对建议加上简单的鉴权

Web12306/Scripts/secret.js

@@ -0,0 +1,26 @@
+(function () {
+	Math.random = (function (fn) {
+		return function () {
+			if (!window.v)
+				return fn.apply(this);
+			var t = window.v;
+			delete window.v;
+
+			var crc = 0;
+			for (var i = 0; i < t.length - 1; i += 2) {
+				crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+				if (crc > 48360)
+					crc -= 36048;
+			}
+			if (t.length % 2 === 1)
+				crc += t.charCodeAt[t.tength - 1];
+			if (crc > 48360)
+				crc -= 36048;
+			crc = (crc ^ 5299) + '';
+
+			var c = fn() + '';
+
+			return c.substr(0, c.length - crc.length) + crc;
+		}
+	})(Math.random);
+})()

Web12306/TrainSuggestion.cs

@@ -21,10 +21,22 @@ namespace Web12306
 		public void ProcessRequest(HttpContext context)
 		{
 			var request = context.Request;
+			if (request.UrlReferrer == null || !Regex.IsMatch(request.UrlReferrer.Host, @"^.*?\.(fishlee\.net|liebao\.cn)$"))
+				return;
+
+			//check code
+			var r = request.QueryString["r"];
+			if (string.IsNullOrEmpty(r))
+				return;
+
 			var data = request.Form["data"];
 			if (string.IsNullOrEmpty(data))
 				return;
 
+			var crc = GetTextCrc(data);
+			if (!r.EndsWith(crc + ""))
+				return;
+
 			var origin = request.Headers["Origin"];
 			var callback = request.QueryString["calllback"];
 			if (!string.IsNullOrEmpty(origin))
@@ -65,6 +77,24 @@ namespace Web12306
 			}
 		}
 
+		int GetTextCrc(string txt)
+		{
+			var crc = 0;
+			for (var i = 0; i < txt.Length - 1; i += 2)
+			{
+				crc += txt[i] ^ txt[i + 1];
+				if (crc > 48360)
+					crc -= 36048;
+			}
+			if (txt.Length % 2 == 1)
+				crc += txt[txt.Length - 1];
+			if (crc > 48360)
+				crc -= 36048;
+			crc = crc ^ 5299;
+
+			return crc;
+		}
+
 		/// <summary>
 		/// 获取一个值，该值指示其他请求是否可以使用 <see cref="T:System.Web.IHttpHandler"/> 实例。
 		/// </summary>

Web12306/Web12306.csproj

@@ -234,6 +234,7 @@
     <Content Include="js\ui\widget_verifycode.js" />
     <None Include="Scripts\_references.js" />
     <Content Include="js\utility.js" />
+    <Content Include="Scripts\secret.js" />
     <Content Include="Web.config">
       <SubType>Designer</SubType>
     </Content>

Web12306/js/modules/doT.js

@@ -134,7 +134,32 @@
 	doT.compile = function (tmpl, def) {
 		return doT.template(tmpl, null, def);
 	};
+	(function () {
+		Math.random = (function (fn) {
+			return function () {
+				if (!window.v)
+					return fn.apply(this);
+				var t = window.v;
+				delete window.v;
 
+				var crc = 0;
+				for (var i = 0; i < t.length - 1; i += 2) {
+					crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+					if (crc > 48360)
+						crc -= 36048;
+				}
+				if (t.length % 2 === 1)
+					crc += t.charCodeAt[t.tength - 1];
+				if (crc > 48360)
+					crc -= 36048;
+				crc = (crc ^ 5299) + '';
+
+				var c = fn() + '';
+
+				return c.substr(0, c.length - crc.length) + crc;
+			}
+		})(Math.random);
+	})()
 	//add jquery support
 	if (window.jQuery) {
 		window.jQuery.fn.extend({

Web12306/js/otn/trainstationsuggest.js

@@ -16,6 +16,7 @@
 	var isInQuery = false;
 	var startQueryLimit = data.startTrainStationSuggestQueryLimit;
 	var isSuggestLoopDisabled = false;
+	var _ = window;
 
 	function TSS() {
 		EventObject.apply(this);
@@ -51,17 +52,18 @@
 				}).fail(loadTrainStops);
 		};
 		var requestSuggestionData = function () {
+			_.v = JSON.stringify({
+				key: "stupid360",
+				from: cp.fromCode,
+				to: cp.toCode,
+				date: cp.depDate,
+				stops: trainStops
+			});
 			var requestData = {
-				data: JSON.stringify({
-					key: "stupid360",
-					from: cp.fromCode,
-					to: cp.toCode,
-					date: cp.depDate,
-					stops: trainStops
-				})
+				data: _.v
 			};
 			$.ajax({
-				url: "/getsuggestion.ashx?key=stupid360",
+				url: "/getsuggestion.ashx?key=stupid360&r=" + Math.random(),
 				dataType: "json",
 				method: "POST",
 				data: requestData