail").Value}");
        }
        //小程序获取openId
        public async Task<Result> GetOpenId(string code)