+ * 应用启动时自动配置 OSS 跨域规则,解决前端直传跨域问题。 + * 需在配置中开启:aliyun.oss.cors-enabled=true + *
+ */ +@Slf4j +@Component +@Order(100) +@RequiredArgsConstructor +public class OssCorsInitRunner implements ApplicationRunner { + + private final OssUtils ossUtils; + + @Override + public void run(ApplicationArguments args) { + ossUtils.configureBucketCors(); + } +} diff --git a/backend-java/src/main/java/com/competition/modules/oss/controller/UploadController.java b/backend-java/src/main/java/com/competition/modules/oss/controller/UploadController.java index 224f465..8b8347f 100644 --- a/backend-java/src/main/java/com/competition/modules/oss/controller/UploadController.java +++ b/backend-java/src/main/java/com/competition/modules/oss/controller/UploadController.java @@ -2,13 +2,13 @@ package com.competition.modules.oss.controller; import com.competition.common.result.Result; import com.competition.modules.oss.service.OssService; +import com.competition.modules.oss.util.OssUtils; +import com.competition.modules.oss.vo.OssTokenVo; +import com.competition.security.annotation.Public; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import java.util.Map; @@ -20,8 +20,9 @@ import java.util.Map; public class UploadController { private final OssService ossService; + private final OssUtils ossUtils; - @Operation(summary = "上传文件") + @Operation(summary = "服务端上传文件(向后兼容)") @PostMapping public Result+ * 委托给 OssUtils 处理实际的上传逻辑。 + * 主要用于向后兼容服务端上传接口。 + *
+ */ @Slf4j @Service @RequiredArgsConstructor public class OssService { - private final OssConfig ossConfig; + private final OssUtils ossUtils; /** - * 上传文件,优先使用腾讯云 COS,未配置时降级到本地存储 + * 上传文件到 OSS(服务端上传,向后兼容) */ public String uploadFile(MultipartFile file) { - String originalFilename = file.getOriginalFilename(); - String ext = ""; - if (originalFilename != null && originalFilename.contains(".")) { - ext = originalFilename.substring(originalFilename.lastIndexOf(".")); - } - - String datePath = LocalDate.now().format(DateTimeFormatter.ofPattern("yyyy/MM/dd")); - String uniqueName = UUID.randomUUID().toString().replace("-", "") + ext; - String key = datePath + "/" + uniqueName; - - if (StringUtils.hasText(ossConfig.getSecretId())) { - return uploadToCos(file, key); - } else { - return uploadToLocal(file, key); - } - } - - private String uploadToCos(MultipartFile file, String key) { - COSCredentials cred = new BasicCOSCredentials(ossConfig.getSecretId(), ossConfig.getSecretKey()); - ClientConfig clientConfig = new ClientConfig(new Region(ossConfig.getRegion())); - COSClient cosClient = new COSClient(cred, clientConfig); - - try { - ObjectMetadata metadata = new ObjectMetadata(); - metadata.setContentLength(file.getSize()); - metadata.setContentType(file.getContentType()); - - PutObjectRequest putRequest = new PutObjectRequest( - ossConfig.getBucket(), key, file.getInputStream(), metadata); - cosClient.putObject(putRequest); - - String url; - if (StringUtils.hasText(ossConfig.getUrlPrefix())) { - url = ossConfig.getUrlPrefix().replaceAll("/$", "") + "/" + key; - } else { - url = "https://" + ossConfig.getBucket() + ".cos." + ossConfig.getRegion() + ".myqcloud.com/" + key; - } - - log.info("文件上传至 COS 成功: {}", url); - return url; - } catch (IOException e) { - log.error("文件上传至 COS 失败", e); - throw new RuntimeException("文件上传失败", e); - } finally { - cosClient.shutdown(); - } - } - - private String uploadToLocal(MultipartFile file, String key) { - try { - Path basePath = Paths.get(System.getProperty("user.dir"), "uploads"); - Path filePath = basePath.resolve(key); - Files.createDirectories(filePath.getParent()); - file.transferTo(filePath.toAbsolutePath().toFile()); - - String url = "/uploads/" + key; - log.info("文件上传至本地成功: {}", filePath.toAbsolutePath()); - return url; - } catch (IOException e) { - log.error("文件上传至本地失败", e); - throw new RuntimeException("文件上传失败", e); - } + return ossUtils.uploadFile(file); } } diff --git a/backend-java/src/main/java/com/competition/modules/oss/util/OssUtils.java b/backend-java/src/main/java/com/competition/modules/oss/util/OssUtils.java new file mode 100644 index 0000000..966d7f6 --- /dev/null +++ b/backend-java/src/main/java/com/competition/modules/oss/util/OssUtils.java @@ -0,0 +1,243 @@ +package com.competition.modules.oss.util; + +import com.aliyun.oss.OSS; +import com.aliyun.oss.OSSClientBuilder; +import com.aliyun.oss.model.ObjectMetadata; +import com.aliyun.oss.model.PutObjectRequest; +import com.aliyun.oss.model.SetBucketCORSRequest; +import com.competition.modules.oss.config.OssConfig; +import com.competition.modules.oss.vo.OssTokenVo; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; +import org.springframework.web.multipart.MultipartFile; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.time.LocalDate; +import java.time.format.DateTimeFormatter; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.UUID; + +/** + * 阿里云 OSS 工具类 + *+ * 包含:前端直传签名生成、服务端上传、CORS 配置 + *
+ */ +@Slf4j +@Component +@RequiredArgsConstructor +public class OssUtils { + + private final OssConfig ossConfig; + + /** + * 获取 OSS 客户端 + */ + private OSS getOssClient() { + return new OSSClientBuilder().build( + ossConfig.getEndpoint(), + ossConfig.getAccessKeyId(), + ossConfig.getAccessKeySecret() + ); + } + + // ==================== 前端直传 ==================== + + /** + * 生成阿里云 OSS PostObject 直传 Token + * + * @param fileName 原始文件名 + * @param dir 目录前缀(可选) + * @return OSS 直传 Token VO + */ + public OssTokenVo generatePostObjectToken(String fileName, String dir) { + // 校验文件名 + if (fileName == null || fileName.isEmpty()) { + throw new IllegalArgumentException("文件名不能为空"); + } + + // 校验文件扩展名 + if (!isAllowedExtension(fileName)) { + throw new IllegalArgumentException("不支持的文件类型:" + fileName); + } + + // 获取文件扩展名 + String extension = getFileExtension(fileName); + + // 生成唯一文件名 + String uniqueFilename = UUID.randomUUID().toString().replace("-", "") + extension; + + // 生成日期路径 + String datePath = LocalDate.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd")) + "/"; + + // 组合存储路径 + String objectKey; + if (dir != null && !dir.isEmpty()) { + if (!dir.endsWith("/")) { + dir = dir + "/"; + } + objectKey = dir + datePath + uniqueFilename; + } else { + objectKey = datePath + uniqueFilename; + } + + // 设置过期时间(30 秒) + int expire = 30; + long expiration = System.currentTimeMillis() + expire * 1000L; + + // 构建 PostPolicy + String policy = buildPostPolicy(objectKey, expiration); + + // 计算签名 + String signature = computeSignature(policy, ossConfig.getAccessKeySecret()); + + // 构建上传地址 + String host = "https://" + ossConfig.getBucketName() + "." + ossConfig.getEndpoint(); + + return OssTokenVo.builder() + .accessid(ossConfig.getAccessKeyId()) + .policy(policy) + .signature(signature) + .dir(dir != null ? dir : "") + .host(host) + .key(objectKey) + .expire(expire) + .build(); + } + + // ==================== 服务端上传(向后兼容) ==================== + + /** + * 服务端上传文件到 OSS + * + * @param file 上传的文件 + * @return 文件 URL + */ + public String uploadFile(MultipartFile file) { + String originalFilename = file.getOriginalFilename(); + String ext = getFileExtension(originalFilename); + + String datePath = LocalDate.now().format(DateTimeFormatter.ofPattern("yyyy/MM/dd")); + String uniqueName = UUID.randomUUID().toString().replace("-", "") + ext; + String key = "server-upload/" + datePath + "/" + uniqueName; + + OSS ossClient = getOssClient(); + try { + ObjectMetadata metadata = new ObjectMetadata(); + metadata.setContentLength(file.getSize()); + metadata.setContentType(file.getContentType()); + + PutObjectRequest