From 5fae0aaa045f82a02d0ca2c53a23a07fd6751dd1 Mon Sep 17 00:00:00 2001
From: jianweie code <jianweie@live.com>
Date: Sat, 12 Aug 2023 16:52:02 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E4=BC=98=E5=8C=96=E3=80=91=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9launchSettings.json=E6=9C=AC=E5=9C=B0=E8=B0=83?=
 =?UTF-8?q?=E8=AF=95=E7=AB=AF=E5=8F=A3=E5=8F=B7=EF=BC=8C=E9=98=B2=E6=AD=A2?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E7=AB=AF=E5=92=8C=E5=90=8E=E7=AB=AF=E5=90=8C?=
 =?UTF-8?q?=E6=97=B6=E5=90=AF=E5=8A=A8=E5=BA=94=E7=94=A8=E7=A8=8B=E5=BA=8F?=
 =?UTF-8?q?=E6=A8=A1=E5=BC=8F=E4=B8=8B=E7=AB=AF=E5=8F=A3=E5=8F=B7=E5=86=B2?=
 =?UTF-8?q?=E7=AA=81=E3=80=82=20=E3=80=90=E4=BC=98=E5=8C=96=E3=80=91?=
 =?UTF-8?q?=E7=A7=BB=E9=99=A4=E5=90=8E=E5=8F=B0=E7=99=BB=E5=BD=95=E9=BB=98?=
 =?UTF-8?q?=E8=AE=A4=E8=AE=B0=E5=BD=95=E8=B4=A6=E5=8F=B7=E5=AF=86=E7=A0=81?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD=E3=80=82=20=E3=80=90=E4=BF=AE=E5=A4=8D?=
 =?UTF-8?q?=E3=80=91=E4=BF=AE=E5=A4=8D=E5=89=8D=E7=AB=AF=E6=8F=90=E4=BA=A4?=
 =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=8F=AF=E8=83=BD=E5=AD=98=E5=9C=A8=E9=A3=8E?=
 =?UTF-8?q?=E9=99=A9=E7=9A=84=E6=A0=A1=E9=AA=8C=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CoreCms.Net.Auth/AuthorizationSetup.cs        |  2 +-
 .../Bill/CoreCmsBillPaymentsServices.cs       |  7 +++++++
 .../Cart/CoreCmsCartServices.cs               | 21 +++++++++++++++----
 .../wwwroot/views/user/login.html             | 16 --------------
 4 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/CoreCms.Net.Auth/AuthorizationSetup.cs b/CoreCms.Net.Auth/AuthorizationSetup.cs
index 8b99c02..56c983f 100644
--- a/CoreCms.Net.Auth/AuthorizationSetup.cs
+++ b/CoreCms.Net.Auth/AuthorizationSetup.cs
@@ -41,7 +41,7 @@ namespace CoreCms.Net.Auth
 
             #region 参数
             //读取配置文件
-            var symmetricKeyAsBase64 = AppSettingsConstVars.JwtConfigSecretKey;
+            var symmetricKeyAsBase64 = AppSettingsHelper.GetMachineRandomKey(AppSettingsConstVars.JwtConfigSecretKey);
             var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
             var signingKey = new SymmetricSecurityKey(keyByteArray);
             var issuer = AppSettingsConstVars.JwtConfigIssuer;
diff --git a/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs b/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
index d9b9451..10b4f72 100644
--- a/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
+++ b/CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
@@ -454,6 +454,13 @@ namespace CoreCms.Net.Services
             }
 
             var billPayments = result.data as CoreCmsBillPayments;
+
+            if (billPayments.money < 0)
+            {
+                jm.msg = "支付金额异常！";
+                return jm;
+            }
+
             //根据支付方式返回支付配置
             //微信支付
             if (paymentCode == GlobalEnumVars.PaymentsTypes.wechatpay.ToString())
diff --git a/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs b/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
index 6fd7f67..cfaadbf 100644
--- a/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
+++ b/CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
@@ -102,7 +102,11 @@ namespace CoreCms.Net.Services
         public async Task<WebApiCallBack> SetCartNum(int id, int nums, int userId, int numType, int type = 1)
         {
             var jm = new WebApiCallBack();
-
+            if (nums <= 0)
+            {
+                jm.msg = "商品数量必须为正整数";
+                return jm;
+            }
             if (userId == 0)
             {
                 jm.msg = "用户信息获取失败";
@@ -180,12 +184,12 @@ namespace CoreCms.Net.Services
             var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
 
             //获取数据 
-            if (nums == 0)
+            if (nums <= 0)
             {
                 jm.msg = "请选择货品数量";
                 return jm;
             }
-            if (productId == 0)
+            if (productId <= 0)
             {
                 jm.msg = "请选择货品";
                 return jm;
@@ -421,6 +425,9 @@ namespace CoreCms.Net.Services
         {
             var jm = new WebApiCallBack() { methodDescription = "获取购物车原始列表(未核算)" };
 
+            //强制过滤一遍，防止出现可以造假数据
+            await _dal.DeleteAsync(p => p.userId == userId && p.nums <= 0);
+
             using var container = _serviceProvider.CreateScope();
             var productsService = container.ServiceProvider.GetService<ICoreCmsProductsServices>();
             var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
@@ -446,6 +453,12 @@ namespace CoreCms.Net.Services
                     await _dal.DeleteAsync(item);
                     continue;
                 }
+                //商品金额设置为0，就从购物车里面删除
+                if (productInfo.price <= 0)
+                {
+                    await _dal.DeleteAsync(item);
+                    continue;
+                }
                 //获取重量
                 var goodsWeight = await goodsServices.GetWeight(item.productId);
 
@@ -700,7 +713,7 @@ namespace CoreCms.Net.Services
         public async Task<WebApiCallBack> CartPoint(CartDto cartDto, int userId, int point)
         {
             var jm = new WebApiCallBack() { status = true };
-            if (point != 0)
+            if (point > 0)
             {
                 var getUserPointDto = await _userServices.GetUserPoint(userId, 0);
                 if (getUserPointDto.point < point)
diff --git a/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html b/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
index 93569ce..92ebe6e 100644
--- a/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
+++ b/CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
@@ -43,11 +43,6 @@
                                     <input type="password" name="password" id="LAY-user-login-password" lay-verType="tips" lay-verify="required" placeholder="密码" class="form-control">
                                 </div>
                             </div>
-                            <div class="col-sm-12 mb-2">
-                                <div class="form-group">
-                                    <input type="checkbox" name="saveLoginInfo" lay-skin="primary" checked="checked"><small>保存登录信息</small>
-                                </div>
-                            </div>
                             <div class="col-sm-12 mb-2">
                                 <button type="button" class="btn btn-info w-100" lay-submit lay-filter="LAY-user-login-submit" id="loginSubmit">登录</button>
                             </div>
@@ -118,17 +113,6 @@
 
             var field = obj.field; //获取提交的字段
 
-            console.log("saveLoginInfo:" + field.saveLoginInfo);
-
-            if (field.saveLoginInfo == 'on') {
-                console.log("保存缓存");
-                coreHelper.setCookie("username", field.username);
-                coreHelper.setCookie("password", field.password);
-            } else {
-                console.log("清空缓存");
-                coreHelper.delCookie("username");
-                coreHelper.delCookie("password");
-            }
             coreHelper.Post("api/login/getJwtToken", field, function (res) {
                 if (res.code === 0) {
                     //jwttoekn处理