对于一些小平台,小网站,由于开发人员、技术有限,导致开发的一些诸如上传文件或者图片的功能,往往容易被攻击。这里我建议大家使用第三方存储上传内容:
之前给公司开发了一个账号中心的功能,里面包含了头像上传的功能,由于曾经公司服务器被攻击过(原因就是应用包含上传功能,暴露给不法分子利用),所以这次准备把头像存储到七牛。
应用场景:我把邮件、短信、上传头像(图片)这些功能抽象到了coreservice中(是使用servicestack开发的),供其他应用来调用。
这是coreservice代码,直接调七牛存储图片的接口:
1 public enum FileType 2 { 3 AVATAR, 4 CONFIG, 5 PHOTO, 6 KF, 7 } 8 9 [Route("/storage/file", "POST")] 10 public class FileUploadReq 11 { 12 public string FileName { get; set; } 13 public FileType fileType { get; set; } 14 } 15 16 public class FileUploadRes 17 { 18 public bool bRet { get; set; } 19 public string Message { get; set; } 20 public string Key { get; set; } 21 public string HashCode { get; set; } 22 } 23 24 public FileUploadRes Any(FileUploadReq request) 25 { 26 FileUploadRes res = new FileUploadRes(); 27 res.bRet = true; 28 res.Message = "ok"; 29 30 Qiniu.Conf.Config.ACCESS_KEY = System.Configuration.ConfigurationManager.AppSettings["QiniuAccessKey"]; 31 Qiniu.Conf.Config.SECRET_KEY = System.Configuration.ConfigurationManager.AppSettings["QiniuSecretKey"]; 32 33 Stream upStream = null; 34 foreach (var uploadedFile in base.Request.Files) 35 { 36 upStream = uploadedFile.InputStream; 37 //var newFilePath = Path.Combine(targetDir.FullName, uploadedFile.FileName); 38 //uploadedFile.SaveTo(newFilePath); 39 } 40 41 42 string strButketName = ""; 43 switch (request.fileType) 44 { 45 case FileType.AVATAR: 46 strButketName = "avatar6998"; 47 break; 48 case FileType.CONFIG: 49 strButketName = "config6998"; 50 break; 51 case FileType.PHOTO: 52 strButketName = "photo6998"; 53 break; 54 case FileType.KF: 55 strButketName = "kf6998"; 56 break; 57 } 58 59 60 IOClient target = new IOClient(); 61 //string key = NewKey; 62 //PrintLn(key); 63 PutExtra extra = new PutExtra(); // TODO: 初始化为适当的值 64 //extra.MimeType = request.MimeType; 65 //extra.Crc32 = 123; 66 //extra.CheckCrc = CheckCrcType.CHECK; 67 //extra.Params = new System.Collections.Generic.Dictionary<string, string>(); 68 PutPolicy put = new PutPolicy(strButketName + ":" + request.FileName); 69 //TmpFIle file = new TmpFIle(1024 * 10); 70 //target.PutFinished += new EventHandler<PutRet>((o, e) => 71 //{ 72 // file.Del(); 73 // if (e.OK) 74 // { 75 // RSHelper.RSDel(Bucket, file.FileName); 76 // } 77 //}); 78 79 PutRet ret = target.Put(put.Token(), request.FileName, upStream, extra); 80 res.bRet = ret.OK; 81 if (!ret.OK) 82 { 83 res.Message = ret.Response; 84 85 log.ErrorFormat("qiniu upload error [{0}]", ret.Response); 86 log.Error("qiniu exception", ret.Exception); 87 } 88 else 89 { 90 res.Key = ret.key; 91 res.HashCode = ret.Hash; 92 } 93 94 return res; 95 }
这是应用调用:
1 public JsonServiceClient getClient() 2 { 3 string strApiAddr = ConfigurationManager.AppSettings["StrApiAddr"]; 4 return new JsonServiceClient(strApiAddr); 5 } 6 7 public FileUploadDaoRes FileUpload(FileUploadDaoReq model) 8 { 9 FileUploadDaoRes ret = new FileUploadDaoRes(); 10 try 11 { 12 FileUploadReq req = new FileUploadReq(); 13 req.FileName = model.FileName; 14 req.fileType = (FileType)model.fileType; 15 var result = getClient().PostFileWithRequest<FileUploadRes>("storage/file", model.stream, "aaa.jpg", req); 16 if (result.bRet) 17 { 18 ret.bRet = true; 19 ret.Key = result.Key; 20 ret.HashCode = result.HashCode; 21 } 22 else 23 { 24 ret.Message = result.Message; 25 } 26 } 27 catch (Exception ex) 28 { 29 log.ErrorFormat("FileUpload:{0}", ex.Message); 30 ret.Message = ex.Message; 31 } 32 return ret; 33 }
主要是获取图片流,再把图片上传到服务器