putRequest = new PutObjectRequest( + ossConfig.getBucketName(), key, file.getInputStream(), metadata); + ossClient.putObject(putRequest); + + String url = "https://" + ossConfig.getBucketName() + "." + ossConfig.getEndpoint() + "/" + key; + log.info("文件上传至 OSS 成功: {}", url); + return url; + } catch (IOException e) { + log.error("文件上传至 OSS 失败", e); + throw new RuntimeException("文件上传失败", e); + } finally { + ossClient.shutdown(); + } + } + + // ==================== CORS 配置 ==================== + + /** + * 配置 OSS Bucket CORS 规则 + */ + public void configureBucketCors() { + if (!Boolean.TRUE.equals(ossConfig.getCorsEnabled())) { + log.info("OSS CORS 自动配置已禁用"); + return; + } + + OSS ossClient = getOssClient(); + try { + SetBucketCORSRequest request = new SetBucketCORSRequest(ossConfig.getBucketName()); + SetBucketCORSRequest.CORSRule rule = new SetBucketCORSRequest.CORSRule(); + + String origins = ossConfig.getCorsAllowedOrigins(); + if (origins == null || origins.isBlank()) { + origins = "http://localhost:3000,http://localhost:5173"; + } + rule.setAllowedOrigins(Arrays.asList(origins.trim().split("\\s*,\\s*"))); + rule.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "HEAD")); + rule.setAllowedHeaders(Arrays.asList("*")); + rule.setExposeHeaders(Arrays.asList("ETag", "x-oss-request-id")); + rule.setMaxAgeSeconds(600); + + request.setCorsRules(List.of(rule)); + ossClient.setBucketCORS(request); + log.info("OSS Bucket CORS 配置成功,允许来源: {}", origins); + } catch (Exception e) { + log.warn("OSS Bucket CORS 配置失败(可在阿里云控制台手动配置): {}", e.getMessage()); + } finally { + ossClient.shutdown(); + } + } + + // ==================== 私有辅助方法 ==================== + + /** + * 构建 PostPolicy + */ + private String buildPostPolicy(String objectKey, long expiration) { + String expireTime = java.time.Instant.ofEpochMilli(expiration).toString(); + String policyJson = String.format( + "{\"expiration\":\"%s\",\"conditions\":[[\"eq\",\"$key\",\"%s\"]]}", + expireTime, objectKey + ); + return Base64.getEncoder().encodeToString(policyJson.getBytes(StandardCharsets.UTF_8)); + } + + /** + * 计算签名(HMAC-SHA1) + */ + private String computeSignature(String policy, String accessKeySecret) { + try { + Mac mac = Mac.getInstance("HmacSHA1"); + SecretKeySpec keySpec = new SecretKeySpec( + accessKeySecret.getBytes(StandardCharsets.UTF_8), "HmacSHA1"); + mac.init(keySpec); + byte[] signData = mac.doFinal(policy.getBytes(StandardCharsets.UTF_8)); + return Base64.getEncoder().encodeToString(signData); + } catch (Exception e) { + log.error("计算 OSS 签名失败:{}", e.getMessage(), e); + throw new RuntimeException("计算 OSS 签名失败:" + e.getMessage(), e); + } + } + + /** + * 检查文件扩展名是否允许 + */ + private boolean isAllowedExtension(String filename) { + if (filename == null || filename.isEmpty()) { + return false; + } + String extension = getFileExtension(filename).toLowerCase(); + return Arrays.stream(ossConfig.getAllowedExtensions()) + .anyMatch(allowed -> allowed.toLowerCase().equals(extension)); + } + + /** + * 获取文件扩展名(包含点) + */ + private String getFileExtension(String filename) { + if (filename == null || filename.isEmpty()) { + return ""; + } + int lastDot = filename.lastIndexOf("."); + if (lastDot == -1) { + return ""; + } + return filename.substring(lastDot); + } +} diff --git a/backend-java/src/main/java/com/competition/modules/oss/vo/OssTokenVo.java b/backend-java/src/main/java/com/competition/modules/oss/vo/OssTokenVo.java new file mode 100644 index 0000000..c2cc6f2 --- /dev/null +++ b/backend-java/src/main/java/com/competition/modules/oss/vo/OssTokenVo.java @@ -0,0 +1,37 @@ +package com.competition.modules.oss.