项目需求:需要部署一个文件预览服务,需要做到鼠标右键禁用、下载和打印功能可控、水印定制化。
准备材料(以下是我使用的版本):
将jdk的jar包上传到linux,进行解压
tar -zxvf jdk-8u361-linux-x64.tar.gz
解压后修改系统配置
vi /etc/profile
在配置文件的最后面追加这几行
export JAVA_HOME=/opt/kkFileView/jdk1.8 #修改这个地方为自己的解压文件
export CLASSPATH=.:${JAVA_HOME}/jre/lib/rt.jar:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar
export PATH=$PATH:${JAVA_HOME}/bin
启用配置
source /etc/profile
查看是否安装成功
java -version
上传并解压openOffice
tar -zxvf Apache_OpenOffice_4.1.8_Linux_x86-64_install-rpm_zh-CN.tar.gz
cd zh-CN/
cd RPMS/
rpm -Uvh *.rpm desktop-integration/openoffice4.1.8-redhat-menus-4.1.8-9803.noarch.rpm
然后启动openOffice
cd /opt/openoffice4/program/
soffice -headless -accept="socket,host=127.0.0.1,port=8100;urp;" -nofirststartwizard &
可能会出现各种缺少文件的报错,可以把之前下载的压缩包里面的文件放在/opt/openoffice4/program
error while loading shared libraries: libXext.so.6: cannot open shared object file: No such file or direc
error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or direc
还有可能有这种报错
no suitable windowing system found, exiting.
解决办法
yum groupinstall "X Window System"
再次启动,查看是否成功
netstat -tunlp | grep 8100
下载kkFileView代码,代码地址https://gitee.com/kekingcn/file-online-preview
修改系统配置
server.port = 8012
server.servlet.context-path= ${KK_CONTEXT_PATH:/}
server.servlet.encoding.charset = utf-8
#文件上传限制
spring.servlet.multipart.max-file-size=500MB
spring.servlet.multipart.max-request-size=500MB
## Freemarker 配置
spring.freemarker.template-loader-path = classpath:/web/
spring.freemarker.cache = false
spring.freemarker.charset = UTF-8
spring.freemarker.check-template-location = true
spring.freemarker.content-type = text/html
spring.freemarker.expose-request-attributes = true
spring.freemarker.expose-session-attributes = true
spring.freemarker.request-context-attribute = request
spring.freemarker.suffix = .ftl
# office-plugin
## office转换服务的进程数,默认开启两个进程
#office.plugin.server.ports = 2001,2002
## office 转换服务 task 超时时间,默认五分钟
office.plugin.task.timeout = 5m
#预览生成资源路径(默认为打包根路径下的file目录下)
#file.dir = D:\\kkFileview\\
file.dir = ${KK_FILE_DIR:default}
#允许预览的本地文件夹 默认不允许任何本地文件被预览
#file.dir = D:\\kkFileview\\
local.preview.dir = /opt/openoffice4
#openoffice home路径
#office.home = C:\\Program Files (x86)\\OpenOffice 4
office.home = ${KK_OFFICE_HOME:default}
#缓存实现类型,不配默认为内嵌RocksDB(type = default)实现,可配置为redis(type = redis)实现(需要配置spring.redisson.address等参数)和 JDK 内置对象实现(type = jdk),
cache.type = ${KK_CACHE_TYPE:jdk}
#redis连接,只有当cache.type = redis时才有用
spring.redisson.address = ${KK_SPRING_REDISSON_ADDRESS:127.0.0.1:6379}
spring.redisson.password = ${KK_SPRING_REDISSON_PASSWORD:}
#缓存是否自动清理 true 为开启,注释掉或其他值都为关闭
cache.clean.enabled = ${KK_CACHE_CLEAN_ENABLED:true}
#缓存自动清理时间,cache.clean.enabled = true时才有用,cron表达式,基于Quartz cron
cache.clean.cron = ${KK_CACHE_CLEAN_CRON:0 0 3 * * ?}
#######################################可在运行时动态配置#######################################
#提供预览服务的地址,默认从请求url读,如果使用nginx等反向代理,需要手动设置
#base.url = https://file.keking.cn
base.url = ${KK_BASE_URL:default}
