/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext"></param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//若为本地测试,则不需要校验
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
//判断是否需要签名
bool needSign = !filterContext.ContainsAttribute <IgnoreSignAttribute>();
//不需要签名
if (!needSign)
{
return;
}
//需要签名
var checkSignRes = _checkSignBusiness.IsSecurity(filterContext.HttpContext.ApplicationInstance.Context);
if (!checkSignRes.Success)
{
filterContext.Result = new ContentResult()
{
Content = checkSignRes.ToJson()
};
}
}
/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext">过滤器上下文</param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
var request = filterContext.RequestContext.HttpContext.Request;
try
{
//若为本地测试,则不需要登录
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
//判断是否需要登录
bool needLogin = filterContext.ContainsAttribute <CheckLoginAttribute>() && !filterContext.ContainsAttribute <IgnoreLoginAttribute>();
//转到登录
if (needLogin && !Operator.Logged())
{
RedirectToLogin();
}
else
{
return;
}
}
catch (Exception ex)
{
BusHelper.HandleException(ex);
RedirectToLogin();
}
void RedirectToLogin()
{
if (request.IsAjaxRequest())
{
filterContext.Result = new ContentResult
{
Content = new AjaxResult {
Success = false, ErrorCode = 1, Msg = "未登录"
}.ToJson(),
ContentEncoding = Encoding.UTF8,
ContentType = "application/json"
};
}
else
{
UrlHelper urlHelper = new UrlHelper(filterContext.RequestContext);
string loginUrl = urlHelper.Content("~/Home/Login");
string script = $@"
<html>
<script>
top.location.href = '{loginUrl}';
</script>
</html>
";
filterContext.Result = new ContentResult {
Content = script, ContentType = "text/html", ContentEncoding = Encoding.UTF8
};
}
}
}
/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext">过滤器上下文</param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//若为本地测试,则不需要登录
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
//判断是否需要登录
bool needLogin = filterContext.ContainsAttribute <CheckLoginAttribute>() && !filterContext.ContainsAttribute <IgnoreLoginAttribute>();
//转到登录
if (needLogin && !Operator.Logged())
{
UrlHelper urlHelper = new UrlHelper(filterContext.RequestContext);
string loginUrl = urlHelper.Content("~/Home/Login");
string script = $@"
<html>
<script>
top.location.href = '{loginUrl}';
</script>
</html>
";
filterContext.Result = new ContentResult {
Content = script
};
}
else
{
return;
}
}
/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext">过滤器上下文</param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//若为本地测试,则不需要校验
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
AjaxResult res = new AjaxResult();
//判断是否需要校验
bool needCheck = filterContext.ContainsAttribute <CheckAppIdPermissionAttribute>() && !filterContext.ContainsAttribute <IgnoreAppIdPermissionAttribute>();
if (!needCheck)
{
return;
}
var allRequestParams = HttpHelper.GetAllRequestParams(filterContext.HttpContext.ApplicationInstance.Context);
if (!allRequestParams.ContainsKey("appId"))
{
res.Success = false;
res.Msg = "缺少appId参数!";
filterContext.Result = new ContentResult {
Content = res.ToJson(), ContentEncoding = Encoding.UTF8
};
}
string appId = allRequestParams["appId"]?.ToString();
var allUrlPermissions = UrlPermissionManage.GetAllUrlPermissions();
string requestUrl = filterContext.HttpContext.Request.Url.ToString().ToLower();
var thePermission = allUrlPermissions.Where(x => requestUrl.Contains(x.Url.ToLower())).FirstOrDefault();
if (thePermission == null)
{
return;
}
string needPermission = thePermission.PermissionValue;
bool hasPermission = PermissionManage.GetAppIdPermissionValues(appId).Any(x => x.ToLower() == needPermission.ToLower());
if (hasPermission)
{
return;
}
else
{
res.Success = false;
res.Msg = "权限不足!访问失败!";
filterContext.Result = new ContentResult {
Content = res.ToJson(), ContentEncoding = Encoding.UTF8
};
}
}
/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext">过滤器上下文</param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//若为本地测试,则不需要校验
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
//判断是否需要校验
bool needCheck = !filterContext.ContainsAttribute <IgnoreUrlPermissionAttribute>();
if (!needCheck)
{
return;
}
var allUrlPermissions = _urlPermissionManage.GetAllUrlPermissions();
string requestUrl = filterContext.HttpContext.Request.Url.ToString().ToLower();
var thePermission = allUrlPermissions.Where(x => requestUrl.Contains(x.Url.ToLower())).FirstOrDefault();
if (thePermission == null)
{
return;
}
string needPermission = thePermission.PermissionValue;
bool hasPermission = _permissionManage.GetOperatorPermissionValues().Any(x => x.ToLower() == needPermission.ToLower());
if (hasPermission)
{
return;
}
else
{
AjaxResult res = new AjaxResult
{
Success = false,
Msg = "权限不足!无法访问!"
};
filterContext.Result = new ContentResult {
Content = res.ToJson(), ContentEncoding = Encoding.UTF8
};
}
}
/// <summary>
/// Action执行之前执行
/// </summary>
/// <param name="filterContext"></param>
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//若为本地测试,则不需要校验
if (GlobalSwitch.RunModel == RunModel.LocalTest)
{
return;
}
//判断是否需要签名
if (filterContext.ContainsAttribute <IgnoreSignAttribute>())
{
return;
}
var request = filterContext.HttpContext.Request;
string appId = request.Headers["appId"]?.ToString();
if (appId.IsNullOrEmpty())
{
ReturnError("缺少header:appId");
return;
}
string time = request.Headers["time"]?.ToString();
if (time.IsNullOrEmpty())
{
ReturnError("缺少header:time");
return;
}
if (time.ToDateTime() < DateTime.Now.AddMinutes(-5) || time.ToDateTime() > DateTime.Now.AddMinutes(5))
{
ReturnError("time过期");
return;
}
string guid = request.Headers["guid"]?.ToString();
if (guid.IsNullOrEmpty())
{
ReturnError("缺少header:guid");
return;
}
string guidKey = $"{GlobalSwitch.ProjectName}_apiGuid_{guid}";
if (CacheHelper.Cache.GetCache(guidKey).IsNullOrEmpty())
{
CacheHelper.Cache.SetCache(guidKey, "1", new TimeSpan(0, 10, 0));
}
else
{
ReturnError("禁止重复调用!");
return;
}
string body = request.InputStream.ReadToString();
string sign = request.Headers["sign"]?.ToString();
if (sign.IsNullOrEmpty())
{
ReturnError("缺少header:sign");
return;
}
string appSecret = appSecretBus.GetAppSecret(appId);
if (appSecret.IsNullOrEmpty())
{
ReturnError("header:appId无效");
return;
}
string newSign = HttpHelper.BuildApiSign(appId, appSecret, guid, time.ToDateTime(), body);
if (sign != newSign)
{
ReturnError("header:sign签名错误");
return;
}
void ReturnError(string msg)
{
AjaxResult res = new AjaxResult
{
Success = false,
Msg = msg
};
filterContext.Result = new ContentResult {
Content = res.ToJson(), ContentType = "application/json;charset=utf-8"
};
}
}
