修正自动登录的bug

src/Masuit.MyBlogs.Core/Controllers/BaseController.cs

@@ -112,11 +112,11 @@ namespace Masuit.MyBlogs.Core.Controllers
                     var userInfo = UserInfoService.Login(name, pwd);
                     if (userInfo != null)
                     {
-                        Response.Cookies.Append("username", name, new CookieOptions()
+                        Response.Cookies.Append("username", name, new CookieOptions
                         {
                             Expires = DateTime.Now.AddDays(7)
                         });
-                        Response.Cookies.Append("password", Request.Cookies["password"].DesEncrypt(AppConfig.BaiduAK), new CookieOptions()
+                        Response.Cookies.Append("password", Request.Cookies["password"], new CookieOptions
                         {
                             Expires = DateTime.Now.AddDays(7)
                         });

src/Masuit.MyBlogs.Core/Controllers/CommentController.cs

@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.Net.Http.Headers;
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
 using System.Text.RegularExpressions;
 
@@ -294,7 +295,7 @@ namespace Masuit.MyBlogs.Core.Controllers
             bool b = CommentService.UpdateEntitySaved(comment);
             var pid = comment.ParentId == 0 ? comment.Id : CommentService.GetParentCommentIdByChildId(id);
 #if !DEBUG
-            string content = System.IO.File.ReadAllText(_hostingEnvironment.WebRootPath + ("template/notify.html")).Replace("{{title}}", post.Title).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{nickname}}", comment.NickName).Replace("{{content}}", comment.Content);
+            string content = System.IO.File.ReadAllText(Path.Combine(_hostingEnvironment.WebRootPath, "template", "notify.html")).Replace("{{title}}", post.Title).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{nickname}}", comment.NickName).Replace("{{content}}", comment.Content);
             var emails = CommentService.GetSelfAndAllChildrenCommentsByParentId(pid).Select(c => c.Email).Distinct().Except(new List<string>()
             {
                 comment.Email,

src/Masuit.MyBlogs.Core/Controllers/MsgController.cs

@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.Net.Http.Headers;
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
 using System.Text.RegularExpressions;
 
@@ -214,7 +215,7 @@ namespace Masuit.MyBlogs.Core.Controllers
             bool b = LeaveMessageService.UpdateEntitySaved(msg);
 #if !DEBUG
             var pid = msg.ParentId == 0 ? msg.Id : LeaveMessageService.GetParentMessageIdByChildId(id);
-            string content = System.IO.File.ReadAllText(_hostingEnvironment.WebRootPath + ("template/notify.html")).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{nickname}}", msg.NickName).Replace("{{content}}", msg.Content);
+            string content = System.IO.File.ReadAllText(Path.Combine(_hostingEnvironment.WebRootPath, "template", "notify.html")).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{nickname}}", msg.NickName).Replace("{{content}}", msg.Content);
             var emails = LeaveMessageService.GetSelfAndAllChildrenMessagesByParentId(pid).Select(c => c.Email).Distinct().Except(new List<string>() { msg.Email }).ToList();
             string link = Url.Action("Index", "Msg", new { cid = pid }, Request.Scheme);
             foreach (var s in emails)

src/Masuit.MyBlogs.Core/Controllers/PassportController.cs

@@ -1,4 +1,5 @@
-using Masuit.MyBlogs.Core.Common;
+using Common;
+using Masuit.MyBlogs.Core.Common;
 using Masuit.MyBlogs.Core.Configs;
 using Masuit.MyBlogs.Core.Extensions.Hangfire;
 using Masuit.MyBlogs.Core.Infrastructure.Services.Interface;
@@ -10,11 +11,11 @@ using Masuit.Tools.AspNetCore.ResumeFileResults.Extensions;
 using Masuit.Tools.Core.Net;
 using Masuit.Tools.Security;
 using Masuit.Tools.Strings;
+using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System;
 using System.Web;
-using Common;
 
 namespace Masuit.MyBlogs.Core.Controllers
 {
@@ -33,15 +34,19 @@ namespace Masuit.MyBlogs.Core.Controllers
         /// </summary>
         public ILoginRecordService LoginRecordService { get; set; }
 
