feat: uri encode processing for attachment paths when querying attachments

[FanZeros]

What this PR does?

在上传文件名带有特殊字符（#%）的文件时，在生成链接的过程中，会使用相近的符号代替它们
避免之后在使用或者查看的时候因为转码问题而找不到对应资源

Which issue(s) this PR fixes:

Fixes #1205

Does this PR introduce a user-facing change?

修复附件名包含特殊字符无法访问的问题

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign ruibaby after the PR has been reviewed.
You can assign the PR to them by writing /assign @ruibaby in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[CLAassistant]

All committers have signed the CLA.

[FanZeros]

PS：该改动仅对新上传的内容有效，之前的错误数据并不会被修正

[wan92hen]

将生成链接中的文件名进行 urlencode 似乎更合理一些。

[FanZeros]

将生成链接中的文件名进行 urlencode 似乎更合理一些。

对文件名#% 进行 urlencode 之后，在文章引用的过程中，%会被二次urlencode，导致引用的错误
以至于需要更改更多内容
并且考虑到文件名中的#%并不是那么重要（比起urlencode成%23%25也更好分辨）

[ruibaby]

个人认为这样改可能会有点粗暴，如果说再有另外的字符也会导致此问题怎么办呢。

/cc @halo-dev/sig-halo

[FanZeros]

个人认为这样改可能会有点粗暴，如果说再有另外的字符也会导致此问题怎么办呢。

/cc @halo-dev/sig-halo

根据本人测试以及之前的issue中提到，暂时只发现这两个字符的问题
我觉得可以作为暂定的修复策略

[JohnNiang]

Hi @FanZeros ，如果能够解决这个问题：#1899 ，是不是就可以解决当前 PR 所想要解决的问题了呢。

[guqing]

[guqing]

考虑到兼容性问题，应该在此行对文件名进行 url encoding 处理，即只对返回结果编码

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

可以如下操作

// 将 local 存储的链接中的文件名替换为编码后的文件名
String path = attachmentDTO.getPath()
                .replace(attachmentDTO.getName(), encodeValue(attachmentDTO.getName()));
// ....
// 附件缩略图亦如是
 String basename = FilenameUtils.getBasename(attachmentDTO.getName());
 String extension = FilenameUtils.getExtension(attachmentDTO.getName());
// 得到 thumbail name
 String thumbnailName = String.format("%s-thumbnail%s", basename, extension);
 String thumbnailPath = attachmentDTO.getThumbPath()
      .replace(thumbnailName, encodeValue(thumbnailName));

// ...
 private String encodeValue(String value) {
    return UriUtils.encode(value, StandardCharsets.UTF_8);
}

以上代码中关于缩略图文件名获取的方式需要考虑：后续如果缩略图规则改变不应该影响到此处功能，所以要确保本地上传策略生存缩略图和此处规则一致

[ruibaby]

考虑到兼容性问题，应该在此行对文件名进行 url encoding 处理，即只对返回结果编码

如果后端对此做了修改，那么前端所有编码的位置都需要移除。

[FanZeros]

Hi @FanZeros ，如果能够解决这个问题：#1899 ，是不是就可以解决当前 PR 所想要解决的问题了呢。

对，这应该也是个解决方法

[JohnNiang]

Hi @FanZeros 有兴趣尝试一下这种方法么：#1874 (review)

[FanZeros]

Hi @FanZeros 有兴趣尝试一下这种方法么：#1874 (review)

好的，我研究研究

[FanZeros]

考虑到兼容性问题，应该在此行对文件名进行 url encoding 处理，即只对返回结果编码

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

可以如下操作

// 将 local 存储的链接中的文件名替换为编码后的文件名
String path = attachmentDTO.getPath()
                .replace(attachmentDTO.getName(), encodeValue(attachmentDTO.getName()));
// ....
// 附件缩略图亦如是
 String basename = FilenameUtils.getBasename(attachmentDTO.getName());
 String extension = FilenameUtils.getExtension(attachmentDTO.getName());
// 得到 thumbail name
 String thumbnailName = String.format("%s-thumbnail%s", basename, extension);
 String thumbnailPath = attachmentDTO.getThumbPath()
      .replace(thumbnailName, encodeValue(thumbnailName));

// ...
 private String encodeValue(String value) {
    return UriUtils.encode(value, StandardCharsets.UTF_8);
}

以上代码中关于缩略图文件名获取的方式需要考虑：后续如果缩略图规则改变不应该影响到此处功能，所以要确保本地上传策略生存缩略图和此处规则一致

---

暂时改动是对fullPath进行url encoding 处理，但thumbnailPath 不处理

前端部分进行如下修改：

https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentSelectModal.vue#L262
选择的时候不能二次编码
https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentDetailModal.vue#L66
https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentDetailModal.vue#L80
不能二次编码，不然用户复制的时候会二次编码出错

不过发现一个问题：encodeURI() 不会对#进行编码，但是java的UriUtils.encode() 会对#进行编码
该问题仅会影响带#的预览图
（目前只发现#，不清楚是否会对其他符号生效）

[guqing]

