*

src/Masuit.MyBlogs.Core/Controllers/FirewallController.cs

@@ -1,5 +1,4 @@
 using Masuit.MyBlogs.Core.Configs;
-using Masuit.MyBlogs.Core.Extensions;
 using Masuit.MyBlogs.Core.Models.ViewModel;
 using Masuit.Tools.AspNetCore.Mime;
 using Masuit.Tools.AspNetCore.ResumeFileResults.Extensions;
@@ -22,32 +21,17 @@ namespace Masuit.MyBlogs.Core.Controllers
         /// <param name="token"></param>
         /// <returns></returns>
         [HttpPost("/challenge"), AutoValidateAntiforgeryToken]
-        public ActionResult JsChallenge(string token)
+        public ActionResult JsChallenge()
         {
-            if (string.IsNullOrEmpty(token) || token.Length < 20)
-            {
-                return BadRequest("请求token无效");
-            }
-
             try
             {
-                var privateKey = HttpContext.Session.Get<string>("challenge-private-key") ?? throw new NotFoundException("请求私钥无效");
-                var crypto = HttpContext.Session.Get<string>("challenge-value") ?? throw new NotFoundException("请求私钥无效");
-                if (token.RSADecrypt(privateKey) == crypto)
+                HttpContext.Session.Set("js-challenge", 1);
+                Response.Cookies.Append(SessionKey.ChallengeBypass, DateTime.Now.AddSeconds(new Random().Next(60, 86400)).ToString("yyyy-MM-dd HH:mm:ss").AESEncrypt(AppConfig.BaiduAK), new CookieOptions()
                 {
-                    HttpContext.Session.Set("js-challenge", 1);
-                    HttpContext.Session.Remove("challenge-private-key");
-                    HttpContext.Session.Remove("challenge-value");
-                    Response.Cookies.Delete("challenge-key");
-                    Response.Cookies.Append(SessionKey.ChallengeBypass, DateTime.Now.AddSeconds(new Random().Next(60, 86400)).ToString("yyyy-MM-dd HH:mm:ss").AESEncrypt(AppConfig.BaiduAK), new CookieOptions()
-                    {
-                        SameSite = SameSiteMode.Lax,
-                        Expires = DateTime.Now.AddDays(1)
-                    });
-                    return Ok();
-                }
-
-                return BadRequest("token解密失败");
+                    SameSite = SameSiteMode.Lax,
+                    Expires = DateTime.Now.AddDays(1)
+                });
+                return Ok();
             }
             catch
             {

src/Masuit.MyBlogs.Core/Controllers/PostController.cs

@@ -276,6 +276,7 @@ namespace Masuit.MyBlogs.Core.Controllers
             p.Modifier = p.Author;
             p.ModifierEmail = p.Email;
             p.DisableCopy = true;
+            p.Rss = true;
             p = PostService.AddEntitySaved(p);
             if (p == null)
             {
@@ -728,7 +729,6 @@ namespace Masuit.MyBlogs.Core.Controllers
 
             post.Status = Status.Published;
             Post p = post.Mapper<Post>();
-            p.Rss = true;
             p.Modifier = p.Author;
             p.ModifierEmail = p.Email;
             p.IP = ClientIP;

src/Masuit.MyBlogs.Core/Extensions/Firewall/FirewallAttribute.cs

@@ -105,37 +105,39 @@ namespace Masuit.MyBlogs.Core.Extensions.Firewall
 
         private static void Challenge(ActionExecutingContext context, HttpRequest request)
         {
-            if (!context.HttpContext.Session.TryGetValue("js-challenge", out _))
+            if (context.HttpContext.Session.TryGetValue("js-challenge", out _))
             {
-                try
-                {
-                    if (request.Cookies.TryGetValue(SessionKey.ChallengeBypass, out var time) && time.AESDecrypt(AppConfig.BaiduAK).ToDateTime() > DateTime.Now)
-                    {
-                        context.HttpContext.Session.Set("js-challenge", 1);
-                        return;
-                    }
-                }
-                catch
+                return;
+            }
+
+            try
+            {
+                if (request.Cookies.TryGetValue(SessionKey.ChallengeBypass, out var time) && time.AESDecrypt(AppConfig.BaiduAK).ToDateTime() > DateTime.Now)
                 {
-                    context.HttpContext.Response.Cookies.Delete(SessionKey.ChallengeBypass);
+                    context.HttpContext.Session.Set("js-challenge", 1);
+                    return;
                 }
+            }
+            catch
+            {
+                context.HttpContext.Response.Cookies.Delete(SessionKey.ChallengeBypass);
+            }
 
-                var mode = CommonHelper.SystemSettings.GetOrAdd(SessionKey.ChallengeMode, "");
-                if (mode == SessionKey.JSChallenge)
+            var mode = CommonHelper.SystemSettings.GetOrAdd(SessionKey.ChallengeMode, "");
+            if (mode == SessionKey.JSChallenge)
+            {
+                context.Result = new ViewResult()
                 {
-                    context.Result = new ViewResult()
-                    {
-                        ViewName = "/Views/Shared/JSChallenge.cshtml"
-                    };
-                }
+                    ViewName = "/Views/Shared/JSChallenge.cshtml"
+                };
+            }
 
