/// <summary> /// 将forumViewModel转换成Forum类 /// </summary> /// <param name="id">作者ID</param> /// <param name="forumViewmodel">源目标</param> /// <returns></returns> private Forum BuildForum(string id, forumViewModel forumViewmodel) { Forum forum = new Forum(); //如果题目写成了按js代码(例如<script>alert("di")</script>),ASP.NET Core不会对其XSS过滤 //但这里不用XSSHelper过滤也可以, //详细看https://docs.microsoft.com/zh-cn/aspnet/core/security/cross-site-scripting?view=aspnetcore-2.2 //中Razor的HTML编码 // forum.Title = XSSHelper.Sanitizer(forumViewmodel.forum_Title); forum.Title = forumViewmodel.forum_Title; //这里不用XSSHelper过滤,ASP.NET Core也会帮你过滤 //(PS:这里不太懂XSS过滤机制,为什么Title属性没有XSS过滤,而forum_Content却XSS过滤了) //forum.Content = forumViewmodel.forum_Content; forum.Content = XSSHelper.Sanitizer(forumViewmodel.forum_Content); forum.CategoryId = forumViewmodel.forum_Category; forum.Create_Time = DateTime.Now; forum.UserId = id; forum.IsElite = 0; forum.ID = Guid.NewGuid().ToString("N"); return(forum); }
public async Task <IActionResult> Create_forum([FromBody] forumViewModel forumViewmodel) { int titleLength = int.Parse(_configuration.GetSection("Forum_limit:Title_Length").Value); Dictionary <string, string> forumCategories = _configuration.GetSection("Forum_Category:data").Get <Dictionary <string, string> >(); if (string.IsNullOrEmpty(forumViewmodel.forum_Title) || forumViewmodel.forum_Title.Length >= titleLength || forumViewmodel.forum_Title.Length <= 0) { //使用方法尚未理清,可以修改 return(StatusCode(400, new { Code = "400", Message = "题目不合格" })); } if (forumViewmodel.forum_Category == 0 || !forumCategories.ContainsKey(forumViewmodel.forum_Category.ToString())) { //使用方法尚未理清,可以修改 return(StatusCode(400, new { Code = "400", Message = "帖子分类不符合" })); } //获取身份凭证 string phone = HttpContext.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.OtherPhone).Value; HttpClient hc = _factory.CreateClient("forum_Server"); string Cookie = Request.Headers.FirstOrDefault(h => h.Key == "Cookie").Value; hc.DefaultRequestHeaders.Add("Cookie", Cookie); string response = string.Empty; try { response = await hc.GetStringAsync($"/Userinfo/GetId?phone={phone}"); } catch (Exception ex) { //如果请求过程出现异常,则写入日志 _logger.LogError(ex.StackTrace); } //接收用户服务端的数据 HttpReceive receive = JsonConvert.DeserializeObject <HttpReceive>(response); if (receive.Code != "200") { //返回方式可优化 return(StatusCode(int.Parse(receive.Code))); } Forum forum = BuildForum(receive.data.ID, forumViewmodel); //触发添加帖子事件,使 用户帖子数量+1 _container.Publish("CreateForum", new CreateForumSumbitEven() { userid = receive.data.ID }); try { _forumservice.InsertForum(forum); }catch (Exception ex) { _logger.LogError(ex.StackTrace); return(Json(new { Code = "500", Message = "添加失败" })); } return(Json(new { Code = "200", Message = "添加成功" })); }