public async Task <HttpResponseMessage> GetToken(string staffId)
{
return(await Task.Run(() =>
{
ResultMsg resultMsg = new ResultMsg();
int id = 0;
//判断参数是否合法
if (string.IsNullOrEmpty(staffId) || (!int.TryParse(staffId, out id)))
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
}
else
{
//插入缓存
Token token = RedisHelper.Get <Token>(id.ToString());
if (token == null)
{
token = new Token();
token.StaffId = id;
token.SignToken = Guid.NewGuid();
token.ExpireTime = DateTime.Now.AddDays(1);
RedisHelper.Set(token.StaffId.ToString(), token, token.ExpireTime);
}
//返回token信息
resultMsg.Data = token;
}
return resultMsg.ToJson().ResponseMessage();
}));
}
/// <summary>
/// Given an Enum field, it adds it to the generated typescript
/// </summary>
/// <param name="enumVal">the enum val object</param>
/// <param name="intVal">the integer value of the enum</param>
private void AddEnumField(Enum enumVal, int intVal)
{
int indent = 2;
//Add the documentation for the enum
AddFormatLine(indent, "/** {0} */",
GetMemberDescription(enumVal.GetType(),
enumVal.GetType().GetField(enumVal.ToString())));
AddFormatLine(indent, "static {0} = {{", enumVal.ToString());
EnumDisplayNameAttribute attr = EnumUtils.GetEnumDispNameAttribute(enumVal);
AddFormatLine(indent + 1, "id: {0},", intVal);
AddFormatLine(indent + 1, "name: \"{0}\",", attr.DisplayName);
AddFormatLine(indent + 1, "abbrev: \"{0}\",", attr.Abbreviation);
string extraData = GetExtraData(enumVal);
if (!string.IsNullOrEmpty(extraData))
{
AddLine(indent + 1, extraData);
}
AddLine(indent, "}");
}
public static string DisplayName(this Enum value)
{
FieldInfo field = value.GetType().GetField(value.ToString());
EnumDisplayNameAttribute attribute
= Attribute.GetCustomAttribute(field, typeof(EnumDisplayNameAttribute))
as EnumDisplayNameAttribute;
return attribute == null ? value.ToString() : attribute.DisplayName;
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ResultMsg resultMsg = new ResultMsg();
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty;
int id = 0;
//httpclient预热会发送HEAD请求
if (method.ToUpper().Equals("HEAD"))
{
return;
}
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("staffkey"))
{
staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
#region 判断请求头是否包含以下参数
if (
string.IsNullOrEmpty(staffid) ||
!int.TryParse(staffid, out id) ||
string.IsNullOrEmpty(timestamp) ||
string.IsNullOrEmpty(nonce) ||
string.IsNullOrEmpty(staffkey)
)//|| string.IsNullOrEmpty(signature)
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 得到管理员后台 staffId 与 staffKey
string staffidforApi = ConfigurationManager.AppSettings["StaffId_1001"];
string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_1001"];
string staffidforSceneicApi = ConfigurationManager.AppSettings["StaffId_1006"];
string staffkeyforSceneicApi = ConfigurationManager.AppSettings["StaffKey_1006"];
if (
!(staffidforApi.Equals(staffid) && staffkeyforApi.Equals(staffkey)) &&
!(staffidforSceneicApi.Equals(staffid) && staffkeyforSceneicApi.Equals(staffkey))
)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
base.OnActionExecuting(actionContext);
}
public virtual Task <System.Net.Http.HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <System.Net.Http.HttpResponseMessage> > continuation)
{
ResultMsg resultMsg = new ResultMsg();
var task = actionContext.Request.Content.ReadAsStreamAsync();
string content = string.Empty; //加密内容
using (System.IO.Stream sm = task.Result)
{
if (sm != null)
{
sm.Seek(0, SeekOrigin.Begin);
int len = (int)sm.Length;
byte[] inputByts = new byte[len];
sm.Read(inputByts, 0, len);
sm.Close();
content = Encoding.UTF8.GetString(inputByts);
}
}
string method = actionContext.Request.Method.Method;
if (method.ToLower() != "post")
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
TuLvRequest resquest = Json.ToObject <TuLvRequest>(content);
string body = resquest.RequestBody;
string userId = resquest._RequestHead.UserId;
