书籍所有人可以直链播放音频和视频

TruthHun88 · TruthHun88 · commit 051dd4c17b42 · 2021-01-05T23:35:31.000+08:00
diff --git a/conf/enumerate.go b/conf/enumerate.go
@@ -68,20 +68,20 @@ var (
 )
 
 var (
-	audioExt sync.Map
-	videoExt sync.Map
+	AudioExt sync.Map
+	VideoExt sync.Map
 )
 
 // 初始化支持的音视频格式
 func init() {
 	// 音频格式
 	for _, ext := range []string{".flac", ".wma", ".weba", ".aac", ".oga", ".ogg", ".mp3", ".webm", ".mid", ".wav", ".opus", ".m4a", ".amr", ".aiff", ".au"} {
-		audioExt.Store(ext, true)
+		AudioExt.Store(ext, true)
 	}
 
 	// 视频格式
 	for _, ext := range []string{".ogm", ".wmv", ".asx", ".mpg", ".webm", ".mp4", ".ogv", ".mpeg", ".mov", ".m4v", ".avi"} {
-		videoExt.Store(ext, true)
+		VideoExt.Store(ext, true)
 	}
 }
 
@@ -132,10 +132,10 @@ func IsAllowUploadFileExt(ext string, typ ...string) bool {
 	if len(typ) > 0 {
 		t := strings.ToLower(strings.TrimSpace(typ[0]))
 		if t == "audio" {
-			_, ok := audioExt.Load(ext)
+			_, ok := AudioExt.Load(ext)
 			return ok
 		} else if t == "video" {
-			_, ok := videoExt.Load(ext)
+			_, ok := VideoExt.Load(ext)
 			return ok
 		}
 	}
diff --git a/controllers/StaticController.go b/controllers/StaticController.go
@@ -3,10 +3,13 @@ package controllers
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"path/filepath"
 	"strings"
 
+	"github.com/TruthHun/BookStack/conf"
 	"github.com/TruthHun/BookStack/models"
+	"github.com/TruthHun/BookStack/models/store"
 
 	"github.com/TruthHun/BookStack/utils"
 	"github.com/astaxie/beego"
@@ -39,7 +42,7 @@ func (this *StaticController) Uploads() {
 	http.ServeFile(this.Ctx.ResponseWriter, this.Ctx.Request, path)
 }
 
-//静态文件，这个加在路由的最后
+// 静态文件，这个加在路由的最后
 func (this *StaticController) StaticFile() {
 	file := this.GetString(":splat")
 	if strings.HasPrefix(file, ".well-known") || file == "sitemap.xml" {
@@ -51,12 +54,104 @@ func (this *StaticController) StaticFile() {
 	http.ServeFile(this.Ctx.ResponseWriter, this.Ctx.Request, path)
 }
 
