Ejemplo n.º 1
0
        /// <summary>
        /// GET
        /// </summary>
        /// <param name="context"></param>
        /// <param name="partner"></param>
        /// <param name="queryDic"></param>
        private void GetExecuting(ActionExecutingContext context, Partner partner, IDictionary <string, string> queryDic)
        {
            //如果为编辑权限或管理权限,则必须检测数字签名
            if (Code == Role.Editor || Code == Role.Admin)
            {
                if (string.IsNullOrEmpty(partner.Sign))
                {
                    context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数Sign缺失");
                    return;
                }

                var s = Strings.SignRequest(queryDic, partner.Authorize.AppSecret);
                if (partner.Sign != s)
                {
                    context.Result = ActionResultHelper.Error(ResultCode.SignException, "未通过签名验证,请检查签名的参数和顺序是否正确");
                    return;
                }
            }

            //是否有权限访问
            bool powerSuccess = CheckModulePower(partner);

            //权限
            if (!powerSuccess)
            {
                context.Result = ActionResultHelper.Error(ResultCode.AuthorizationFailed, "模块权限不足");
                return;
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// POST
        /// </summary>
        /// <param name="context"></param>
        /// <param name="partner"></param>
        /// <param name="queryDic"></param>
        private void PostExecuting(ActionExecutingContext context, Partner partner, IDictionary <string, string> queryDic)
        {
            var request = context.HttpContext.Request;

            if (string.IsNullOrEmpty(partner.Sign))
            {
                context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数Sign缺失");
                return;
            }

            //采用协调世界时进行校验(接口请求时同样采用协调世界时处理)
            if (partner.Timestamp.AddMinutes(5) < DateTime.Now.ToUniversalTime())
            {
                context.Result = ActionResultHelper.Error(ResultCode.RequestExpires, "API请求时间超时,服务过期,请检查Timestamp或同步服务器时间");
                return;
            }

            if (partner.Authorize == null)
            {
                context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, "模块授权信息不存在");
                return;
            }

            queryDic.Remove(RequestParameterNames.Sign);
            try
            {
                var data = request.Form;
                var dic  = new Dictionary <string, string>();
                foreach (var item in data)
                {
                    if (!queryDic.ContainsKey(item.Key))
                    {
                        queryDic.Add(item.Key, item.Value[0]);
                    }
                }
            }
            catch (Exception ex)
            {
                //ex
                context.Result = ActionResultHelper.Error(ResultCode.DataException, "request.Form 获取表单数据异常");
                return;
            }
            var s = Strings.SignRequest(queryDic, partner.Authorize.AppSecret ?? string.Empty);

            if (partner.Sign != s)
            {
                context.Result = ActionResultHelper.Error(ResultCode.SignException, "未通过签名验证,请检查签名的参数和顺序是否正确");
                return;
            }

            //是否有权限访问
            bool powerSuccess = CheckModulePower(partner);

            //权限
            if (!powerSuccess)
            {
                context.Result = ActionResultHelper.Error(ResultCode.AuthorizationFailed, "模块权限不足");
                return;
            }
        }
Ejemplo n.º 3
0
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var request = context.HttpContext.Request;
            var method  = request.Method;
            IDictionary <string, string> queryDic = Strings.SplitUrlQuery(request.QueryString.Value);

            if (queryDic == null)
            {
                context.Result = ActionResultHelper.Error(ResultCode.ParametersMissing, "URL参数缺失");
                return;
            }

            #region //合作者身份

            Partner partner = new Partner {
                Timestamp = DateTime.Parse("1970-01-01").ToUniversalTime()
            };

            foreach (var item in queryDic)
            {
                if (item.Key == RequestParameterNames.Sign)
                {
                    partner.Sign = item.Value;
                }
                if (item.Key == RequestParameterNames.PartnerId)
                {
                    partner.PartnerId = item.Value;
                }
                if (item.Key == RequestParameterNames.Timestamp)
                {
                    long ticks = 0;
                    long.TryParse(item.Value, out ticks);
                    partner.Timestamp = DateTime.FromBinary(ticks);
                }
            }
            #endregion

            if (string.IsNullOrEmpty(partner.PartnerId))
            {
                context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数PartnerId缺失");
                return;
            }

            #region 授权信息

            var moduleInfo = new System_ModuleAuthorize();
            try
            {
                moduleInfo = ModuleAuthorizeCache.GetSecret(partner.PartnerId);
            }
            catch (Exception ex)
            {
                // 记录授权异常信息。
                Td.Diagnostics.Logger.Error(ex);

                context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, ex.Message);
                return;
            }
            if (moduleInfo == null)
            {
                context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, "模块授权信息不存在");
                return;
            }

            partner.Authorize = moduleInfo;

            #endregion

            if (method == "POST")
            {
                PostExecuting(context, partner, queryDic);
            }
            else if (method == "GET")
            {
                GetExecuting(context, partner, queryDic);
            }
            else
            {
                context.Result = ActionResultHelper.Error(ResultCode.RequestModeInvalid, "请求的模式不正确");
                return;
            }

            UpdateHttpContextItems(context.HttpContext, queryDic);
        }