private void AuditComment(Comment comment)
{
NameValueCollection parameters = HttpUtility.ParseQueryString(String.Empty);
parameters.Add("blog", baseUrl + "/");
parameters.Add("user_ip", comment.Author.IpAddress);
parameters.Add("user_agent", comment.Author.UserAgent);
parameters.Add("referrer", comment.Referrer);
parameters.Add("permalink", String.Format("{0}/{1}/", baseUrl, comment.PostName));
parameters.Add("comment_type", "comment");
parameters.Add("comment_author", comment.Author.Name);
parameters.Add("comment_author_email", comment.Author.Email);
parameters.Add("comment_content", transformer.Transform(comment.Content));
// 至少要有一个非ASCII字符
bool isSpam = comment.Content.All(c => c <= 255);
if (!isSpam) {
isSpam = CheckSpam(parameters.ToString());
}
if (!isSpam) {
parameters.Set("comment_content", comment.Content);
isSpam = CheckSpam(parameters.ToString());
}
if (isSpam) {
comment.Audited = false;
session.Update(comment);
}
}
public void Process(Comment comment)
{
AuditComment(comment);
if (comment.Audited && comment.Target.HasValue) {
NotifyReplyTarget(comment);
}
}
private CommentView RenderComment(Comment comment, IDictionary<int, string> authors)
{
CommentView view = new CommentView() {
Id = comment.Id,
Author = comment.Author,
Content = SafeTransformer.Transform(comment.Content),
PostName = comment.PostName,
PostTime = comment.PostTime,
Target = comment.Target
};
if (view.Target.HasValue) {
view.TargetAuthorName = authors[view.Target.Value];
}
return view;
}
private static void ProcessComment(Comment comment, IKernel Kernel)
{
using (CommentProcessor processor = Kernel.Get<CommentProcessor>()) {
processor.Process(comment);
}
}
public ActionResult PostComment(Comment comment)
{
comment.Author.Name = comment.Author.Name.Trim();
comment.Author.Email = comment.Author.Email.Trim();
// 验证
if (String.IsNullOrEmpty(comment.Author.Name) ||
comment.Author.Name.Length > 60) {
ModelState.AddModelError("name", validationMessages["name"]);
}
if (String.IsNullOrEmpty(comment.Author.Email) ||
comment.Author.Email.Length > 100 ||
!emailRule.IsMatch(comment.Author.Email)) {
ModelState.AddModelError("email", validationMessages["email"]);
}
if (String.IsNullOrEmpty(comment.Content.Trim())) {
ModelState.AddModelError("content", validationMessages["content"]);
}
if (!ModelState.IsValid) {
if (Request.IsAjaxRequest()) {
Dictionary<string, string> result = ModelState
.Where(m => m.Value.Errors.Any())
.ToDictionary(m => m.Key, m => m.Value.Errors[0].ErrorMessage);
return new NewtonJsonActionResult(result);
}
else {
PostEntry entry = DbSession.QueryOver<PostEntry>()
.Where(p => p.Name == comment.PostName)
.SingleOrDefault();
entry = RenderEntry(entry);
ViewBag.Comment = comment;
ViewBag.Title = String.Format("{0} - 宅居 - 宅并技术着", entry.Title);
return View("ViewPost", entry);
}
}
comment.PostTime = DateTime.Now;
comment.Author.IpAddress = Request.UserHostAddress;
comment.Author.UserAgent = Request.UserAgent;
comment.Audited = true; // 默认为已审核,有需要的再屏蔽
comment.Referrer = Request.UrlReferrer == null ? String.Empty : Request.UrlReferrer.ToString();
if (comment.Referrer.Length > 200) {
comment.Referrer = comment.Referrer.Substring(0, 200);
}
Dictionary<int, string> targetAuthor = new Dictionary<int, string>();
if (comment.Target.HasValue) {
Comment target = DbSession.Get<Comment>(comment.Target);
// 防止CSRF攻击,评论只能评论同一文章下的
if (target == null || target.PostName != comment.PostName) {
comment.Target = null;
}
else {
targetAuthor[comment.Target.Value] = target.Author.Name;
}
}
DbSession.Save(comment);
// 审核评论要有网络交互,异步进行不影响用户收到响应
Task task = new Task(() => ProcessComment(comment, Kernel)); ;
task.Start();
if (Request.IsAjaxRequest()) {
CommentView commentView = RenderComment(comment, targetAuthor);
ViewResult view = View("Comment", commentView);
return new CreatedActionResult(Url.Content("~/" + comment.PostName), view);
}
else {
return Redirect(Url.Content("~/" + comment.PostName + "/"));
}
}
private CommentAuditionView RenderCommentView(Comment comment, IDictionary<string, PostExcerpt> posts)
{
return new CommentAuditionView() {
Id = comment.Id,
Audited = comment.Audited,
Author = comment.Author,
Content = SafeTransformer.Transform(comment.Content),
Post = posts[comment.PostName],
PostName = comment.PostName,
PostTime = comment.PostTime,
Target = comment.Target
};
}
private void NotifyReplyTarget(Comment comment)
{
Comment replyTarget = session.Get<Comment>(comment.Target.Value);
PostExcerpt post = session.Get<PostExcerpt>(comment.PostName);
if (replyTarget != null) {
MailMessage message = new MailMessage(
new MailAddress(email, siteName),
new MailAddress(replyTarget.Author.Email, replyTarget.Author.Name)
);
message.Subject = String.Format("你在 {0} 的评论收到了回复", post.Title);
message.Body = String.Format(
template,
replyTarget.Author.Name, post.Title,
transformer.Transform(replyTarget.Content),
comment.Author.Name,
transformer.Transform(comment.Content),
baseUrl, post.Name, comment.Id
);
message.IsBodyHtml = true;
message.SubjectEncoding = Encoding.UTF8;
message.BodyEncoding = Encoding.UTF8;
using (SmtpClient client = new SmtpClient()) {
client.Send(message);
}
}
}