3 年之前 · 5254610d99
--- a/src/Masuit.MyBlogs.Core/Controllers/BaseController.cs
+++ b/src/Masuit.MyBlogs.Core/Controllers/BaseController.cs
@@ -53,7 +53,7 @@ namespace Masuit.MyBlogs.Core.Controllers
 
				         /// <summary>
			
 
				         /// 普通访客是否token合法
			
 
				         /// </summary>
			
 
				-        public bool VisitorTokenValid => Request.Cookies["Email"].MDString3(AppConfig.BaiduAK).Equals(Request.Cookies["FullAccessToken"]);
			
 
				+        public bool VisitorTokenValid => Request.Cookies.ContainsKey("FullAccessToken") && Request.Cookies["Email"].MDString(AppConfig.BaiduAK).Equals(Request.Cookies["FullAccessToken"]);
			
 
				 
			
 
				         public int[] HideCategories => Request.GetHideCategories();
			
 
				 
			
--- a/src/Masuit.MyBlogs.Core/Controllers/ErrorController.cs
+++ b/src/Masuit.MyBlogs.Core/Controllers/ErrorController.cs
@@ -167,7 +167,7 @@ namespace Masuit.MyBlogs.Core.Controllers
 
				                 Expires = DateTime.Now.AddYears(1),
			
 
				                 SameSite = SameSiteMode.Lax
			
 
				             });
			
 
				-            Response.Cookies.Append("FullAccessToken", email.MDString3(AppConfig.BaiduAK), new CookieOptions
			
 
				+            Response.Cookies.Append("FullAccessToken", email.MDString(AppConfig.BaiduAK), new CookieOptions
			
 
				             {
			
 
				                 Expires = DateTime.Now.AddYears(1),
			
 
				                 SameSite = SameSiteMode.Lax
			
--- a/src/Masuit.MyBlogs.Core/Extensions/Firewall/FirewallAttribute.cs
+++ b/src/Masuit.MyBlogs.Core/Extensions/Firewall/FirewallAttribute.cs
@@ -29,7 +29,7 @@ public class FirewallAttribute : IAsyncActionFilter
 
				     {
			
 
				         var request = context.HttpContext.Request;
			
 
				         var ip = context.HttpContext.Connection.RemoteIpAddress.ToString();
			
 
				-        var tokenValid = request.Cookies["Email"].MDString3(AppConfig.BaiduAK).Equals(request.Cookies["FullAccessToken"]);
			
 
				+        var tokenValid = request.Cookies.ContainsKey("FullAccessToken") && request.Cookies["Email"].MDString(AppConfig.BaiduAK).Equals(request.Cookies["FullAccessToken"]);
			
 
				 
			
 
				         //黑名单
			
 
				         if (ip.IsDenyIpAddress() && !tokenValid)
			
--- a/src/Masuit.MyBlogs.Core/PrepareStartup.cs
+++ b/src/Masuit.MyBlogs.Core/PrepareStartup.cs
@@ -23,6 +23,7 @@ using System.Text.RegularExpressions;
 
				 using System.Web;
			
 
				 using Collections.Pooled;
			
 
				 using SameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode;
			
 
				+using Microsoft.AspNetCore.Mvc;
			
 
				 
			
 
				 namespace Masuit.MyBlogs.Core
			
 
				 {
			
@@ -135,6 +136,10 @@ namespace Masuit.MyBlogs.Core
 
				 
			
 
				         public static void ConfigureOptions(this IServiceCollection services)
			
 
				         {
			
 
				+            services.Configure<ApiBehaviorOptions>(options =>
			
 
				+            {
			
 
				+                options.SuppressInferBindingSourcesForParameters = true;
			
 
				+            }); //将多个来源绑定到同一个类或参数
			
 
				             services.Configure<CookiePolicyOptions>(options =>
			
 
				             {
			
 
				                 options.MinimumSameSitePolicy = SameSiteMode.Lax;
			
--- a/src/Masuit.MyBlogs.Core/Startup.cs
+++ b/src/Masuit.MyBlogs.Core/Startup.cs
@@ -30,7 +30,6 @@ using SixLabors.ImageSharp.Web.Processors;
 
				 using SixLabors.ImageSharp.Web.Providers;
			
 
				 using System.Net;
			
 
				 using System.Text.RegularExpressions;
			
 
				-using Masuit.Tools.AspNetCore.Extensions;
			
 
				 using Microsoft.IO;
			
 
				 
			
 
				 namespace Masuit.MyBlogs.Core