public static bool IsValid <TResponse>(this ISignatureRequest request, Func <string, IUser> getUser, string clientIp, out IUser user, out TResponse response) where TResponse : ResponseBase, new()
{
if (clientIp == "localhost" || clientIp == "127.0.0.1")
{
user = null;
response = null;
return(true);
}
if (_isInnerIpEnabled && Ip.Util.IsInnerIp(clientIp))
{
user = null;
response = null;
return(true);
}
if (string.IsNullOrEmpty(request.LoginName))
{
response = ResponseBase.InvalidInput <TResponse>("登录名不能为空");
user = null;
return(false);
}
user = getUser.Invoke(request.LoginName);
if (user == null)
{
string message = "登录名不存在";
if (request.LoginName == "admin")
{
message = "第一次使用,请先设置密码";
}
Write.DevLine($"{request.LoginName} {message}");
response = ResponseBase.NotExist <TResponse>(message);
return(false);
}
if (!request.Timestamp.IsInTime())
{
Write.DevLine($"过期的请求 {request.Timestamp}");
response = ResponseBase.Expired <TResponse>();
return(false);
}
if (request.Sign != request.GetSign(user.Password))
{
string message = "用户名或密码错误";
Write.DevLine($"{request.LoginName} {message}");
response = ResponseBase.Forbidden <TResponse>(message);
return(false);
}
response = null;
return(true);
}
public static bool IsValid <TResponse>(this ISignatureRequest request, Func <string, IUser> getUser, string clientIp, out TResponse response) where TResponse : ResponseBase, new()
{
return(IsValid(request, getUser, clientIp, out _, out response));
}