+        private readonly IHostingEnvironment _env;
+
         /// <summary>
         /// 登录授权
         /// </summary>
         /// <param name="userInfoService"></param>
         /// <param name="loginRecordService"></param>
-        public PassportController(IUserInfoService userInfoService, ILoginRecordService loginRecordService)
+        /// <param name="env"></param>
+        public PassportController(IUserInfoService userInfoService, ILoginRecordService loginRecordService, IHostingEnvironment env)
         {
             UserInfoService = userInfoService;
             LoginRecordService = loginRecordService;
+            _env = env;
         }
 
         /// <summary>
@@ -89,7 +94,7 @@ namespace Masuit.MyBlogs.Core.Controllers
                 if (userInfo != null)
                 {
                     Response.Cookies.Append("username", name, new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
-                    Response.Cookies.Append("password", pwd.DesEncrypt(AppConfig.BaiduAK), new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
+                    Response.Cookies.Append("password", Request.Cookies["password"], new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
                     HttpContext.Session.SetByRedis(SessionKey.UserInfo, userInfo);
                     HangfireHelper.CreateJob(typeof(IHangfireBackJob), nameof(HangfireBackJob.LoginRecord), "default", userInfo, HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString(), LoginType.Default);
                     if (string.IsNullOrEmpty(from))
@@ -174,9 +179,10 @@ namespace Masuit.MyBlogs.Core.Controllers
         public ActionResult GetUserInfo()
         {
             UserInfoOutputDto user = HttpContext.Session.GetByRedis<UserInfoOutputDto>(SessionKey.UserInfo);
-#if DEBUG
-            user = UserInfoService.GetByUsername("masuit").Mapper<UserInfoOutputDto>();
-#endif
+            if (_env.IsDevelopment())
+            {
+                user = UserInfoService.GetByUsername("masuit").Mapper<UserInfoOutputDto>();
+            }
             return ResultData(user);
         }
 

src/Masuit.MyBlogs.Core/Controllers/PostController.cs

@@ -837,7 +837,7 @@ namespace Masuit.MyBlogs.Core.Controllers
                     cast.ForEach(c =>
                     {
                         var ts = DateTime.Now.GetTotalMilliseconds();
-                        string content = System.IO.File.ReadAllText(_hostingEnvironment.WebRootPath + ("template/broadcast.html"))
+                        string content = System.IO.File.ReadAllText(Path.Combine(_hostingEnvironment.WebRootPath, "template", "broadcast.html"))
                             .Replace("{{link}}", link + "?email=" + c.Email)
                             .Replace("{{time}}", post.ModifyDate.ToString("yyyy-MM-dd HH:mm:ss"))
                             .Replace("{{title}}", post.Title)

src/Masuit.MyBlogs.Core/Extensions/AuthorityAttribute.cs

@@ -38,7 +38,7 @@ namespace Masuit.MyBlogs.Core.Extensions
                     if (userInfo != null)
                     {
                         filterContext.HttpContext.Response.Cookies.Append("username", name, new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
-                        filterContext.HttpContext.Response.Cookies.Append("password", pwd.DesEncrypt(AppConfig.BaiduAK), new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
+                        filterContext.HttpContext.Response.Cookies.Append("password", filterContext.HttpContext.Request.Cookies["password"], new CookieOptions() { Expires = DateTime.Now.AddDays(7) });
                         filterContext.HttpContext.Session.SetByRedis(SessionKey.UserInfo, userInfo);
                     }
                     else

src/Masuit.MyBlogs.Core/Extensions/FirewallMiddleware.cs

@@ -2,7 +2,6 @@
 using Hangfire;
 using Masuit.MyBlogs.Core.Extensions.Hangfire;
 using Masuit.Tools;
-using Masuit.Tools.Logging;
 using Masuit.Tools.NoSQL;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Net.Http.Headers;
@@ -38,41 +37,34 @@ namespace Masuit.MyBlogs.Core.Extensions
                 return;
             }
 