#信任站点,多个用','隔开,设置了之后,会限制只能预览来自信任站点列表的文件,默认不限制
#trust.host = file.keking.cn,kkfileview.keking.cn
trust.host = ${KK_TRUST_HOST:0.0.0.1} #设置自己文件的站点为信任站点
#是否启用缓存
cache.enabled = ${KK_CACHE_ENABLED:true}
#文本类型,默认如下,可自定义添加
simText = ${KK_SIMTEXT:txt,xlsx,html,htm,asp,jsp,xml,json,properties,md,gitignore,log,java,py,c,cpp,sql,sh,bat,m,bas,prg,cmd}
#多媒体类型,默认如下,可自定义添加
media = ${KK_MEDIA:mp3,wav,mp4,flv}
#是否开启多媒体类型转视频格式转换,目前可转换视频格式有:avi,mov,wmv,3gp,rm
#请谨慎开启此功能,建议异步调用添加到处理队列,并且增加任务队列处理线程,防止视频转换占用完线程资源,转换比较耗费时间,并且控制了只能串行处理转换任务
media.convert.disable = ${KK_MEDIA_CONVERT_DISABLE:false}
#支持转换的视频类型
convertMedias = ${KK_CONVERTMEDIAS:avi,mov,wmv,mkv,3gp,rm}
#office类型文档(word ppt)样式,默认为图片(image),可配置为pdf(预览时也有按钮切换)
office.preview.type = ${KK_OFFICE_PREVIEW_TYPE:image}
#是否关闭office预览切换开关,默认为false,可配置为true关闭
office.preview.switch.disabled = ${KK_OFFICE_PREVIEW_SWITCH_DISABLED:false}
#是否禁止演示模式
pdf.presentationMode.disable = ${KK_PDF_PRESENTATION_MODE_DISABLE:true}
#是否禁止打开文件
pdf.openFile.disable = ${KK_PDF_OPEN_FILE_DISABLE:true}
#是否禁止打印转换生成的pdf文件
pdf.print.disable = ${KK_PDF_PRINT_DISABLE:false}
#是否禁止下载转换生成的pdf文件
pdf.download.disable = ${KK_PDF_DOWNLOAD_DISABLE:false}
#是否禁止bookmark
pdf.bookmark.disable = ${KK_PDF_BOOKMARK_DISABLE:true}
#是否禁用首页文件上传
file.upload.disable = ${KK_FILE_UPLOAD_ENABLED:false}
#预览源为FTP时 FTP用户名,可在ftp url后面加参数ftp.username=ftpuser指定,不指定默认用配置的
ftp.username = ${KK_FTP_USERNAME:ftpuser}
#预览源为FTP时 FTP密码,可在ftp url后面加参数ftp.password=123456指定,不指定默认用配置的
ftp.password = ${KK_FTP_PASSWORD:123456}
#预览源为FTP时, FTP连接默认ControlEncoding(根据FTP服务器操作系统选择,Linux一般为UTF-8,Windows一般为GBK),可在ftp url后面加参数ftp.control.encoding=UTF-8指定,不指定默认用配置的
ftp.control.encoding = ${KK_FTP_CONTROL_ENCODING:UTF-8}
#水印内容
#例:watermark.txt = ${WATERMARK_TXT:凯京科技内部文件,严禁外泄}
#如需取消水印,内容设置为空即可,例:watermark.txt = ${WATERMARK_TXT:}
watermark.txt = ${WATERMARK_TXT:}
#水印x轴间隔
watermark.x.space = ${WATERMARK_X_SPACE:10}
#水印y轴间隔
watermark.y.space = ${WATERMARK_Y_SPACE:10}
#水印字体
watermark.font = ${WATERMARK_FONT:微软雅黑}
#水印字体大小
watermark.fontsize = ${WATERMARK_FONTSIZE:18px}
#水印字体颜色
watermark.color = ${WATERMARK_COLOR:black}
#水印透明度,要求设置在大于等于0.005,小于1
watermark.alpha = ${WATERMARK_ALPHA:0.2}
#水印宽度
watermark.width = ${WATERMARK_WIDTH:180}
#水印高度
watermark.height = ${WATERMARK_HEIGHT:80}
#水印倾斜度数,要求设置在大于等于0,小于90
watermark.angle = ${WATERMARK_ANGLE:10}
#Tif类型图片浏览模式:tif(利用前端js插件浏览);jpg(转换为jpg后前端显示);pdf(转换为pdf后显示,便于打印)
tif.preview.type = ${KK_TIF_PREVIEW_TYPE:tif}
部分代码需要修改
public static String getHomePath() {
String userDir = System.getenv("KKFILEVIEW_BIN_FOLDER");
// userDir = "D:\\kkFileView\\kkfileview\\file-online-preview";
if (userDir == null) {
userDir = System.getProperty("user.dir");
}
if (userDir.endsWith("bin")) {
userDir = userDir.substring(0, userDir.length() - 4);
} else {
String separator = File.separator;
if (userDir.contains(MAIN_DIRECTORY_NAME)) {
userDir = userDir + separator + "src" + separator + "main";
} else {
userDir = userDir + separator + MAIN_DIRECTORY_NAME + separator + "src" + separator + "main";
