7 years ago · 27d42d194c
--- a/conf/enumerate.go
+++ b/conf/enumerate.go
@@ -234,10 +234,8 @@ func URLForWithCdnImage(p string) string {
 
				 	cdn := beego.AppConfig.DefaultString("cdnimg", "")
			
 
				 	//如果没有设置cdn，则使用baseURL拼接
			
 
				 	if cdn == "" {
			
 
				-		baseUrl := beego.AppConfig.DefaultString("baseurl", "")
			
 
				-		if baseUrl == "" {
			
 
				-			baseUrl = BaseUrl
			
 
				-		}
			
 
				+		baseUrl := beego.AppConfig.DefaultString("baseurl", "/")
			
 
				+
			
 
				 		if strings.HasPrefix(p, "/") && strings.HasSuffix(baseUrl, "/") {
			
 
				 			return baseUrl + p[1:]
			
 
				 		}
			
@@ -267,10 +265,8 @@ func URLForWithCdnCss(p string, v ...string) string {
 
				 	}
			
 
				 	//如果没有设置cdn，则使用baseURL拼接
			
 
				 	if cdn == "" {
			
 
				-		baseUrl := beego.AppConfig.DefaultString("baseurl", "")
			
 
				-		if baseUrl == "" {
			
 
				-			baseUrl = BaseUrl
			
 
				-		}
			
 
				+		baseUrl := beego.AppConfig.DefaultString("baseurl", "/")
			
 
				+
			
 
				 		if strings.HasPrefix(p, "/") && strings.HasSuffix(baseUrl, "/") {
			
 
				 			return baseUrl + p[1:]
			
 
				 		}
			
@@ -302,10 +298,8 @@ func URLForWithCdnJs(p string, v ...string) string {
 
				 
			
 
				 	//如果没有设置cdn，则使用baseURL拼接
			
 
				 	if cdn == "" {
			
 
				-		baseUrl := beego.AppConfig.DefaultString("baseurl", "")
			
 
				-		if baseUrl == "" {
			
 
				-			baseUrl = BaseUrl
			
 
				-		}
			
 
				+		baseUrl := beego.AppConfig.DefaultString("baseurl", "/")
			
 
				+
			
 
				 		if strings.HasPrefix(p, "/") && strings.HasSuffix(baseUrl, "/") {
			
 
				 			return baseUrl + p[1:]
			
 
				 		}
			
--- a/controllers/AccountController.go
+++ b/controllers/AccountController.go
@@ -12,6 +12,7 @@ import (
 
				 	"github.com/lifei6671/mindoc/conf"
			
 
				 	"github.com/lifei6671/mindoc/models"
			
 
				 	"github.com/lifei6671/mindoc/utils"
			
 
				+	"html/template"
			
 
				 )
			
 
				 
			
 
				 // AccountController 用户登录与注册
			
@@ -19,9 +20,39 @@ type AccountController struct {
 
				 	BaseController
			
 
				 }
			
 
				 
			
 
				+func (c *AccountController) Prepare() {
			
 
				+	c.BaseController.Prepare()
			
 
				+	c.EnableXSRF = true
			
 
				+	c.Data["xsrfdata"]=template.HTML(c.XSRFFormHTML())
			
 
				+	if c.Ctx.Input.IsPost() {
			
 
				+		token := c.Ctx.Input.Query("_xsrf")
			
 
				+		if token == "" {
			
 
				+			token = c.Ctx.Request.Header.Get("X-Xsrftoken")
			
 
				+		}
			
 
				+		if token == "" {
			
 
				+			token = c.Ctx.Request.Header.Get("X-Csrftoken")
			
 
				+		}
			
 
				+		if token == "" {
			
 
				+			if c.IsAjax() {
			
 
				+				c.JsonResult(403,"非法请求")
			
 
				+			} else {
			
 
				+				c.ShowErrorPage(403, "非法请求")
			
 
				+			}
			
 
				+		}
			
 
				+		xsrfToken := c.XSRFToken()
			
 
				+		if xsrfToken != token {
			
 
				+			if c.IsAjax() {
			
 
				+				c.JsonResult(403,"非法请求")
			
 
				+			} else {
			
 
				+				c.ShowErrorPage(403, "非法请求")
			
 
				+			}
			
 
				+		}
			
 
				+	}
			
 
				+}
			
 
				 // Login 用户登录
			
 
				 func (c *AccountController) Login() {
			
 
				 	c.Prepare()
			
 
				+
			
 
				 	c.TplName = "account/login.tpl"
			
 
				 
			
 
				 	if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 {
			
--- a/views/account/find_password_setp1.tpl
+++ b/views/account/find_password_setp1.tpl
@@ -34,6 +34,7 @@
 
				     <div class="row login">
			
 
				         <div class="login-body">
			
 
				             <form role="form" method="post" id="findPasswordForm">
			
 
				+            {{ .xsrfdata }}
			
 
				                 <h3 class="text-center">找回密码</h3>
			
 
				                 <div class="form-group">
			
 
				                     <div class="input-group">
			
--- a/views/account/find_password_setp2.tpl
+++ b/views/account/find_password_setp2.tpl
@@ -34,6 +34,7 @@
 
				     <div class="row login">
			
 
				         <div class="login-body">
			
 
				             <form role="form" method="post" id="findPasswordForm" action="{{urlfor "AccountController.ValidEmail"}}">
			
 
				+            {{ .xsrfdata }}
			
 
				                 <input type="hidden" name="token" value="{{.Token}}">
			
 
				                 <input type="hidden" name="mail" value="{{.Email}}">
			
 
				                 <h3 class="text-center">找回密码</h3>
			
--- a/views/account/login.tpl
+++ b/views/account/login.tpl
@@ -29,6 +29,7 @@
 
				     <div class="row login">
			
 
				         <div class="login-body">
			
 
				             <form role="form" method="post">
			
 
				+            {{ .xsrfdata }}
			
 
				                 <h3 class="text-center">用户登录</h3>
			
 
				                 <div class="form-group">
			
 
				                     <div class="input-group">
			
--- a/views/account/register.tpl
+++ b/views/account/register.tpl
@@ -34,6 +34,7 @@
 
				     <div class="row login">
			
 
				         <div class="login-body">
			
 
				             <form role="form" method="post" id="registerForm">
			
 
				+            {{ .xsrfdata }}
			
 
				                 <h3 class="text-center">用户注册</h3>
			
 
				                 <div class="form-group">
			
 
				                     <div class="input-group">