-// 书籍静态文件
+// ProjectsFile 书籍静态文件
 func (this *StaticController) ProjectsFile() {
+	if utils.StoreType != utils.StoreOss {
+		this.Abort("404")
+	}
+
 	object := filepath.Join("projects/", strings.TrimLeft(this.GetString(":splat"), "./"))
-	if utils.StoreType == utils.StoreOss { //oss
+	object = strings.ReplaceAll(object, "\\", "/")
+	// 不是音频和视频，直接跳转
+	if !this.isMedia(object) {
 		this.Redirect(this.OssDomain+"/"+object, 302)
-	} else { //local
-		this.Abort("404")
+		return
+	}
+
+	// query := this.Ctx.Request.URL.Query()
+	// 签名验证
+	sign := this.GetString("sign")
+	if !this.isValidSign(sign) {
+		// 签名验证不通过，需要再次验证书籍是否是用户的（针对编辑状态）
+		if !this.isBookOwner() {
+			this.Abort("404")
+			return
+		}
+	}
+
+	var expireInSec int64 = 2
+	if bucket, err := store.ModelStoreOss.GetBucket(); err == nil {
+		object, _ = bucket.SignURL(object, http.MethodGet, expireInSec)
+		if slice := strings.Split(object, "/"); len(slice) > 2 {
+			object = strings.Join(slice[3:], "/")
+		}
+	}
+	this.Redirect(this.OssDomain+"/"+object, 302)
+}
+
+// 是否是音视频
+func (this *StaticController) isMedia(path string) (yes bool) {
+	var videoOK, audioOK bool
+	ext := strings.ToLower(filepath.Ext(path))
+	_, videoOK = conf.VideoExt.Load(ext)
+	_, audioOK = conf.VideoExt.Load(ext)
+	return audioOK || videoOK
+}
+
+// 是否是书籍项目所有人（书籍项目所有人，可以直链播放音视频）
+func (this *StaticController) isBookOwner() (yes bool) {
+	memberID := 0
+	// 从session中获取用户信息
+	if member, ok := this.GetSession(conf.LoginSessionName).(models.Member); ok {
+		memberID = member.MemberId
+	}
+
+	if memberID <= 0 {
+		// 如果Cookie中存在登录信息，从cookie中获取用户信息
+		if cookie, ok := this.GetSecureCookie(conf.GetAppKey(), "login"); ok {
+			var remember CookieRemember
+			if err := utils.Decode(cookie, &remember); err == nil {
+				memberID = remember.MemberId
+			}
+		}
+	}
+	if memberID <= 0 {
+		return
 	}
+
+	referer := this.Ctx.Request.Referer()
+	if referer == "" {
+		return
+	}
+
+	bookIdentify := ""
+	if u, err := url.Parse(referer); err == nil {
+		fmt.Println(u.Path)
+		if slice := strings.Split(u.Path, "/"); len(slice) >= 3 && slice[1] == "api" {
+			bookIdentify = slice[2]
+		}
+	}
+
+	if bookIdentify == "" {
+		return
+	}
+
+	bookID := 0
+	if book, err := models.NewBook().FindByIdentify(bookIdentify, "book_id"); err == nil {
+		bookID = book.BookId
+	}
+	if bookID <= 0 {
+		return
+	}
+
+	if r, err := models.NewRelationship().FindByBookIdAndMemberId(bookID, memberID); err == nil && r.RelationshipId > 0 {
+		return true
+	}
+
+	return false
+}
+
+// 是否是合法的签名（针对音频和视频，签名不可用的时候再验证用户有没有登录，用户登录了再验证用户是不是书籍所有人）
+func (this *StaticController) isValidSign(sign string) bool {
+	return false
 }

Original file line number	Diff line number	Diff line change
`@@ -68,20 +68,20 @@ var (`
`68`	`68`	`)`
`69`	`69`
`70`	`70`	`var (`
`71`		`- audioExt sync.Map`
`72`		`- videoExt sync.Map`
	`71`	`+ AudioExt sync.Map`
	`72`	`+ VideoExt sync.Map`
`73`	`73`	`)`
`74`	`74`
`75`	`75`	`// 初始化支持的音视频格式`
`76`	`76`	`func init() {`
`77`	`77`	`// 音频格式`
`78`	`78`	`for _, ext := range []string{".flac", ".wma", ".weba", ".aac", ".oga", ".ogg", ".mp3", ".webm", ".mid", ".wav", ".opus", ".m4a", ".amr", ".aiff", ".au"} {`
`79`		`- audioExt.Store(ext, true)`
	`79`	`+ AudioExt.Store(ext, true)`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`// 视频格式`
`83`	`83`	`for _, ext := range []string{".ogm", ".wmv", ".asx", ".mpg", ".webm", ".mp4", ".ogv", ".mpeg", ".mov", ".m4v", ".avi"} {`
`84`		`- videoExt.Store(ext, true)`
	`84`	`+ VideoExt.Store(ext, true)`
`85`	`85`	`}`
`86`	`86`	`}`
`87`	`87`
`@@ -132,10 +132,10 @@ func IsAllowUploadFileExt(ext string, typ ...string) bool {`
`132`	`132`	`if len(typ) > 0 {`
`133`	`133`	`t := strings.ToLower(strings.TrimSpace(typ[0]))`
`134`	`134`	`if t == "audio" {`
`135`		`- _, ok := audioExt.Load(ext)`
	`135`	`+ _, ok := AudioExt.Load(ext)`
`136`	`136`	`return ok`
`137`	`137`	`} else if t == "video" {`
`138`		`- _, ok := videoExt.Load(ext)`
	`138`	`+ _, ok := VideoExt.Load(ext)`
`139`	`139`	`return ok`
`140`	`140`	`}`
`141`	`141`	`}`