🦄 fix comment bad request

zhengyouxiang · Mar 14, 2017 · 7106246 · 7106246
1 parent 8cdb1cc
commit 7106246
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/src/main/java/com/tale/controller/IndexController.java b/src/main/java/com/tale/controller/IndexController.java
@@ -365,6 +365,7 @@ public RestResponse comment(Request request, Response response,
             // 设置对每个文章1分钟可以评论一次
             cache.hset(Types.COMMENTS_FREQUENCY, val, 1, 60);
             siteService.cleanCache(Types.C_STATISTICS);
+            request.attribute("del_csrf_token", token);
             return RestResponse.ok();
         } catch (Exception e) {
             String msg = "评论发布失败";

diff --git a/src/main/java/com/tale/interceptor/BaseInterceptor.java b/src/main/java/com/tale/interceptor/BaseInterceptor.java
@@ -68,8 +68,9 @@ public boolean before(Request request, Response response) {
         String method = request.method();
         if(method.equals("GET")){
             String csrf_token = UUID.UU64();
-            // 默认存储30分钟
-            cache.hset(Types.CSRF_TOKEN, csrf_token, uri, TaleConst.BCONF.getInt("app.csrf-token-timeout", 30) * 60);
+            // 默认存储20分钟
+            int timeout = TaleConst.BCONF.getInt("app.csrf-token-timeout", 20) * 60;
+            cache.hset(Types.CSRF_TOKEN, csrf_token, uri, timeout);
             request.attribute("_csrf_token", csrf_token);
         }
         return true;
@@ -78,7 +79,7 @@ public boolean before(Request request, Response response) {
 
     @Override
     public boolean after(Request request, Response response) {
-        String _csrf_token = request.query("_csrf_token");
+        String _csrf_token = request.attribute("del_csrf_token");
         if(StringKit.isNotBlank(_csrf_token)){
             // 移除本次token
             cache.hdel(Types.CSRF_TOKEN, _csrf_token);