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * 阿里云 OSS 直传 Token 响应 VO + */ +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class OssTokenVo { + + /** OSS 访问 ID(AccessKeyId) */ + private String accessid; + + /** 合法性策略(Base64 编码的 Policy) */ + private String policy; + + /** 签名信息 */ + private String signature; + + /** 上传目录前缀 */ + private String dir; + + /** OSS 上传地址(https://bucketname.endpoint) */ + private String host; + + /** 完整文件路径 */ + private String key; + + /** 过期时间(秒) */ + private Integer expire; +} diff --git a/backend-java/src/main/resources/application-dev.yml b/backend-java/src/main/resources/application-dev.yml index a09c484..2e2149d 100644 --- a/backend-java/src/main/resources/application-dev.yml +++ b/backend-java/src/main/resources/application-dev.yml @@ -33,12 +33,17 @@ mybatis-plus: configuration: log-impl: org.apache.ibatis.logging.stdout.StdOutImpl -oss: - secret-id: ${COS_SECRET_ID:} - secret-key: ${COS_SECRET_KEY:}, - bucket: ${COS_BUCKET:} - region: ${COS_REGION:ap-guangzhou} - url-prefix: ${COS_URL_PREFIX:} +# 阿里云 OSS 配置(开发环境) +aliyun: + oss: + endpoint: ${OSS_ENDPOINT:oss-cn-shenzhen.aliyuncs.com} + access-key-id: ${OSS_ACCESS_KEY_ID:LTAI5tKZhPofbThbSzDSiWoK} + access-key-secret: ${OSS_ACCESS_KEY_SECRET:FtcsC7oQX3T0NaChaa9FYq2aoysQFM} + bucket-name: ${OSS_BUCKET_NAME:lesingle-creation} + max-file-size: ${OSS_MAX_FILE_SIZE:10485760} + # 前端直传跨域:启动时自动配置 OSS CORS + cors-enabled: ${OSS_CORS_ENABLED:true} + cors-allowed-origins: ${OSS_CORS_ORIGINS:*} logging: level: diff --git a/backend-java/src/main/resources/application-prod.yml b/backend-java/src/main/resources/application-prod.yml index 237919c..aeafd26 100644 --- a/backend-java/src/main/resources/application-prod.yml +++ b/backend-java/src/main/resources/application-prod.yml @@ -38,3 +38,15 @@ knife4j: logging: level: com.competition: info + +# 阿里云 OSS 配置(开发环境) +aliyun: + oss: + endpoint: ${OSS_ENDPOINT:oss-cn-shenzhen.aliyuncs.com} + access-key-id: ${OSS_ACCESS_KEY_ID:LTAI5tKZhPofbThbSzDSiWoK} + access-key-secret: ${OSS_ACCESS_KEY_SECRET:FtcsC7oQX3T0NaChaa9FYq2aoysQFM} + bucket-name: ${OSS_BUCKET_NAME:lesingle-creation} + max-file-size: ${OSS_MAX_FILE_SIZE:10485760} + # 前端直传跨域:启动时自动配置 OSS CORS + cors-enabled: ${OSS_CORS_ENABLED:true} + cors-allowed-origins: ${OSS_CORS_ORIGINS:*} \ No newline at end of file diff --git a/backend-java/src/main/resources/application-test.yml b/backend-java/src/main/resources/application-test.yml index d91937c..2e2149d 100644 --- a/backend-java/src/main/resources/application-test.yml +++ b/backend-java/src/main/resources/application-test.yml @@ -33,12 +33,17 @@ mybatis-plus: configuration: log-impl: org.apache.ibatis.logging.stdout.StdOutImpl -oss: - secret-id: ${COS_SECRET_ID:} - secret-key: ${COS_SECRET_KEY:} - bucket: ${COS_BUCKET:} - region: ${COS_REGION:ap-guangzhou} - url-prefix: ${COS_URL_PREFIX:} +# 阿里云 OSS 配置(开发环境) +aliyun: + oss: + endpoint: ${OSS_ENDPOINT:oss-cn-shenzhen.aliyuncs.com} + access-key-id: ${OSS_ACCESS_KEY_ID:LTAI5tKZhPofbThbSzDSiWoK} + access-key-secret: ${OSS_ACCESS_KEY_SECRET:FtcsC7oQX3T0NaChaa9FYq2aoysQFM} + bucket-name: ${OSS_BUCKET_NAME:lesingle-creation} + max-file-size: ${OSS_MAX_FILE_SIZE:10485760} + # 前端直传跨域:启动时自动配置 OSS CORS + cors-enabled: ${OSS_CORS_ENABLED:true} + cors-allowed-origins: ${OSS_CORS_ORIGINS:*} logging: level: diff --git a/frontend/e2e/upload/fixtures/test-upload.png b/frontend/e2e/upload/fixtures/test-upload.png new file mode 100644 index 0000000..0f2de37 Binary files /dev/null and b/frontend/e2e/upload/fixtures/test-upload.png differ diff --git a/frontend/e2e/upload/oss-upload.spec.ts b/frontend/e2e/upload/oss-upload.spec.ts new file mode 100644 index 0000000..23d83b5 --- /dev/null +++ b/frontend/e2e/upload/oss-upload.spec.ts @@ -0,0 +1,130 @@ +import { test, expect } from '@playwright/test' +import path from 'path' +import { fileURLToPath } from 'url' +import fs from 'fs' + +const __filename = fileURLToPath(import.meta.url) +const __dirname = path.dirname(__filename) + +// 测试配置 +const TENANT_CODE = 'super' +const USERNAME = 'admin' +const PASSWORD = 'admin123' + +// 确保测试图片存在 +const FIXTURES_DIR = path.join(__dirname, 'fixtures') +const TEST_IMAGE_PATH = path.join(FIXTURES_DIR, 'test-upload.png') +if (!fs.existsSync(FIXTURES_DIR)) { + fs.mkdirSync(FIXTURES_DIR, { recursive: true }) +} +if (!fs.existsSync(TEST_IMAGE_PATH)) { + const pngData = Buffer.from( + 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8/5+hHgAHggJ/PchI7wAAAABJRU5ErkJggg==', + 'base64' + ) + fs.writeFileSync(TEST_IMAGE_PATH, pngData) +} + +test.describe('OSS 直传上传', () => { + + // 单独给这个测试更长的超时 + test.setTimeout(60000) + + test('登录 -> 赛事创建页 -> 上传封面图片到 OSS', async ({ page }) => { + // 监听网络请求,捕获 OSS 相关请求 + const ossTokenRequests: string[] = [] + const ossUploadRequests: string[] = [] + + page.on('request', (req) => { + const url = req.url() + if (url.includes('/upload/oss/token')) { + ossTokenRequests.push(url) + } + if (url.includes('aliyuncs.com')) { + ossUploadRequests.push(url) + } + }) + + // ========== 1. 登录 ========== + await page.goto(`/${TENANT_CODE}/login`) + await page.waitForLoadState('domcontentloaded') + + // 等待登录表单可见 + await page.locator('input[placeholder="请输入用户名"]').waitFor({ state: 'visible', timeout: 10000 }) + + // 填写 Ant Design 表单 + await page.locator('input[placeholder="请输入用户名"]').click() + await page.locator('input[placeholder="请输入用户名"]').fill(USERNAME) + await page.locator('input[placeholder="请输入密码"]').click() + await page.locator('input[placeholder="请输入密码"]').fill(PASSWORD) + + // 点击登录按钮 + const loginBtn = page.locator('button[type="submit"]').first() + await loginBtn.click() + + // 等待登录成功(URL 不再包含 /login) + await page.waitForFunction(() => !window.location.pathname.includes('/login'), { timeout: 15000 }) + console.log('[1] 登录成功, 当前页面:', page.url()) + + // ========== 2. 进入赛事创建页 ========== + await page.goto(`/${TENANT_CODE}/contests/create`) + await page.waitForLoadState('domcontentloaded') + + // 等待表单页面加载 + await page.locator('input[placeholder*="活动名称"], input[placeholder*="名称"]').first().waitFor({ timeout: 10000 }) + console.log('[2] 赛事创建页加载成功') + + // ========== 3. 上传封面图片 ========== + // 直接用全局的 file input(Ant Design Upload 的隐藏 input) + const fileInputs = page.locator('input[type="file"]') + const fileCount = await fileInputs.count() + console.log('[3] 发现 file input 数量:', fileCount) + + // 第一个 file input 对应封面上传 + await fileInputs.first().setInputFiles(TEST_IMAGE_PATH) + + console.log('[3] 已选择封面文件,等待 OSS 上传...') + + // 等待网络请求完成 + await page.waitForTimeout(5000) + + // ========== 4. 验证 ========== + console.log('[4] OSS Token 请求数:', ossTokenRequests.length) + console.log('[4] OSS 上传请求数:', ossUploadRequests.length) + + // 验证:发出了 OSS Token 请求 + if (ossTokenRequests.length > 0) { + console.log('[4] Token 请求 URL:', ossTokenRequests[0]) + } + + // 验证:发出了 OSS 上传请求 + if (ossUploadRequests.length > 0) { + console.log('[4] 上传目标 URL:', ossUploadRequests[0]) + expect(ossUploadRequests[0]).toContain('aliyuncs.com') + } + + // 验证:检查页面上是否有上传成功的 UI 指示 + const successItems = page.locator('.ant-upload-list-item-done') + const errorItems = page.locator('.ant-upload-list-item-error') + const successCount = await successItems.count() + const errorCount = await errorItems.count() + + console.log('[4] 上传成功项:', successCount, '上传失败项:', errorCount) + + // 检查是否有错误提示消息 + const errorMsg = await page.locator('.ant-message-error').textContent().catch(() => '') + if (errorMsg) { + console.log('[4] 错误消息:', errorMsg) + } + + // 核心断言 + expect(ossTokenRequests.length).toBeGreaterThanOrEqual(1) + expect(ossUploadRequests.length).toBeGreaterThanOrEqual(1) + expect(errorCount).toBe(0) + + console.log('\n===== OSS 直传上传测试通过 =====') + console.log('OSS Token 请求:', ossTokenRequests.length) + console.log('OSS 上传请求:', ossUploadRequests.length) + console.log('上传目标:', ossUploadRequests[0] || 'N/A') + }) +}) diff --git a/frontend/playwright-report/index.html b/frontend/playwright-report/index.html new file mode 100644 index 0000000..6c72395 --- /dev/null +++ b/frontend/playwright-report/index.html @@ -0,0 +1,90 @@ + + + + + + + + ++ * 仅提供 OSS 直传 Token 获取接口。 + * 实际文件上传由前端直接发送到阿里云 OSS,不经过后端。 + *
