using Microsoft.AspNetCore.Mvc;
|
using System.IO;
|
|
namespace MESApplication.Controllers
|
{
|
[ApiController]
|
[Route("Attachment")]
|
public class AttachmentController : ControllerBase
|
{
|
// 根目录
|
private readonly string ftpRootPath = @"D:\MES_FTP\IQC";
|
|
[HttpGet("Download")]
|
public IActionResult Download([FromQuery] string itemNo, [FromQuery] string fileName)
|
{
|
if (string.IsNullOrWhiteSpace(itemNo) || string.IsNullOrWhiteSpace(fileName))
|
return BadRequest("物料编码和文件名不能为空");
|
|
// 防止路径穿越攻击
|
var safeItemNo = Path.GetFileName(itemNo.Trim());
|
var safeFileName = Path.GetFileName(fileName.Trim());
|
|
var filePath = Path.Combine(ftpRootPath, safeItemNo, safeFileName);
|
|
if (!System.IO.File.Exists(filePath))
|
return NotFound("文件不存在");
|
|
var contentType = "application/octet-stream";
|
return PhysicalFile(filePath, contentType, safeFileName);
|
}
|
}
|
}
|