}
}
return userDir;
}
为禁止右键,需要修改viewer.html文件,末尾加上如下代码
<div id="printContainer"></div>
</body>
<script>
document.oncontextmenu = function(){
return false;
}
</script>
</html>
为了实现定制化开发,实现水印,是否可下载等,修改setFileAttribute代码
private void setFileAttribute(ServletRequest request) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
request.setAttribute("pdfPresentationModeDisable", ConfigConstants.getPdfPresentationModeDisable());
request.setAttribute("pdfOpenFileDisable", ConfigConstants.getPdfOpenFileDisable());
//是否可打印
String print = request.getParameter("fileParam1");
if (StringUtils.isNotBlank(print)) {
request.setAttribute("pdfPrintDisable", print);
} else {
request.setAttribute("pdfPrintDisable", ConfigConstants.getPdfPrintDisable());
}
//是否可下载
String disable = request.getParameter("fileParam2");
if (StringUtils.isNotBlank(disable)) {
request.setAttribute("pdfDownloadDisable", disable);
} else {
request.setAttribute("pdfDownloadDisable", ConfigConstants.getPdfDownloadDisable());
}
//水印内容
String watermark = request.getParameter("watermark");
if (StringUtils.isNotBlank(watermark)) {
request.setAttribute("watermarkTxt", watermark);
}
//预览方式
String officePreviewType = request.getParameter("previewType");
if (StringUtils.isNotBlank(watermark)) {
request.setAttribute("officePreviewType", officePreviewType);
}
request.setAttribute("pdfBookmarkDisable", ConfigConstants.getPdfBookmarkDisable());
request.setAttribute("fileKey", httpRequest.getParameter("fileKey"));
request.setAttribute("switchDisabled", ConfigConstants.getOfficePreviewSwitchDisabled());
request.setAttribute("fileUploadDisable", ConfigConstants.getFileUploadDisable());
}
kkfileview4.0.0存在一些漏洞,允许上传任意类型文件,容易被攻击,需要修改fileUpload方法,加上下面的代码
String fileType= "";
int i = fileName.lastIndexOf('.');
if (i > 0) {
fileType= fileName.substring(i+1);
fileType= fileType.toLowerCase();
}
if (fileType.length() == 0 || fileType.equals("dll") || fileType.equals("exe") || fileType.equals("msi") || fileType.equals("html") ){
return ReturnResponse.failure(fileName+"不允许上传的文件");
}
并且该版本存在ssrf漏洞,修改下面方法,对配置文件中没有配置的信任站点进行过滤
@Bean
public FilterRegistrationBean<TrustHostFilter> getTrustHostFilter() {
Set<String> filterUri = new HashSet<>();
// filterUri.add("/onlinePreview");
// filterUri.add("/picturesPreview");
filterUri.add("/*");
TrustHostFilter filter = new TrustHostFilter();
FilterRegistrationBean<TrustHostFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(filter);
registrationBean.setUrlPatterns(filterUri);
return registrationBean;
}
使用maven进行打包,将server\target文件夹下的kkFileView-4.1.0-SNAPSHOT.tar.gz上传并解压,
cd bin/
bash startup.sh #启动
bash showlog.sh #查看日志
bash shutdown.sh #关闭
预览时可能存在中文乱码现象
mkdir -p /usr/share/fonts/chinese
chmod -R 755 /usr/share/fonts/chinese
将C:\Windows\Fonts里面的字体都传到/usr/share/fonts/chinese中再分别执行下面的命令
mkfontscale
mkfontdir
fc-cache
若提示命令不存在则先执行再执行上述命令
yum install -y mkfontscale
yum install -y fontconfig
最后重启kkfileview