From ed32b9f1d40881ef8a8866281077a705724509f4 Mon Sep 17 00:00:00 2001
From: zhaojun1998 <root@zhaojun.im>
Date: Sat, 23 Jan 2021 13:42:53 +0800
Subject: [PATCH] =?UTF-8?q?:sparkles:=20=E9=99=90=E5=88=B6=E7=9B=B4?=
 =?UTF-8?q?=E9=93=BE=E4=B8=8D=E5=85=81=E8=AE=B8=E4=B8=8B=E8=BD=BD=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../zfile/controller/home/DirectLinkController.java    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/im/zhaojun/zfile/controller/home/DirectLinkController.java b/src/main/java/im/zhaojun/zfile/controller/home/DirectLinkController.java
index 515d1e4..d7f3420 100644
--- a/src/main/java/im/zhaojun/zfile/controller/home/DirectLinkController.java
+++ b/src/main/java/im/zhaojun/zfile/controller/home/DirectLinkController.java
@@ -1,7 +1,9 @@
 package im.zhaojun.zfile.controller.home;
 
+import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.util.URLUtil;
 import im.zhaojun.zfile.context.DriveContext;
+import im.zhaojun.zfile.exception.NotAllowedDownloadException;
 import im.zhaojun.zfile.model.constant.ZFileConstant;
 import im.zhaojun.zfile.model.dto.FileItemDTO;
 import im.zhaojun.zfile.model.enums.FileTypeEnum;
@@ -17,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
 import java.util.Objects;
 
 /**
+ * 直链 Controller
  * @author Zhao Jun
  */
 @Controller
@@ -33,7 +36,8 @@ public class DirectLinkController {
      * @return  重定向至文件直链
      */
     @GetMapping("/directlink/{driveId}/**")
-    public String directlink(@PathVariable("driveId") Integer driveId, final HttpServletRequest request) {
+    public String directlink(@PathVariable("driveId") Integer driveId,
+                             final HttpServletRequest request) {
         String path = (String) request.getAttribute(
                 HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
         String bestMatchPattern = (String) request.getAttribute(HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE);
@@ -44,6 +48,10 @@ public class DirectLinkController {
             filePath = "/" + filePath;
         }
 
+        if (Objects.equals(FileUtil.getName(filePath), ZFileConstant.PASSWORD_FILE_NAME)) {
+            throw new NotAllowedDownloadException("不允许下载此文件");
+        }
+
         AbstractBaseFileService fileService = driveContext.get(driveId);
         FileItemDTO fileItem = fileService.getFileItem(filePath);