public override void OnActionExecuting(ActionExecutingContext context)
{
var apiParam = context.ActionArguments.Values.SingleOrDefault(x => x is ApiParamInfo);
if (apiParam == null)
{
context.Result = new NotFoundObjectResult("参数错误,请求失败");
return;
}
var data = apiParam as ApiParamInfo;
if (data.Params == null || string.IsNullOrEmpty(data.Sign))
{
context.Result = new BadRequestObjectResult("签名为空,请求无效");
return;
}
if (string.IsNullOrEmpty(data.TimeStamp) || !long.TryParse(data.TimeStamp, out long timeStamp))
{
context.Result = new BadRequestObjectResult("时间戳错误,请求无效");
return;
}
//验签
SortedDictionary <string, string> paras = new SortedDictionary <string, string>(data.Params);
if (!SecuritySign.VerifyWithTimeStamp(paras, data.Sign, timeStamp))
{
context.Result = new BadRequestObjectResult("验签失败,请求无效");
return;
}
var token = data.RequestId;
//请求唯一性校验
if (!TokenManager.GetInstance.Add(token))
{
token = string.Empty;
}
if (!string.IsNullOrEmpty(token))
{
base.OnActionExecuting(context);
}
else
{
context.Result = new BadRequestObjectResult("请求参数无效:" + token);
return;
}
}
private async Task GenerateToken(HttpContext context, Services.Contracts.IAccountService accountService)
{
var auth_success = false;
var username = context.Request.Form["username"];
var password = context.Request.Form["password"];
var authentication = context.Request.Form["authentication"];
if (!string.IsNullOrEmpty(authentication))
{
var dynamic = Newtonsoft.Json.JsonConvert.DeserializeObject <dynamic>(authentication.ToString().SafeDecoded());
SortedDictionary <string, string> sArray = new SortedDictionary <string, string>();
sArray.Add("UserName", dynamic.UserName.ToString());
sArray.Add("TimeStamp", dynamic.TimeStamp.ToString());
sArray.Add("Sign", dynamic.Sign.ToString());
if (SecuritySign.VerifyWithTimeStamp(sArray, sArray["Sign"], Convert.ToInt64(sArray["TimeStamp"])))
{
auth_success = true;
username = dynamic.UserName.ToString();
}
else
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Invalid authentication.");
}
}
if (!auth_success)
{
var identity = await _options.IdentityResolver(username, password, accountService);
if (identity == null)
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Invalid username or password.");
return;
}
}
var userInfo = await accountService.GetUserAuthInfo(username);
var now = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, username),
new Claim(JwtRegisteredClaimNames.Jti, await _options.NonceGenerator()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
new Claim(JwtClaimNamesConst.Org, userInfo.OrganizationId.ToString(), ClaimValueTypes.String),
new Claim(JwtClaimNamesConst.UseName, userInfo.Name, ClaimValueTypes.String),
new Claim(JwtClaimNamesConst.Func, string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray()))
};
// Create the JWT and write it to a string
var jwt = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(_options.Expiration),
signingCredentials: _options.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response = new
{
access_token = encodedJwt,
expires_in = (int)_options.Expiration.TotalSeconds,
user_name = userInfo.Name,
user_func = string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray())
};
// Serialize and return the response
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings));
}
