public async Task <HttpResponseMessage> GetToken(string staffId)
{
return(await Task.Run(() =>
{
ResultMsg resultMsg = new ResultMsg();
int id = 0;
//判断参数是否合法
if (string.IsNullOrEmpty(staffId) || (!int.TryParse(staffId, out id)))
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
}
else
{
//插入缓存
Token token = RedisHelper.Get <Token>(id.ToString());
if (token == null)
{
token = new Token();
token.StaffId = id;
token.SignToken = Guid.NewGuid();
token.ExpireTime = DateTime.Now.AddDays(1);
RedisHelper.Set(token.StaffId.ToString(), token, token.ExpireTime);
}
//返回token信息
resultMsg.Data = token;
}
return resultMsg.ToJson().ResponseMessage();
}));
}
public async Task Invoke(DownstreamContext context)
{
await _next.Invoke(context);
if (context.IsError)
{
var errmsg = context.Errors[0].Message;
int httpstatus = _codeMapper.Map(context.Errors);
var errResult = new ResultMsg()
{
Success = false, Code = httpstatus, Msg = errmsg
};
var message = errResult.ToJson().ToLower();
context.HttpContext.Response.ContentType = "application/json;charset=utf-8";
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK;
await context.HttpContext.Response.WriteAsync(message);
return;
}
else if (context.DownstreamResponse == null)//如果管道强制终止,不做任何处理,修复未将对象实例化错误
{
}
else // 继续请求下游地址返回
{
Logger.LogDebug("no pipeline errors, setting and returning completed response");
await _responder.SetResponseOnHttpContext(context.HttpContext, context.DownstreamResponse);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ResultMsg resultMsg = new ResultMsg();
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty;
int id = 0;
//httpclient预热会发送HEAD请求
if (method.ToUpper().Equals("HEAD"))
{
return;
}
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("staffkey"))
{
staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
#region 判断请求头是否包含以下参数
if (
string.IsNullOrEmpty(staffid) ||
!int.TryParse(staffid, out id) ||
string.IsNullOrEmpty(timestamp) ||
string.IsNullOrEmpty(nonce) ||
string.IsNullOrEmpty(staffkey)
)//|| string.IsNullOrEmpty(signature)
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 得到管理员后台 staffId 与 staffKey
string staffidforApi = ConfigurationManager.AppSettings["StaffId_1001"];
string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_1001"];
string staffidforSceneicApi = ConfigurationManager.AppSettings["StaffId_1006"];
string staffkeyforSceneicApi = ConfigurationManager.AppSettings["StaffKey_1006"];
if (
!(staffidforApi.Equals(staffid) && staffkeyforApi.Equals(staffkey)) &&
!(staffidforSceneicApi.Equals(staffid) && staffkeyforSceneicApi.Equals(staffkey))
)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
base.OnActionExecuting(actionContext);
}
public virtual Task <System.Net.Http.HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <System.Net.Http.HttpResponseMessage> > continuation)
{
ResultMsg resultMsg = new ResultMsg();
var task = actionContext.Request.Content.ReadAsStreamAsync();
string content = string.Empty; //加密内容
using (System.IO.Stream sm = task.Result)
{
if (sm != null)
{
sm.Seek(0, SeekOrigin.Begin);
int len = (int)sm.Length;
byte[] inputByts = new byte[len];
sm.Read(inputByts, 0, len);
sm.Close();
content = Encoding.UTF8.GetString(inputByts);
}
}
string method = actionContext.Request.Method.Method;
if (method.ToLower() != "post")
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
TuLvRequest resquest = Json.ToObject <TuLvRequest>(content);
string body = resquest.RequestBody;
string userId = resquest._RequestHead.UserId;
string userKey = resquest._RequestHead.UserKey;
string sign = resquest._RequestHead.Sign;
string signsafe = GetMD5Str(resquest._RequestHead.UserId + resquest._RequestHead.TimeStamp +
resquest._RequestHead.Version + resquest.RequestBody + resquest._RequestHead.UserKey);
if (sign != signsafe)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
//判断用户名(user_id)和密码在数据中是否是有效状态
bool isError = false;
string errorInfo = isError ? "该用户不存在" : "";
if (!isError)
{
errorInfo = isError ? "该用户已被删除" : "";
}
if (!isError)
{
errorInfo = isError ? "该用户已被禁用" : "";
}
if (!isError)
{
errorInfo = isError ? "该用户密码错误" : "";
}
if (isError)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = errorInfo;
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
return(continuation());
}
//填充参数json
string jsonHeadStr = resquest._RequestHead.ToJson();
string jsonBodyStr = Decrypt(body, EncryptKey);
actionContext.Request.Properties["jsonHeadStr"] = jsonHeadStr;
//actionContext.Request.Properties["jsonBodyStr"] = jsonBodyStr;
if (actionContext.Request.Method == HttpMethod.Post)
{
actionContext.Request.Content = new StringContent(jsonBodyStr, Encoding.UTF8, "application/json");
}
return(continuation());
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0) // 允许匿名访问
{
base.OnActionExecuting(actionContext);
return;
}
ResultMsg resultMsg = new ResultMsg();
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty;
int id = 0;
//httpclient预热会发送HEAD请求
if (method.ToUpper().Equals("HEAD"))
{
return;
}
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("staffkey"))
{
staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
#region 对请求进行验证
if (!method.ToUpper().Equals("POST") &&
!method.ToUpper().Equals("DELETE") &&
!method.ToUpper().Equals("GET") &&
!method.ToUpper().Equals("PUT")
)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
}
#endregion
#region 判断请求头是否包含以下参数
if (
string.IsNullOrEmpty(staffid) ||
!int.TryParse(staffid, out id) ||
string.IsNullOrEmpty(timestamp) ||
string.IsNullOrEmpty(nonce) ||
string.IsNullOrEmpty(staffkey) ||
string.IsNullOrEmpty(signature)
)
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 校验客户端 与服务端 staffId 与 staffKey
string staffidforApi = ConfigurationManager.AppSettings["StaffId_" + staffid];
string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_" + staffid];
if (string.IsNullOrEmpty(staffidforApi) || string.IsNullOrEmpty(staffkeyforApi))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
if (!staffidforApi.Equals(staffid) || !staffkeyforApi.Equals(staffkey))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > ConfigurationManager.AppSettings["UrlExpireTime"].ToInt() * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.URLExpireError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.URLExpireError);
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region GetToken方法不需要进行签名验证
if (actionContext.ActionDescriptor.ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError);
resultMsg.IsSuccess = false;
resultMsg.Data = "";
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
}
#endregion
#region 判断token是否有效
Token token = RedisHelper.Get <Token>(id.ToString());
string signtoken = string.Empty;
if (token == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.TokenInvalid;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.TokenInvalid);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
#endregion
#region 判断签名是否有效
bool result = Validate(timestamp, nonce, id, token.SignToken.ToString(), signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError;
resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError);
resultMsg.Data = "";
resultMsg.IsSuccess = false;
actionContext.Response = resultMsg.ToJson().ResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
#endregion
base.OnActionExecuting(actionContext);
}