string userKey = resquest._RequestHead.UserKey;
string sign = resquest._RequestHead.Sign;
string signsafe = GetMD5Str(resquest._RequestHead.UserId + resquest._RequestHead.TimeStamp +
resquest._RequestHead.Version + resquest.RequestBody + resquest._RequestHead.UserKey);
if (sign != signsafe)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
//判断用户名(user_id)和密码在数据中是否是有效状态
bool isError = false;
string errorInfo = isError ? "该用户不存在" : "";
if (!isError)
{
errorInfo = isError ? "该用户已被删除" : "";
}
if (!isError)
{
errorInfo = isError ? "该用户已被禁用" : "";
}
if (!isError)
{
errorInfo = isError ? "该用户密码错误" : "";
}
if (isError)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = errorInfo;
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
//填充参数json
string jsonHeadStr = resquest._RequestHead.ToJson();
string jsonBodyStr = Decrypt(body, EncryptKey);
actionContext.Request.Properties["jsonHeadStr"] = jsonHeadStr;
//actionContext.Request.Properties["jsonBodyStr"] = jsonBodyStr;
if (actionContext.Request.Method == HttpMethod.Post)
{
actionContext.Request.Content = new StringContent(jsonBodyStr, Encoding.UTF8, "application/json");
}
return(continuation());
}
/// <summary>
/// Initializes a new instance of the SimpleExifPropertyFormatter class.
/// </summary>
/// <param name="tagId">The associated PropertyTagId</param>
public SimpleExifPropertyFormatter(PropertyTagId tagId)
{
this.tagId = tagId;
this.displayNameAttribute = CachedAttributeExtractor<PropertyTagId, EnumDisplayNameAttribute>.Instance.GetAttributeForField(this.tagId.ToString());
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0) // 允许匿名访问
{
base.OnActionExecuting(actionContext);
return;
}
ResultMsg resultMsg = new ResultMsg();
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty;
int id = 0;
//httpclient预热会发送HEAD请求
if (method.ToUpper().Equals("HEAD"))
{
return;
}
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("staffkey"))
{
staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
#region 对请求进行验证
if (!method.ToUpper().Equals("POST") &&
!method.ToUpper().Equals("DELETE") &&
!method.ToUpper().Equals("GET") &&
!method.ToUpper().Equals("PUT")
)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
}
#endregion
#region 判断请求头是否包含以下参数
if (
string.IsNullOrEmpty(staffid) ||
!int.TryParse(staffid, out id) ||
string.IsNullOrEmpty(timestamp) ||
string.IsNullOrEmpty(nonce) ||
string.IsNullOrEmpty(staffkey) ||
string.IsNullOrEmpty(signature)
)
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 校验客户端 与服务端 staffId 与 staffKey
string staffidforApi = ConfigurationManager.AppSettings["StaffId_" + staffid];
string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_" + staffid];
if (string.IsNullOrEmpty(staffidforApi) || string.IsNullOrEmpty(staffkeyforApi))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
if (!staffidforApi.Equals(staffid) || !staffkeyforApi.Equals(staffkey))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > ConfigurationManager.AppSettings["UrlExpireTime"].ToInt() * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.URLExpireError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.URLExpireError);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region GetToken方法不需要进行签名验证
if (actionContext.ActionDescriptor.ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.IsSuccess = false;
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
}
#endregion
#region 判断token是否有效
Token token = RedisHelper.Get <Token>(id.ToString());
string signtoken = string.Empty;
if (token == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.TokenInvalid;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.TokenInvalid);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
#endregion
#region 判断签名是否有效
bool result = Validate(timestamp, nonce, id, token.SignToken.ToString(), signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
base.OnActionExecuting(actionContext);
}
