From 6ae0f97f9ac93b9a3b701960f6e7254b6edd1656 Mon Sep 17 00:00:00 2001
From: Jerry Yan <792602257@qq.com>
Date: Sat, 30 Nov 2024 18:17:51 +0800
Subject: [PATCH] UserShare

---
 app/custom/controller/api/Upload.php          | 119 ++++++++++++++++++
 .../src/controller/api/auth/UserShare.php     |   4 +-
 .../src/view/user_share/index.html            |   2 +-
 3 files changed, 121 insertions(+), 4 deletions(-)
 create mode 100644 app/custom/controller/api/Upload.php

diff --git a/app/custom/controller/api/Upload.php b/app/custom/controller/api/Upload.php
new file mode 100644
index 0000000..203812c
--- /dev/null
+++ b/app/custom/controller/api/Upload.php
@@ -0,0 +1,119 @@
+<?php
+
+namespace app\custom\controller\api;
+
+use think\admin\Controller;
+use think\admin\Storage;
+use think\admin\storage\LocalStorage;
+use think\exception\HttpResponseException;
+use think\file\UploadedFile;
+
+class Upload extends Controller
+{
+
+    /**
+     * 文件上传入口
+     * @throws \think\admin\Exception
+     */
+    public function file()
+    {
+        // 开始处理文件上传
+        $file = $this->getFile();
+        $extension = strtolower($file->getOriginalExtension());
+        $saveFileName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file');
+        // 检查文件名称是否合法
+        if (strpos($saveFileName, '..') !== false) {
+            $this->error('文件路径不能出现跳级操作！');
+        }
+        // 检查文件后缀是否被恶意修改
+        if (strtolower(pathinfo(parse_url($saveFileName, PHP_URL_PATH), PATHINFO_EXTENSION)) !== $extension) {
+            $this->error('文件后缀异常，请重新上传文件！');
+        }
+        // 屏蔽禁止上传指定后缀的文件
+        if (!in_array($extension, str2arr(sysconf('storage.allow_exts|raw')))) {
+            $this->error('文件类型受限，请在后台配置规则！');
+        }
+        if (in_array($extension, ['sh', 'asp', 'bat', 'cmd', 'exe', 'php'])) {
+            $this->error('文件安全保护，禁止上传可执行文件！');
+        }
+        try {
+            $safeMode = $this->getSafe();
+            if (($type = $this->getType()) === 'local') {
+                $local = LocalStorage::instance();
+                $distName = $local->path($saveFileName, $safeMode);
+                if (PHP_SAPI === 'cli') {
+                    is_dir(dirname($distName)) || mkdir(dirname($distName), 0777, true);
+                    rename($file->getPathname(), $distName);
+                } else {
+                    $file->move(dirname($distName), basename($distName));
+                }
+                $info = $local->info($saveFileName, $safeMode, $file->getOriginalName());
+                if (in_array($extension, ['jpg', 'gif', 'png', 'bmp', 'jpeg', 'wbmp'])) {
+                    [$width, $height] = getimagesize($distName);
+                    if (($width < 1 || $height < 1) && $local->del($saveFileName)) {
+                        $this->error('读取图片的尺寸失败！');
+                    }
+                }
+            } else {
+                $bina = file_get_contents($file->getPathname());
+                $info = Storage::instance($type)->set($saveFileName, $bina, $safeMode, $file->getOriginalName());
+            }
+            if (isset($info['url'])) {
+                $this->success('文件上传成功！', ['url' => $safeMode ? $saveFileName : $info['url']]);
+            } else {
+                $this->error('文件处理失败，请稍候再试！');
+            }
+        } catch (HttpResponseException $exception) {
+            throw $exception;
+        } catch (\Exception $exception) {
+            trace_file($exception);
+            $this->error($exception->getMessage());
+        }
+    }
+
+    /**
+     * 获取上传类型
+     * @return boolean
+     */
+    private function getSafe(): bool
+    {
+        return boolval(input('safe', '0'));
+    }
+
+    /**
+     * 获取上传方式
+     * @return string
+     * @throws \think\admin\Exception
+     */
+    private function getType(): string
+    {
+        $type = strtolower(input('uptype', ''));
+        if (in_array($type, array_keys(Storage::types()))) {
+            return $type;
+        } else {
+            return strtolower(sysconf('storage.type|raw'));
+        }
+    }
+
+    /**
+     * 获取文件对象
+     * @return UploadedFile|void
+     */
+    private function getFile(): UploadedFile
+    {
+        try {
+            $file = $this->request->file('file');
+            if ($file instanceof UploadedFile) {
+                return $file;
+            } else {
+                $this->error('读取临时文件失败！');
+            }
+        } catch (HttpResponseException $exception) {
+            throw $exception;
+        } catch (\Exception $exception) {
+            trace_file($exception);
+            $this->error(lang($exception->getMessage()));
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/plugs/think-plugs-ticket/src/controller/api/auth/UserShare.php b/plugs/think-plugs-ticket/src/controller/api/auth/UserShare.php
index cf72d72..e4284ba 100644
--- a/plugs/think-plugs-ticket/src/controller/api/auth/UserShare.php
+++ b/plugs/think-plugs-ticket/src/controller/api/auth/UserShare.php
@@ -32,15 +32,13 @@ class UserShare extends Auth
         $data = $this->_vali([
             'title.default' => '用户随手拍',
             'content.require' => '内容不能为空',
-            'imgs.default' => [],
-            'imgs.array' => '图片异常',
+            'imgs.default' => '',
             'type_id.require' => '类型不能为空',
             'contact_phone.require' => '手机号不能为空',
             'ticket_region.require' => '地址不能为空',
             'ticket_address.require' => '地址不能为空',
             'contact_name.default' => $this->account->user() ? $this->account->user()['nickname'] : '用户',
         ]);
-        $data['imgs'] = str2arr($data['imgs'], '|');
         $data['user_id'] = $this->usid;
         $id = TicketUserShare::query()->insert($data, true);
         $this->success('添加随手拍成功', $id);
diff --git a/plugs/think-plugs-ticket/src/view/user_share/index.html b/plugs/think-plugs-ticket/src/view/user_share/index.html
index a771caf..2b523f9 100644
--- a/plugs/think-plugs-ticket/src/view/user_share/index.html
+++ b/plugs/think-plugs-ticket/src/view/user_share/index.html
@@ -8,7 +8,7 @@
     <div class="layui-row">
         <div class="layui-col">
             <div class="article_list think-bg-white">
-                {include file='ticket/index_search'}
+                {include file='user_share/index_search'}
                 <table class="layui-hide" data-url="{$request->url()}" data-target-search="form.form-search" id="userShareTable" lay-filter="userShareTable"></table>
             </div>
         </div>