+ * + *使用流程:
+ *-
+ *
- 前端调用 GET /api/v1/files/oss/token 获取签名 Token + *
- 前端使用 FormData 将文件 + Token 直接 POST 到阿里云 OSS + *
+ * 用于前端直传文件到 OSS,无需经过后端中转 + *
+ * + * @param fileName 原始文件名(如:图片.jpg) + * @param dir 目录前缀(可选,如:avatar, course/cover) + * @return OSS 直传 Token VO + */ + @GetMapping("/oss/token") + @Operation(summary = "获取阿里云 OSS 直传 Token") + public Map+ * 从 application.yml 中读取 aliyun.oss 前缀的配置项 + *
+ */ +@Data +@Configuration +@ConfigurationProperties(prefix = "aliyun.oss") +public class OssConfig { + + /** + * OSS Endpoint(如:oss-cn-hangzhou.aliyuncs.com) + */ + private String endpoint; + + /** + * 访问密钥 ID + */ + private String accessKeyId; + + /** + * 访问密钥秘密 + */ + private String accessKeySecret; + + /** + * Bucket 名称 + */ + private String bucketName; + + /** + * 文件最大大小(字节),默认 10MB + */ + private Long maxFileSize = 10 * 1024 * 1024L; + + /** + * 是否在启动时自动配置 OSS Bucket CORS(解决前端直传跨域) + */ + private Boolean corsEnabled = false; + + /** + * CORS 允许的来源,逗号分隔(如:http://localhost:5173,https://example.com) + * 使用 * 表示允许所有来源 + */ + private String corsAllowedOrigins = "http://localhost:5173,http://localhost:5174"; + + /** + * 允许的文件扩展名 + */ + private String[] allowedExtensions = new String[]{ + ".jpg", ".jpeg", ".png", ".gif", ".bmp", ".webp", + ".pdf", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", + ".mp4", ".avi", ".mov", ".wmv", + ".mp3", ".wav", + ".txt" + }; + + /** + * 获取完整访问路径(带 Bucket) + * + * @return 完整访问路径 + */ + public String getFullEndpoint() { + if (endpoint == null) { + return null; + } + if (endpoint.startsWith("http://") || endpoint.startsWith("https://")) { + return endpoint; + } + return "https://" + bucketName + "." + endpoint; + } +} diff --git a/oss-direct-upload-demo/backend/OssCorsInitRunner.java b/oss-direct-upload-demo/backend/OssCorsInitRunner.java new file mode 100644 index 0000000..bd84142 --- /dev/null +++ b/oss-direct-upload-demo/backend/OssCorsInitRunner.java @@ -0,0 +1,40 @@ +package com.example.oss.config; + +import com.example.oss.util.OssUtils; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.ApplicationArguments; +import org.springframework.boot.ApplicationRunner; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; + +/** + * OSS Bucket CORS 初始化 + *+ * 应用启动时自动配置 OSS 跨域规则,解决前端直传跨域问题。 + * 需在配置中开启:aliyun.oss.cors-enabled=true + *
+ * + *工作原理:
+ *-
+ *
- Spring Boot 启动完成后自动执行 + *
- 读取 aliyun.oss.cors-enabled 配置 + *
- 如果开启,调用 OSS API 设置 Bucket 的 CORS 规则 + *
- 如果失败(如权限不足),仅打印警告,不影响应用启动 + *
也可以不使用此自动配置,改为在阿里云控制台手动设置 CORS。
+ */ +@Slf4j +@Component +@Order(100) // 较晚执行,确保其他组件已就绪 +@RequiredArgsConstructor +public class OssCorsInitRunner implements ApplicationRunner { + + private final OssUtils ossUtils; + + @Override + public void run(ApplicationArguments args) { + ossUtils.configureBucketCors(); + } +} diff --git a/oss-direct-upload-demo/backend/OssTokenVo.java b/oss-direct-upload-demo/backend/OssTokenVo.java new file mode 100644 index 0000000..e499f24 --- /dev/null +++ b/oss-direct-upload-demo/backend/OssTokenVo.java @@ -0,0 +1,54 @@ +package com.example.oss.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * 阿里云 OSS 直传 Token 响应 VO + *+ * 用于前端直传阿里云 OSS(PostObject 方式) + *
