/// <summary>
/// 将forumViewModel转换成Forum类
/// </summary>
/// <param name="id">作者ID</param>
/// <param name="forumViewmodel">源目标</param>
/// <returns></returns>
private Forum BuildForum(string id, forumViewModel forumViewmodel)
{
Forum forum = new Forum();
//如果题目写成了按js代码(例如<script>alert("di")</script>),ASP.NET Core不会对其XSS过滤
//但这里不用XSSHelper过滤也可以,
//详细看https://docs.microsoft.com/zh-cn/aspnet/core/security/cross-site-scripting?view=aspnetcore-2.2
//中Razor的HTML编码
// forum.Title = XSSHelper.Sanitizer(forumViewmodel.forum_Title);
forum.Title = forumViewmodel.forum_Title;
//这里不用XSSHelper过滤,ASP.NET Core也会帮你过滤
//(PS:这里不太懂XSS过滤机制,为什么Title属性没有XSS过滤,而forum_Content却XSS过滤了)
//forum.Content = forumViewmodel.forum_Content;
forum.Content = XSSHelper.Sanitizer(forumViewmodel.forum_Content);
forum.CategoryId = forumViewmodel.forum_Category;
forum.Create_Time = DateTime.Now;
forum.UserId = id;
forum.IsElite = 0;
forum.ID = Guid.NewGuid().ToString("N");
return(forum);
}
public async Task <IActionResult> Create_forum([FromBody] forumViewModel forumViewmodel)
{
int titleLength = int.Parse(_configuration.GetSection("Forum_limit:Title_Length").Value);
Dictionary <string, string> forumCategories = _configuration.GetSection("Forum_Category:data").Get <Dictionary <string, string> >();
if (string.IsNullOrEmpty(forumViewmodel.forum_Title) || forumViewmodel.forum_Title.Length >= titleLength || forumViewmodel.forum_Title.Length <= 0)
{
//使用方法尚未理清,可以修改
return(StatusCode(400, new { Code = "400", Message = "题目不合格" }));
}
if (forumViewmodel.forum_Category == 0 || !forumCategories.ContainsKey(forumViewmodel.forum_Category.ToString()))
{
//使用方法尚未理清,可以修改
return(StatusCode(400, new { Code = "400", Message = "帖子分类不符合" }));
}
//获取身份凭证
string phone = HttpContext.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.OtherPhone).Value;
HttpClient hc = _factory.CreateClient("forum_Server");
string Cookie = Request.Headers.FirstOrDefault(h => h.Key == "Cookie").Value;
hc.DefaultRequestHeaders.Add("Cookie", Cookie);
string response = string.Empty;
try
{
response = await hc.GetStringAsync($"/Userinfo/GetId?phone={phone}");
}
catch (Exception ex)
{
//如果请求过程出现异常,则写入日志
_logger.LogError(ex.StackTrace);
}
//接收用户服务端的数据
HttpReceive receive = JsonConvert.DeserializeObject <HttpReceive>(response);
if (receive.Code != "200")
{
//返回方式可优化
return(StatusCode(int.Parse(receive.Code)));
}
Forum forum = BuildForum(receive.data.ID, forumViewmodel);
//触发添加帖子事件,使 用户帖子数量+1
_container.Publish("CreateForum", new CreateForumSumbitEven()
{
userid = receive.data.ID
});
try
{
_forumservice.InsertForum(forum);
}catch (Exception ex)
{
_logger.LogError(ex.StackTrace);
return(Json(new { Code = "500", Message = "添加失败" }));
}
return(Json(new { Code = "200", Message = "添加成功" }));
}