考虑到兼容性问题，应该在此行对文件名进行 url encoding 处理，即只对返回结果编码

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

可以如下操作

// 将 local 存储的链接中的文件名替换为编码后的文件名
String path = attachmentDTO.getPath()
                .replace(attachmentDTO.getName(), encodeValue(attachmentDTO.getName()));
// ....
// 附件缩略图亦如是
 String basename = FilenameUtils.getBasename(attachmentDTO.getName());
 String extension = FilenameUtils.getExtension(attachmentDTO.getName());
// 得到 thumbail name
 String thumbnailName = String.format("%s-thumbnail%s", basename, extension);
 String thumbnailPath = attachmentDTO.getThumbPath()
      .replace(thumbnailName, encodeValue(thumbnailName));

// ...
 private String encodeValue(String value) {
    return UriUtils.encode(value, StandardCharsets.UTF_8);
}

以上代码中关于缩略图文件名获取的方式需要考虑：后续如果缩略图规则改变不应该影响到此处功能，所以要确保本地上传策略生存缩略图和此处规则一致

---

暂时改动是对fullPath进行url encoding 处理，但thumbnailPath 不处理

前端部分进行如下修改：

https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentSelectModal.vue#L262
选择的时候不能二次编码
https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentDetailModal.vue#L66
https://github.com/halo-dev/halo-admin/blob/master/src/components/Attachment/AttachmentDetailModal.vue#L80
不能二次编码，不然用户复制的时候会二次编码出错

不过发现一个问题：encodeURI() 不会对#进行编码，但是java的UriUtils.encode() 会对#进行编码
该问题仅会影响带#的预览图
（目前只发现#，不清楚是否会对其他符号生效）

只需要后端通过 UriUtils.encode() 对文件名部分进行编码即可 然后把前端编码的部分删除统一由后端处理应该就可以解决问题了

[JohnNiang]

Hi @FanZeros ，我的建议也是在构建完整连接的时候，仅对 path 和 thumbnailPath 进行 encode。所有在 halo-admin encodeURL 的地方都需要移除，否则会造成多次 encode，无法正常访问。

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

[FanZeros]

Hi @FanZeros ，我的建议也是在构建完整连接的时候，仅对 path 和 thumbnailPath 进行 encode。所有在 halo-admin encodeURL 的地方都需要移除，否则会造成多次 encode，无法正常访问。

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

嗯，我昨晚在尝试你们说的方法，在得到的缩略图链接处，去除encodeURI之后会在年月的“/”出现奇怪的%
https://github.com/halo-dev/halo-admin/blob/master/src/views/attachment/AttachmentList.vue#L88
Windows下测试，如：

理论值 upload/2022\05\2%23%252甘雨-1652370784582-thumbnail.png
去除后 upload/2022%05%02%23%252甘雨-1652370784582-thumbnail.png
去除前 upload/2022%5C05%5C2%2523%25252%25E7%2594%2598%25E9%259B%25A8-1652370784582-thumbnail.png

以及123.png
去除后 upload/2022%05%C4%A3-thumbnail.png
去除前 upload/2022%5C05%5C123-thumbnail.png

暂不清楚该情况是怎么发生的，还在进一步研究中

[FanZeros]

"upload/2022\05\2"

thumbPath 貌似有点问题

Windows下生成路径中的“\”感觉需要替换成“/”
如果对fullThumbPath进行replace("\", "/")是可以正常运行的

[guqing]

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java
如下图所示，将

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Line 127 in 913002d

attachment.setThumbPath(uploadResult.getThumbPath());

这块attachment.setThumbPath的值写成125行这样即可

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Line 125 in 913002d

attachment.setPath(HaloUtils.changeFileSeparatorToUrlSeparator(uploadResult.getFilePath()));

也就是：

attachment.setThumbPath(HaloUtils.changeFileSeparatorToUrlSeparator(uploadResult.getThumbPath()));

然后根据上面的描述UriUtils.encode处理这里即可

halo/src/main/java/run/halo/app/service/impl/AttachmentServiceImpl.java

Lines 177 to 180 in 913002d

	String fullPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getPath());
	String fullThumbPath = StringUtils
	.join(enabledAbsolutePath ? blogBaseUrl : "", "/", attachmentDTO.getThumbPath());

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign ruibaby after the PR has been reviewed.
You can assign the PR to them by writing /assign @ruibaby in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing, JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang,guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

New changes are detected. LGTM label has been removed.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing, JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang,guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ruibaby]

@FanZeros 好像有 checkstyle 的错误哦 https://github.com/halo-dev/halo/pull/1874/checks

设置方法可以看这个 https://docs.halo.run/developer-guide/core/code-style

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing, JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang,guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing, JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang,guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[JohnNiang]

/lgtm

[ruibaby]

/approve

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing, JohnNiang, ruibaby

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JohnNiang,guqing,ruibaby]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[JohnNiang]

Hi @FanZeros ，非常感谢花时间修复此功能。在最后，请点击 Details 签署一下 Contributor License Agreenment 吧。

签署成功后，PR 会自动合并。

[halo-dev-bot]

@JohnNiang: new pull request created: #2094

In response to this:

/milestone 1.5.x
/cherrypick release-1.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.