+ */ +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class OssTokenVo { + + /** + * OSS 访问 ID(AccessKeyId) + */ + private String accessid; + + /** + * 合法性策略(Base64 编码的 Policy) + */ + private String policy; + + /** + * 签名信息 + */ + private String signature; + + /** + * 上传目录前缀 + */ + private String dir; + + /** + * OSS 上传地址(https://bucketname.endpoint) + */ + private String host; + + /** + * 完整文件路径(dir + fileName) + */ + private String key; + + /** + * 过期时间(秒) + */ + private Integer expire; +} diff --git a/oss-direct-upload-demo/backend/OssUtils.java b/oss-direct-upload-demo/backend/OssUtils.java new file mode 100644 index 0000000..e02576d --- /dev/null +++ b/oss-direct-upload-demo/backend/OssUtils.java @@ -0,0 +1,257 @@ +package com.example.oss.util; + +import com.aliyun.oss.OSS; +import com.aliyun.oss.OSSClientBuilder; +import com.aliyun.oss.model.SetBucketCORSRequest; +import com.example.oss.config.OssConfig; +import com.example.oss.vo.OssTokenVo; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; +import java.time.LocalDate; +import java.time.format.DateTimeFormatter; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.UUID; + +/** + * 阿里云 OSS 工具类(前端直传专用) + *+ * 仅包含前端直传所需的核心方法: + * - generatePostObjectToken: 生成 PostObject 直传 Token + * - configureBucketCors: 配置 Bucket CORS 规则 + *
+ */ +@Slf4j +@Component +@RequiredArgsConstructor +public class OssUtils { + + private final OssConfig ossConfig; + + /** + * 获取 OSS 客户端 + * + * @return OSS 客户端 + */ + private OSS getOssClient() { + return new OSSClientBuilder().build( + ossConfig.getEndpoint(), + ossConfig.getAccessKeyId(), + ossConfig.getAccessKeySecret() + ); + } + + // ==================== 前端直传核心方法 ==================== + + /** + * 生成阿里云 OSS PostObject 直传 Token + *+ * 用于前端直传文件到 OSS,无需经过后端中转。 + * 前端拿到此 Token 后,通过 FormData + POST 方式直接上传到 OSS。 + *
+ * + *签名流程:
+ *-
+ *
- 构建 Policy JSON(包含过期时间和 key 约束) + *
- Base64 编码 Policy + *
- 使用 AccessKeySecret + HMAC-SHA1 对 Base64(Policy) 计算签名 + *
+ * 需确保 OSS 账号有 oss:PutBucketCors 权限。 + * 也可在阿里云控制台手动配置。 + *
+ */ + public void configureBucketCors() { + if (!Boolean.TRUE.equals(ossConfig.getCorsEnabled())) { + return; + } + OSS ossClient = getOssClient(); + try { + SetBucketCORSRequest request = new SetBucketCORSRequest(ossConfig.getBucketName()); + SetBucketCORSRequest.CORSRule rule = new SetBucketCORSRequest.CORSRule(); + + // 允许的来源(开发:localhost,生产:需配置实际域名) + String origins = ossConfig.getCorsAllowedOrigins(); + if (origins == null || origins.isBlank()) { + origins = "http://localhost:5173,http://localhost:5174"; + } + rule.setAllowedOrigins(Arrays.asList(origins.trim().split("\s*,\s*"))); + + // 允许的方法:POST(直传)、GET、PUT、DELETE、HEAD + rule.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "HEAD")); + + // 允许的请求头(* 表示全部,PostObject 需要) + rule.setAllowedHeaders(Arrays.asList("*")); + + // 暴露给前端的响应头 + rule.setExposeHeaders(Arrays.asList("ETag", "x-oss-request-id")); + + // 预检请求缓存时间(秒) + rule.setMaxAgeSeconds(600); + + request.setCorsRules(List.of(rule)); + ossClient.setBucketCORS(request); + log.info("OSS Bucket CORS 配置成功,允许来源: {}", origins); + } catch (Exception e) { + log.warn("OSS Bucket CORS 配置失败(可在阿里云控制台手动配置): {}", e.getMessage()); + } finally { + ossClient.shutdown(); + } + } + + // ==================== 私有辅助方法 ==================== + + /** + * 构建 PostPolicy + * + * @param objectKey 对象键 + * @param expiration 过期时间戳 + * @return Base64 编码的 Policy + */ + private String buildPostPolicy(String objectKey, long expiration) { + // ISO 8601 GMT 格式(阿里云要求 YYYY-MM-DDTHH:mm:ss.sssZ,必须以 Z 结尾) + String expireTime = java.time.Instant.ofEpochMilli(expiration).toString(); + + // 构建 Policy JSON + String policyJson = String.format( + "{\"expiration\":\"%s\",\"conditions\":[[\"eq\",\"$key\",\"%s\"]]}", + expireTime, + objectKey + ); + + // Base64 