wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2025-12-06 17:23:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

【优化】移除后台登录默认记录账号密码功能。

Browse Source 
【修复】修复前端提交数据可能存在风险的校验。
This commit is contained in:
jianweie code
2023-08-12 16:52:39 +08:00
parent 2f66261c0e
commit e3115be3f6
4 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CoreCms.Net.Auth/AuthorizationSetup.cs
View File

@@ -41,7 +41,7 @@ namespace CoreCms.Net.Auth
#region #region
//读取配置文件 //读取配置文件
var symmetricKeyAsBase64 = AppSettingsConstVars.JwtConfigSecretKey; var symmetricKeyAsBase64 = AppSettingsHelper.GetMachineRandomKey(AppSettingsConstVars.JwtConfigSecretKey);
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64); var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray); var signingKey = new SymmetricSecurityKey(keyByteArray);
var issuer = AppSettingsConstVars.JwtConfigIssuer; var issuer = AppSettingsConstVars.JwtConfigIssuer;

7
CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
View File

@@ -481,6 +481,13 @@ namespace CoreCms.Net.Services
} }
var billPayments = result.data as CoreCmsBillPayments; var billPayments = result.data as CoreCmsBillPayments;
if (billPayments.money < 0)
{
jm.msg = "支付金额异常!";
return jm;
}
//根据支付方式返回支付配置 //根据支付方式返回支付配置
//微信支付 //微信支付
if (paymentCode == GlobalEnumVars.PaymentsTypes.wechatpay.ToString()) if (paymentCode == GlobalEnumVars.PaymentsTypes.wechatpay.ToString())

24
CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
View File

@@ -108,7 +108,11 @@ namespace CoreCms.Net.Services
public async Task<WebApiCallBack> SetCartNum(int id, int nums, int userId, int numType, int type = 1) public async Task<WebApiCallBack> SetCartNum(int id, int nums, int userId, int numType, int type = 1)
{ {
var jm = new WebApiCallBack(); var jm = new WebApiCallBack();
if (nums <= 0)
{
jm.msg = "商品数量必须为正整数";
return jm;
}
if (userId == 0) if (userId == 0)
{ {
jm.msg = "用户信息获取失败"; jm.msg = "用户信息获取失败";
@@ -187,12 +191,12 @@ namespace CoreCms.Net.Services
var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>(); var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
//获取数据 //获取数据
if (nums == 0) if (nums <= 0)
{ {
jm.msg = "请选择货品数量"; jm.msg = "请选择货品数量";
return jm; return jm;
} }
if (productId == 0) if (productId <= 0)
{ {
jm.msg = "请选择货品"; jm.msg = "请选择货品";
return jm; return jm;
@@ -260,7 +264,7 @@ namespace CoreCms.Net.Services
{ {
if (checkOrder.TotalUserOrders + nums > promotionsModel.maxNums) if (checkOrder.TotalUserOrders + nums > promotionsModel.maxNums)
{ {
jm.data = 15611;; jm.data = 15611; ;
jm.msg = GlobalErrorCodeVars.Code15611; jm.msg = GlobalErrorCodeVars.Code15611;
return jm; return jm;
} }
@@ -428,6 +432,9 @@ namespace CoreCms.Net.Services
{ {
var jm = new WebApiCallBack() { methodDescription = "获取购物车原始列表(未核算)" }; var jm = new WebApiCallBack() { methodDescription = "获取购物车原始列表(未核算)" };
//强制过滤一遍,防止出现可以造假数据
await _dal.DeleteAsync(p => p.userId == userId && p.nums <= 0);
using var container = _serviceProvider.CreateScope(); using var container = _serviceProvider.CreateScope();
var productsService = container.ServiceProvider.GetService<ICoreCmsProductsServices>(); var productsService = container.ServiceProvider.GetService<ICoreCmsProductsServices>();
var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>(); var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
@@ -460,6 +467,13 @@ namespace CoreCms.Net.Services
await _dal.DeleteAsync(item); await _dal.DeleteAsync(item);
continue; continue;
} }
//商品金额设置为0就从购物车里面删除
if (productInfo.price <= 0)
{
await _dal.DeleteAsync(item);
continue;
}
//获取重量 //获取重量
var goodsWeight = await goodsServices.GetWeight(item.productId); var goodsWeight = await goodsServices.GetWeight(item.productId);
@@ -799,7 +813,7 @@ namespace CoreCms.Net.Services
public async Task<WebApiCallBack> CartPoint(CartDto cartDto, int userId, int point) public async Task<WebApiCallBack> CartPoint(CartDto cartDto, int userId, int point)
{ {
var jm = new WebApiCallBack() { status = true }; var jm = new WebApiCallBack() { status = true };
if (point != 0) if (point > 0)
{ {
var user = await _userServices.QueryByClauseAsync(p => p.id == userId); var user = await _userServices.QueryByClauseAsync(p => p.id == userId);
if (user.point < point) if (user.point < point)

16
CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
View File

@@ -43,11 +43,6 @@
<input type="password" name="password" id="LAY-user-login-password" lay-verType="tips" lay-verify="required" placeholder="密码" class="form-control"> <input type="password" name="password" id="LAY-user-login-password" lay-verType="tips" lay-verify="required" placeholder="密码" class="form-control">
</div> </div>
</div> </div>
<div class="col-sm-12 mb-2">
<div class="form-group">
<input type="checkbox" name="saveLoginInfo" lay-skin="primary" checked="checked"><small>保存登录信息</small>
</div>
</div>
<div class="col-sm-12 mb-2"> <div class="col-sm-12 mb-2">
<button type="button" class="btn btn-info w-100" lay-submit lay-filter="LAY-user-login-submit" id="loginSubmit">登录</button> <button type="button" class="btn btn-info w-100" lay-submit lay-filter="LAY-user-login-submit" id="loginSubmit">登录</button>
</div> </div>
@@ -118,17 +113,6 @@
var field = obj.field; //获取提交的字段 var field = obj.field; //获取提交的字段
console.log("saveLoginInfo:" + field.saveLoginInfo);
if (field.saveLoginInfo == 'on') {
console.log("保存缓存");
coreHelper.setCookie("username", field.username);
coreHelper.setCookie("password", field.password);
} else {
console.log("清空缓存");
coreHelper.delCookie("username");
coreHelper.delCookie("password");
}
coreHelper.Post("api/login/getJwtToken", field, function (res) { coreHelper.Post("api/login/getJwtToken", field, function (res) {
if (res.code === 0) { if (res.code === 0) {
//jwttoekn处理 //jwttoekn处理