Skip to content

Commit

Permalink
🐛 fixed cookie injection
Browse files Browse the repository at this point in the history
  • Loading branch information
hellokaton committed Oct 25, 2018
1 parent 74da260 commit 92c1c95
Show file tree
Hide file tree
Showing 8 changed files with 328 additions and 319 deletions.
13 changes: 10 additions & 3 deletions src/main/java/com/tale/bootstrap/Bootstrap.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

import com.blade.Blade;
import com.blade.Environment;
import com.blade.event.BeanProcessor;
import com.blade.ioc.Ioc;
import com.blade.ioc.annotation.Bean;
import com.blade.ioc.annotation.Inject;
import com.blade.kit.JsonKit;
import com.blade.kit.StringKit;
import com.blade.loader.BladeLoader;
import com.blade.mvc.view.template.JetbrickTemplateEngine;
Expand All @@ -15,6 +15,7 @@
import com.tale.extension.Commons;
import com.tale.extension.JetTag;
import com.tale.extension.Theme;
import com.tale.model.dto.RememberMe;
import com.tale.model.dto.Types;
import com.tale.service.OptionsService;
import com.tale.service.SiteService;
Expand All @@ -30,6 +31,7 @@
import java.util.List;

import static com.tale.bootstrap.TaleConst.CLASSPATH;
import static com.tale.bootstrap.TaleConst.OPTION_SAFE_REMEMBER_ME;

/**
* Tale初始化进程
Expand Down Expand Up @@ -72,7 +74,7 @@ public void load(Blade blade) {
// 扫描主题下面的所有自定义宏
String themeDir = CLASSPATH + "templates" + File.separatorChar + "themes";
File[] dir = new File(themeDir).listFiles();
if(null != dir){
if (null != dir) {
for (File f : dir) {
if (f.isDirectory() && Files.exists(Paths.get(f.getPath() + File.separatorChar + "macros.html"))) {
String macroName = File.separatorChar + "themes" + File.separatorChar + f.getName() + File.separatorChar + "macros.html";
Expand Down Expand Up @@ -100,7 +102,6 @@ public void load(Blade blade) {
TaleConst.ENABLED_CDN = environment.getBoolean("app.enableCdn", false);
TaleConst.MAX_FILE_SIZE = environment.getInt("app.max-file-size", 20480);

TaleConst.AES_SALT = environment.get("app.salt", "012c456789abcdef");
TaleConst.OPTIONS.addAll(optionsService.getOptions());
String ips = TaleConst.OPTIONS.get(Types.BLOCK_IPS, "");
if (StringKit.isNotBlank(ips)) {
Expand All @@ -110,6 +111,12 @@ public void load(Blade blade) {
TaleConst.INSTALLED = Boolean.TRUE;
}

String rememberToken = optionsService.getOption(OPTION_SAFE_REMEMBER_ME);
if (StringKit.isNotEmpty(rememberToken)) {
RememberMe rememberMe = JsonKit.formJson(rememberToken, RememberMe.class);
TaleConst.REMEMBER_TOKEN = rememberMe.getToken();
}

BaseController.THEME = "themes/" + Commons.site_option("site_theme");

TaleConst.BCONF = environment;
Expand Down
17 changes: 10 additions & 7 deletions src/main/java/com/tale/bootstrap/TaleConst.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ public class TaleConst {

public static final String CLASSPATH = new File(AdminApiController.class.getResource("/").getPath()).getPath() + File.separatorChar;

public static final String USER_IN_COOKIE = "S_L_ID";
public static String AES_SALT = "0123456789abcdef";
public static String LOGIN_SESSION_KEY = "login_user";
public static Environment OPTIONS = Environment.of(new HashMap<>());
public static Boolean INSTALLED = false;
public static Boolean ENABLED_CDN = true;
public static Environment BCONF = null;
public static final String REMEMBER_IN_COOKIE = "remember_me";
public static final String LOGIN_ERROR_COUNT = "login_error_count";
public static String LOGIN_SESSION_KEY = "login_user";
public static String REMEMBER_TOKEN = "";
public static Environment OPTIONS = Environment.of(new HashMap<>());
public static Boolean INSTALLED = false;
public static Boolean ENABLED_CDN = true;
public static Environment BCONF = null;

/**
* 最大页码
Expand Down Expand Up @@ -114,4 +115,6 @@ public class TaleConst {
public static final String OPTION_ALLOW_INSTALL = "allow_install";
public static final String OPTION_ALLOW_COMMENT_AUDIT = "allow_comment_audit";
public static final String OPTION_ALLOW_CLOUD_CDN = "allow_cloud_CDN";
public static final String OPTION_SAFE_REMEMBER_ME = "safe_remember_me";

}
Loading

0 comments on commit 92c1c95

Please sign in to comment.