【优化】移除后台登录默认记录账号密码功能。

【修复】修复前端提交数据可能存在风险的校验。
2025-12-06 17:23:26 +08:00 · 2023-08-12 16:52:39 +08:00
parent 2f66261c0e
commit e3115be3f6
4 changed files with 27 additions and 22 deletions
--- a/CoreCms.Net.Auth/AuthorizationSetup.cs
+++ b/CoreCms.Net.Auth/AuthorizationSetup.cs
@@ -41,7 +41,7 @@ namespace CoreCms.Net.Auth

            #region 参数
            //读取配置文件
-            var symmetricKeyAsBase64 = AppSettingsConstVars.JwtConfigSecretKey;
+            var symmetricKeyAsBase64 = AppSettingsHelper.GetMachineRandomKey(AppSettingsConstVars.JwtConfigSecretKey);
            var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
            var signingKey = new SymmetricSecurityKey(keyByteArray);
            var issuer = AppSettingsConstVars.JwtConfigIssuer;
--- a/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
+++ b/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
@@ -481,6 +481,13 @@ namespace CoreCms.Net.Services
            }

            var billPayments = result.data as CoreCmsBillPayments;
+
+            if (billPayments.money < 0)
+            {
+                jm.msg = "支付金额异常！";
+                return jm;
+            }
+
            //根据支付方式返回支付配置
            //微信支付
            if (paymentCode == GlobalEnumVars.PaymentsTypes.wechatpay.ToString())
--- a/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
+++ b/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
@@ -108,7 +108,11 @@ namespace CoreCms.Net.Services
        public async Task<WebApiCallBack> SetCartNum(int id, int nums, int userId, int numType, int type = 1)
        {
            var jm = new WebApiCallBack();
-
+            if (nums <= 0)
+            {
+                jm.msg = "商品数量必须为正整数";
+                return jm;
+            }
            if (userId == 0)
            {
                jm.msg = "用户信息获取失败";
@@ -187,12 +191,12 @@ namespace CoreCms.Net.Services
            var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();

            //获取数据 
-            if (nums == 0)
+            if (nums <= 0)
            {
                jm.msg = "请选择货品数量";
                return jm;
            }
-            if (productId == 0)
+            if (productId <= 0)
            {
                jm.msg = "请选择货品";
                return jm;
@@ -260,7 +264,7 @@ namespace CoreCms.Net.Services
                        {
                            if (checkOrder.TotalUserOrders + nums > promotionsModel.maxNums)
                            {
-                                jm.data = 15611;;
+                                jm.data = 15611; ;
                                jm.msg = GlobalErrorCodeVars.Code15611;
                                return jm;
                            }
@@ -428,6 +432,9 @@ namespace CoreCms.Net.Services
        {
            var jm = new WebApiCallBack() { methodDescription = "获取购物车原始列表(未核算)" };

+            //强制过滤一遍，防止出现可以造假数据
+            await _dal.DeleteAsync(p => p.userId == userId && p.nums <= 0);
+
            using var container = _serviceProvider.CreateScope();
            var productsService = container.ServiceProvider.GetService<ICoreCmsProductsServices>();
            var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
@@ -460,6 +467,13 @@ namespace CoreCms.Net.Services
                    await _dal.DeleteAsync(item);
                    continue;
                }
+                //商品金额设置为0，就从购物车里面删除
+                if (productInfo.price <= 0)
+                {
+                    await _dal.DeleteAsync(item);
+                    continue;
+                }
+
                //获取重量
                var goodsWeight = await goodsServices.GetWeight(item.productId);

@@ -799,7 +813,7 @@ namespace CoreCms.Net.Services
        public async Task<WebApiCallBack> CartPoint(CartDto cartDto, int userId, int point)
        {
            var jm = new WebApiCallBack() { status = true };
-            if (point != 0)
+            if (point > 0)
            {
                var user = await _userServices.QueryByClauseAsync(p => p.id == userId);
                if (user.point < point)
--- a/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
+++ b/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
@@ -43,11 +43,6 @@
                                    <input type="password" name="password" id="LAY-user-login-password" lay-verType="tips" lay-verify="required" placeholder="密码" class="form-control">
                                </div>
                            </div>
-                            <div class="col-sm-12 mb-2">
-                                <div class="form-group">
-                                    <input type="checkbox" name="saveLoginInfo" lay-skin="primary" checked="checked"><small>保存登录信息</small>
-                                </div>
-                            </div>
                            <div class="col-sm-12 mb-2">
                                <button type="button" class="btn btn-info w-100" lay-submit lay-filter="LAY-user-login-submit" id="loginSubmit">登录</button>
                            </div>
@@ -118,17 +113,6 @@

            var field = obj.field; //获取提交的字段

-            console.log("saveLoginInfo:" + field.saveLoginInfo);
-
-            if (field.saveLoginInfo == 'on') {
-                console.log("保存缓存");
-                coreHelper.setCookie("username", field.username);
-                coreHelper.setCookie("password", field.password);
-            } else {
-                console.log("清空缓存");
-                coreHelper.delCookie("username");
-                coreHelper.delCookie("password");
-            }
            coreHelper.Post("api/login/getJwtToken", field, function (res) {
                if (res.code === 0) {
                    //jwttoekn处理