-                if (mode == SessionKey.CaptchaChallenge)
+            if (mode == SessionKey.CaptchaChallenge)
+            {
+                context.Result = new ViewResult()
                 {
-                    context.Result = new ViewResult()
-                    {
-                        ViewName = "/Views/Shared/CaptchaChallenge.cshtml"
-                    };
-                }
+                    ViewName = "/Views/Shared/CaptchaChallenge.cshtml"
+                };
             }
         }
 

src/Masuit.MyBlogs.Core/Masuit.MyBlogs.Core.csproj

@@ -26,7 +26,7 @@
 
     <ItemGroup>
         <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="7.1.0" />
-        <PackageReference Include="AutoMapper.Extensions.ExpressionMapping" Version="4.1.2" />
+        <PackageReference Include="AutoMapper.Extensions.ExpressionMapping" Version="4.1.3" />
         <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="8.1.1" />
         <PackageReference Include="CacheManager.Serialization.Json" Version="1.2.0" />
         <PackageReference Include="CacheManager.StackExchange.Redis" Version="1.2.0" />

src/Masuit.MyBlogs.Core/Program.cs

@@ -18,7 +18,7 @@ namespace Masuit.MyBlogs.Core
     {
         public static void Main(string[] args)
         {
-            if (!"114.114.114.114".GetIPLocation().Contains("114DNS"))
+            if (!"223.5.5.5".GetIPLocation().Contains("阿里"))
             {
                 throw new Exception("IP地址库初始化失败，请重启应用！");
             }

src/Masuit.MyBlogs.Core/Views/Shared/JSChallenge.cshtml

@@ -1,14 +1,7 @@
-@using Masuit.Tools.Core.Net
-@using Masuit.MyBlogs.Core.Common
-@using Masuit.MyBlogs.Core.Views.Shared
-@using Masuit.Tools.Security
+@using Masuit.MyBlogs.Core.Common
 
 @{
     Layout = null;
-    var value = Guid.NewGuid().ToString();
-    var keys = RsaCrypt.GenerateRsaKeys(RsaKeyType.PKCS8);
-    Context.Session.Set("challenge-private-key", keys.PrivateKey);
-    Context.Session.Set("challenge-value", value);
 }
 
 <!DOCTYPE html>
@@ -37,28 +30,22 @@
         @Html.AntiForgeryToken()
     </form>
     <h3>正在检测您的浏览器环境，请稍候，页面将自动刷新......</h3>
-    @(await Html.RenderComponentAsync<JSChallenge>(RenderMode.ServerPrerendered, new{ Token= value.RSAEncrypt(keys.PublicKey)}))
     @Html.Raw(CommonHelper.SystemSettings.GetOrAdd("Scripts", ""))
 </body>
 </html>
-<script src="/_framework/blazor.server.js"></script>
 <script>
-    window.checkBrowser = async function (dotNetHelper) {
-        let token = await dotNetHelper.invokeMethodAsync('GetToken');
-        setTimeout(function () {
-            var formData = new FormData();
-            formData.append("__RequestVerificationToken", document.querySelector("[name='__RequestVerificationToken']").value);
-            formData.append("token", token);
-            window.fetch("/challenge", {
-                credentials: 'include',
-                method: 'POST',
-                mode: 'cors',
-                body: formData
-            }).then(function (response) {
-                location.reload();
-            }).catch(function (e) {
-                alert("页面加载失败，请关闭掉额外的浏览器插件扩展后刷新重试！");
-            });
-        }, 2000);
-    };
+    setTimeout(function () {
+        var formData = new FormData();
+        formData.append("__RequestVerificationToken", document.querySelector("[name='__RequestVerificationToken']").value);
+        window.fetch("/challenge", {
+            credentials: 'include',
+            method: 'POST',
+            mode: 'cors',
+            body: formData
+        }).then(function (response) {
+            location.reload();
+        }).catch(function (e) {
+            alert("页面加载失败，请关闭掉额外的浏览器插件扩展后刷新重试！");
+        });
+    }, 2000);
 </script>

src/Masuit.MyBlogs.Core/Views/Shared/JSChallenge.razor

@@ -1,21 +0,0 @@
-@implements IDisposable
-@inject IJSRuntime JS
-
-@code {
-    [Parameter]
-    public string Token { get; set; }
-    private DotNetObjectReference<JSChallenge> objRef;
-
-    protected override async Task OnAfterRenderAsync(bool firstRender) {
-        objRef = DotNetObjectReference.Create(this);
-        await JS.InvokeAsync<string>("checkBrowser", objRef);
-    }
-
-    [JSInvokable]
-    public string GetToken() =>Token;
-
-    public void Dispose()
-    {
-        objRef?.Dispose();
-    }
-}