-            try
+            if (context.Connection.RemoteIpAddress.MapToIPv4().ToString().IsDenyIpAddress())
             {
-                if (context.Connection.RemoteIpAddress.MapToIPv4().ToString().IsDenyIpAddress())
-                {
-                    await context.Response.WriteAsync($"检测到您的IP（{context.Connection.RemoteIpAddress.MapToIPv4()}）异常，已被本站禁止访问，如有疑问，请联系站长！");
-                    BackgroundJob.Enqueue(() => HangfireBackJob.InterceptLog(new IpIntercepter()
-                    {
-                        IP = context.Connection.RemoteIpAddress.MapToIPv4().ToString(),
-                        RequestUrl = context.Request.Host.ToString(),
-                        Time = DateTime.Now
-                    }));
-                    return;
-                }
-                bool isSpider = context.Request.Headers[HeaderNames.UserAgent].ToString().Contains(new[]
+                await context.Response.WriteAsync($"检测到您的IP（{context.Connection.RemoteIpAddress.MapToIPv4()}）异常，已被本站禁止访问，如有疑问，请联系站长！");
+                BackgroundJob.Enqueue(() => HangfireBackJob.InterceptLog(new IpIntercepter()
                 {
+                    IP = context.Connection.RemoteIpAddress.MapToIPv4().ToString(),
+                    RequestUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path,
+                    Time = DateTime.Now
+                }));
+                return;
+            }
+            bool isSpider = context.Request.Headers[HeaderNames.UserAgent].ToString().Contains(new[]
+            {
                 "DNSPod",
                 "Baidu",
                 "spider",
                 "Python",
                 "bot"
             });
-                if (isSpider) return;
-                var times = _redisHelper.StringIncrement("Frequency:" + context.Connection.Id);
-                _redisHelper.Expire("Frequency:" + context.Connection.Id, TimeSpan.FromMinutes(1));
-                if (times > 300)
-                {
-                    await context.Response.WriteAsync($"检测到您的IP（{context.Connection.RemoteIpAddress}）访问过于频繁，已被本站暂时禁止访问，如有疑问，请联系站长！");
-                    return;
-                }
-                await _next.Invoke(context);
-            }
-            catch (Exception e)
+            if (isSpider) return;
+            var times = _redisHelper.StringIncrement("Frequency:" + context.Connection.Id);
+            _redisHelper.Expire("Frequency:" + context.Connection.Id, TimeSpan.FromMinutes(1));
+            if (times > 300)
             {
-                LogManager.Error($"异常源：{e.Source}，异常类型：{e.GetType().Name}，\n请求路径：{context.Request.Scheme}://{context.Request.Host}{context.Request.Path.Value}，客户端用户代理：{context.Request.Headers["User-Agent"]}，客户端IP：{context.Connection.RemoteIpAddress}\t", e);
+                await context.Response.WriteAsync($"检测到您的IP（{context.Connection.RemoteIpAddress}）访问过于频繁，已被本站暂时禁止访问，如有疑问，请联系站长！");
+                return;
             }
+            await _next.Invoke(context);
         }
     }
 }

src/Masuit.MyBlogs.Core/Extensions/Hangfire/HangfireBackJob.cs

@@ -6,6 +6,7 @@ using Masuit.MyBlogs.Core.Models.Enum;
 using Masuit.Tools.Core.Net;
 using Masuit.Tools.NoSQL;
 using Masuit.Tools.Systems;
+using Microsoft.AspNetCore.Hosting;
 using System;
 using System.IO;
 using System.Linq;
@@ -24,8 +25,9 @@ namespace Masuit.MyBlogs.Core.Extensions.Hangfire
         private readonly ILinksService _linksService;
         private readonly RedisHelper _redisHelper;
         private readonly IHttpClientFactory _httpClientFactory;
+        private readonly IHostingEnvironment _hostingEnvironment;
 