编码 + return Base64.getEncoder().encodeToString(policyJson.getBytes(StandardCharsets.UTF_8)); + } + + /** + * 计算签名 + * + * @param policy Base64 编码的 Policy + * @param accessKeySecret OSS 访问密钥 + * @return 签名(Base64 编码) + */ + private String computeSignature(String policy, String accessKeySecret) { + try { + // 使用 HMAC-SHA1 算法 + Mac mac = Mac.getInstance("HmacSHA1"); + SecretKeySpec keySpec = new SecretKeySpec( + accessKeySecret.getBytes(StandardCharsets.UTF_8), + "HmacSHA1" + ); + mac.init(keySpec); + + // 计算签名 + byte[] signData = mac.doFinal(policy.getBytes(StandardCharsets.UTF_8)); + + // Base64 编码 + return Base64.getEncoder().encodeToString(signData); + } catch (Exception e) { + log.error("计算 OSS 签名失败:{}", e.getMessage(), e); + throw new RuntimeException("计算 OSS 签名失败:" + e.getMessage(), e); + } + } + + /** + * 检查文件扩展名是否允许 + * + * @param filename 文件名 + * @return 是否允许 + */ + private boolean isAllowedExtension(String filename) { + if (filename == null || filename.isEmpty()) { + return false; + } + String extension = getFileExtension(filename).toLowerCase(); + return Arrays.stream(ossConfig.getAllowedExtensions()) + .anyMatch(allowed -> allowed.toLowerCase().equals(extension)); + } + + /** + * 获取文件扩展名 + * + * @param filename 文件名 + * @return 扩展名(包含点) + */ + private String getFileExtension(String filename) { + if (filename == null || filename.isEmpty()) { + return ""; + } + int lastDot = filename.lastIndexOf("."); + if (lastDot == -1) { + return ""; + } + return filename.substring(lastDot); + } +} diff --git a/oss-direct-upload-demo/backend/application-oss.yml b/oss-direct-upload-demo/backend/application-oss.yml new file mode 100644 index 0000000..570a3fe --- /dev/null +++ b/oss-direct-upload-demo/backend/application-oss.yml @@ -0,0 +1,32 @@ +# ============================================================ +# 阿里云 OSS 配置片段 +# ============================================================ +# 将以下内容复制到你的 application.yml(或 application-dev.yml)中 +# 所有敏感配置建议使用环境变量,不要硬编码 +# ============================================================ + +aliyun: + oss: + # OSS Endpoint(不带 http:// 前缀) + endpoint: ${OSS_ENDPOINT:oss-cn-hangzhou.aliyuncs.com} + + # 阿里云 AccessKey(建议使用环境变量) + access-key-id: ${OSS_ACCESS_KEY_ID:your-access-key-id} + access-key-secret: ${OSS_ACCESS_KEY_SECRET:your-access-key-secret} + + # Bucket 名称 + bucket-name: ${OSS_BUCKET_NAME:your-bucket-name} + + # 文件最大大小(字节),默认 10MB + max-file-size: ${OSS_MAX_FILE_SIZE:10485760} + + # 前端直传跨域:启动时自动配置 OSS CORS + # 设为 true 时,应用启动会自动调用 OSS API 设置 CORS 规则 + # 设为 false 时,需要在阿里云控制台手动配置 + cors-enabled: ${OSS_CORS_ENABLED:true} + + # CORS 允许的来源,逗号分隔 + # 开发环境:http://localhost:5173,http://localhost:5174 + # 生产环境:https://your-domain.com + # 使用 * 表示允许所有来源(仅建议开发环境) + cors-allowed-origins: ${OSS_CORS_ORIGINS:http://localhost:5173,http://localhost:5174} diff --git a/oss-direct-upload-demo/backend/pom-oss.xml b/oss-direct-upload-demo/backend/pom-oss.xml new file mode 100644 index 0000000..8fd1715 --- /dev/null +++ b/oss-direct-upload-demo/backend/pom-oss.xml @@ -0,0 +1,38 @@ + + + + + + + +
+
+
+
+
+
+
diff --git a/oss-direct-upload-demo/frontend/env.ts b/oss-direct-upload-demo/frontend/env.ts
new file mode 100644
index 0000000..dd14b32
--- /dev/null
+++ b/oss-direct-upload-demo/frontend/env.ts
@@ -0,0 +1,59 @@
+/**
+ * 环境工具函数
+ *
+ * 提供环境相关的配置,用于自动为 OSS 路径添加环境前缀(dev/test/prod)。
+ * 这样不同环境的文件会存储在不同的目录下,互不干扰。
+ */
+
+/**
+ * OSS 环境前缀映射
+ *
+ * 根据你的项目环境变量名修改此映射。
+ * Vite 默认使用 import.meta.env.MODE,值通常为 development / test / production。
+ */
+const OSS_ENV_PREFIX_MAP: Record阿里云 OSS 直传上传 Demo
+ + +
+
+
+
+
+
+
+
+
+ {{ progress }}%
+
+
+
+
+ ![预览]()
+
+
+
+ 上传成功!
+文件路径:{{ result.filePath }}
+文件大小:{{ (result.fileSize / 1024).toFixed(1) }} KB
+
+
+ 上传失败:{{ error }}
+