From 89975cbb0259f57ad713b07a143806630edeed9d Mon Sep 17 00:00:00 2001 From: bd091 Date: Sun, 7 Dec 2025 01:43:54 +0900 Subject: [PATCH] =?UTF-8?q?=EC=9D=8C....?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/madeu/config/WebConfig.java | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/madeu/config/WebConfig.java b/src/main/java/com/madeu/config/WebConfig.java index 3fd779d..52526a1 100644 --- a/src/main/java/com/madeu/config/WebConfig.java +++ b/src/main/java/com/madeu/config/WebConfig.java @@ -6,10 +6,12 @@ import org.springframework.core.io.Resource; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.resource.PathResourceResolver; +import org.springframework.web.util.UriUtils; import lombok.extern.slf4j.Slf4j; import java.io.IOException; +import java.nio.charset.StandardCharsets; @Slf4j @Configuration @@ -31,30 +33,36 @@ public class WebConfig implements WebMvcConfigurer { @Override protected Resource getResource(String resourcePath, Resource location) throws IOException { log.info("=== Resource 요청 받음 ==="); - log.info("Resource Path: {}", resourcePath); + log.info("원본 Resource Path (인코딩됨): {}", resourcePath); + + // URL 디코딩 처리 (한글 파일명 지원) + String decodedResourcePath = UriUtils.decode(resourcePath, StandardCharsets.UTF_8); + log.info("디코딩된 Resource Path: {}", decodedResourcePath); log.info("Location: {}", location.getURI()); - Resource requestedResource = location.createRelative(resourcePath); - log.info("Requested Resource exists: {}", requestedResource.exists()); - log.info("Requested Resource readable: {}", requestedResource.isReadable()); + Resource requestedResource = location.createRelative(decodedResourcePath); + + boolean exists = requestedResource.exists(); + boolean readable = exists && requestedResource.isReadable(); + log.info("Requested Resource URI: {}", requestedResource.getURI()); + log.info("Requested Resource exists: {}", exists); + log.info("Requested Resource readable: {}", readable); // 보안 검증: 허용된 파일 타입만 - if (requestedResource.exists() && requestedResource.isReadable()) { + if (exists && readable) { boolean allowed = isAllowedResource(requestedResource); log.info("Resource allowed: {}", allowed); if (allowed) { - log.info("✓ 파일 반환 성공: {}", resourcePath); + log.info("✓ 파일 반환 성공: {}", decodedResourcePath); return requestedResource; } else { - log.info("✗ 허용되지 않은 파일 타입: {}", resourcePath); + log.info("✗ 허용되지 않은 파일 타입: {}", decodedResourcePath); } } else { - log.info("✗ 파일 없음 또는 읽을 수 없음: {}", resourcePath); - log.info(" - exists: {}, readable: {}", - requestedResource.exists(), - requestedResource.isReadable()); + log.info("✗ 파일 없음 또는 읽을 수 없음: {}", decodedResourcePath); + log.info(" - exists: {}, readable: {}", exists, readable); } return null;