-        public HangfireBackJob(IUserInfoService userInfoService, IPostService postService, ISystemSettingService settingService, ISearchDetailsService searchDetailsService, ILinksService linksService, RedisHelper redisHelper, IHttpClientFactory httpClientFactory)
+        public HangfireBackJob(IUserInfoService userInfoService, IPostService postService, ISystemSettingService settingService, ISearchDetailsService searchDetailsService, ILinksService linksService, RedisHelper redisHelper, IHttpClientFactory httpClientFactory, IHostingEnvironment hostingEnvironment)
         {
             _userInfoService = userInfoService;
             _postService = postService;
@@ -34,6 +36,7 @@ namespace Masuit.MyBlogs.Core.Extensions.Hangfire
             _linksService = linksService;
             _redisHelper = redisHelper;
             _httpClientFactory = httpClientFactory;
+            _hostingEnvironment = hostingEnvironment;
         }
 
         public void LoginRecord(UserInfoOutputDto userInfo, string ip, LoginType type)
@@ -54,7 +57,7 @@ namespace Masuit.MyBlogs.Core.Extensions.Hangfire
                 UserInfo u = _userInfoService.GetByUsername(userInfo.Username);
                 u.LoginRecord.Add(record);
                 _userInfoService.UpdateEntitySaved(u);
-                string content = File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "template\\login.html").Replace("{{name}}", u.Username).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{ip}}", record.IP).Replace("{{address}}", record.PhysicAddress);
+                string content = File.ReadAllText(Path.Combine(_hostingEnvironment.WebRootPath, "template", "login.html")).Replace("{{name}}", u.Username).Replace("{{time}}", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).Replace("{{ip}}", record.IP).Replace("{{address}}", record.PhysicAddress);
                 CommonHelper.SendMail(_settingService.GetFirstEntity(s => s.Name.Equals("Title")).Value + "账号登录通知", content, _settingService.GetFirstEntity(s => s.Name.Equals("ReceiveEmail")).Value);
             }
         }

src/Masuit.MyBlogs.Core/Extensions/RequestInterceptMiddleware.cs

@@ -1,8 +1,6 @@
 using Masuit.Tools.Core.Net;
-using Masuit.Tools.Logging;
 using Masuit.Tools.NoSQL;
 using Microsoft.AspNetCore.Http;
-using System;
 using System.Threading.Tasks;
 
 namespace Masuit.MyBlogs.Core.Extensions
@@ -28,19 +26,12 @@ namespace Masuit.MyBlogs.Core.Extensions
 
         public async Task Invoke(HttpContext context)
         {
-            try
+            if (!context.Session.TryGetValue(context.Connection.Id, out _))
             {
-                if (!context.Session.TryGetValue(context.Connection.Id, out _))
-                {
-                    context.Session.Set(context.Connection.Id, context.Connection.Id);
-                    _redisHelper.StringIncrement("Interview:ViewCount");
-                }
-                await _next.Invoke(context);
-            }
-            catch (Exception e)
-            {
-                LogManager.Error($"异常源：{e.Source}，异常类型：{e.GetType().Name}，\n请求路径：{context.Request.Scheme}://{context.Request.Host}{context.Request.Path.Value}，客户端用户代理：{context.Request.Headers["User-Agent"]}，客户端IP：{context.Connection.RemoteIpAddress}\t", e);
+                context.Session.Set(context.Connection.Id, context.Connection.Id);
+                _redisHelper.StringIncrement("Interview:ViewCount");
             }
+            await _next.Invoke(context);
         }
     }
 }