*

src/Masuit.MyBlogs.Core/Controllers/BaseController.cs

@@ -18,6 +18,7 @@ using Masuit.Tools.Strings;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Net.Http.Headers;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -274,5 +275,65 @@ namespace Masuit.MyBlogs.Core.Controllers
                 }
             });
         }
+
+        protected void CheckPermission(Post post)
+        {
+            if (CurrentUser.IsAdmin || VisitorTokenValid || Request.IsRobot())
+            {
+                return;
+            }
+
+            var location = Request.Location() + "|" + string.Join("", Request.Headers.Values);
+            switch (post.LimitMode)
+            {
+                case RegionLimitMode.AllowRegion:
+                    if (!location.Contains(post.Regions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
+                    {
+                        Disallow(post);
+                    }
+
+                    break;
+                case RegionLimitMode.ForbidRegion:
+                    if (location.Contains(post.Regions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
+                    {
+                        Disallow(post);
+                    }
+
+                    break;
+                case RegionLimitMode.AllowRegionExceptForbidRegion:
+                    if (location.Contains(post.ExceptRegions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
+                    {
+                        Disallow(post);
+                    }
+
+                    goto case RegionLimitMode.AllowRegion;
+                case RegionLimitMode.ForbidRegionExceptAllowRegion:
+                    if (location.Contains(post.ExceptRegions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
+                    {
+                        break;
+                    }
+
+                    goto case RegionLimitMode.ForbidRegion;
+            }
+        }
+
+        private void Disallow(Post post)
+        {
+            RedisHelper.IncrBy("interceptCount");
+            RedisHelper.LPush("intercept", new IpIntercepter()
+            {
+                IP = ClientIP,
+                RequestUrl = $"//{Request.Host}/{post.Id}",
+                Referer = Request.Headers[HeaderNames.Referer],
+                Time = DateTime.Now,
+                UserAgent = Request.Headers[HeaderNames.UserAgent],
+                Remark = "无权限查看该文章",
+                Address = Request.Location(),
+                HttpVersion = Request.Protocol,
+                Headers = Request.Headers.ToJsonString()
+            });
+            throw new NotFoundException("文章未找到");
+        }
+
     }
 }

src/Masuit.MyBlogs.Core/Controllers/CommentController.cs

@@ -68,6 +68,7 @@ namespace Masuit.MyBlogs.Core.Controllers
             }
 
             Post post = await PostService.GetByIdAsync(cmd.PostId) ?? throw new NotFoundException("评论失败，文章未找到");
+            CheckPermission(post);
             if (post.DisableComment)
             {
                 return ResultData(null, false, "本文已禁用评论功能，不允许任何人回复！");

src/Masuit.MyBlogs.Core/Controllers/PostController.cs

@@ -30,7 +30,6 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
-using Microsoft.Net.Http.Headers;
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
@@ -100,65 +99,6 @@ namespace Masuit.MyBlogs.Core.Controllers
             return View(post);
         }
 
-        private void CheckPermission(Post post)
-        {
-            if (CurrentUser.IsAdmin || VisitorTokenValid || Request.IsRobot())
-            {
-                return;
-            }
-
-            var location = Request.Location() + "|" + string.Join("", Request.Headers.Values);
-            switch (post.LimitMode)
-            {
-                case RegionLimitMode.AllowRegion:
-                    if (!location.Contains(post.Regions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
-                    {
-                        Disallow(post);
-                    }
-
-                    break;
-                case RegionLimitMode.ForbidRegion:
-                    if (location.Contains(post.Regions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
-                    {
-                        Disallow(post);
-                    }
-
-                    break;
-                case RegionLimitMode.AllowRegionExceptForbidRegion:
-                    if (location.Contains(post.ExceptRegions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
-                    {
-                        Disallow(post);
-                    }
-
-                    goto case RegionLimitMode.AllowRegion;
-                case RegionLimitMode.ForbidRegionExceptAllowRegion:
-                    if (location.Contains(post.ExceptRegions.Split(',', StringSplitOptions.RemoveEmptyEntries)))
-                    {
-                        break;
-                    }
-
-                    goto case RegionLimitMode.ForbidRegion;
-            }
-        }
-
-        private void Disallow(Post post)
-        {
-            RedisHelper.IncrBy("interceptCount");
-            RedisHelper.LPush("intercept", new IpIntercepter()
-            {
-                IP = ClientIP,
-                RequestUrl = $"//{Request.Host}/{post.Id}",
-                Referer = Request.Headers[HeaderNames.Referer],
-                Time = DateTime.Now,
-                UserAgent = Request.Headers[HeaderNames.UserAgent],
-                Remark = "无权限查看该文章",
-                Address = Request.Location(),
-                HttpVersion = Request.Protocol,
-                Headers = Request.Headers.ToJsonString()
-            });
-            throw new NotFoundException("文章未找到");
-        }
-
         /// <summary>
         /// 文章历史版本
         /// </summary>

src/Masuit.MyBlogs.Core/Views/Post/Details.cshtml

@@ -364,6 +364,11 @@
             }
         });
         loadingDone();
+        @if(Model.DisableComment) {
+            <text>
+                $(".msg-list article .panel-body a").remove();
+            </text>
+        }
     };
 
     /**

src/Masuit.MyBlogs.Core/Views/Shared/_ArticleListAdvertisement.cshtml

@@ -1,6 +1,6 @@
 @using System.Diagnostics
 @model Masuit.MyBlogs.Core.Models.Entity.Advertisement
-<div class="ibox">
+<div class="ibox wow fadeIn" id="@Stopwatch.GetTimestamp()">
     <div class="ibox-content" id="@Stopwatch.GetTimestamp()">
         <a asp-controller="Advertisement" asp-action="Redirect" asp-route-id="@Model.Id" target="_blank" id="@Stopwatch.GetTimestamp()">
             <h4>