/// <summary> /// 验证appId是否被允许 /// </summary> /// <param name="appId"></param> /// <returns></returns> private static AllowCacheApp VerifyAppId(string appId) { AllowCacheApp allowCacheApp = new AllowCacheApp(); if (string.IsNullOrEmpty(appId)) { return(allowCacheApp); } YuebonCacheHelper yuebonCacheHelper = new YuebonCacheHelper(); List <AllowCacheApp> list = yuebonCacheHelper.Get("AllowAppId").ToJson().ToList <AllowCacheApp>(); if (list.Count > 0) { allowCacheApp = list.Where(s => s.AppId == appId).FirstOrDefault(); } return(allowCacheApp); }
/// <summary> /// 全局过滤器验证签名 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> public static CommonResult CheckSign(HttpContext httpContext) { CommonResult result = new CommonResult(); //从http请求的头里面获取参数 var request = httpContext.Request; var appId = ""; //客户端应用唯一标识 string nonce = ""; //随机字符串 var signature = ""; //参数签名,去除空参数,按字母倒序排序进行Md5签名 为了提高传参过程中,防止参数被恶意修改,在请求接口的时候加上sign可以有效防止参数被篡改 long timeStamp; //时间戳, 校验5分钟内有效 try { appId = request.Headers["appId"].SingleOrDefault(); nonce = request.Headers["nonce"].SingleOrDefault(); timeStamp = Convert.ToInt64(request.Headers["timeStamp"].SingleOrDefault()); signature = request.Headers["signature"].SingleOrDefault(); } catch (Exception ex) { result.ErrCode = "40004"; result.ErrMsg = "签名参数异常:" + ex.Message; return(result); } //appId是否为可用的 AllowCacheApp allowCacheApp = VerifyAppId(appId); if (allowCacheApp == null) { result.ErrCode = "40004"; result.ErrMsg = "AppId不被允许访问:" + appId; return(result); } //判断timespan是否有效,请求是否超时 DateTime tonow = timeStamp.UnixTimeToDateTime(); var expires_minute = tonow.Minute - DateTime.Now.Minute; if (expires_minute > 5 || expires_minute < -5) { result.ErrCode = "40004"; result.ErrMsg = "接口请求超时"; return(result); } //根据请求类型拼接参数 NameValueCollection form = HttpUtility.ParseQueryString(request.QueryString.ToString()); var data = string.Empty; if (form.Count > 0) { data = GetQueryString(form); } else { //request.EnableBuffering(); request.Body.Seek(0, SeekOrigin.Begin); Stream stream = request.Body; StreamReader streamReader = new StreamReader(stream); data = streamReader.ReadToEndAsync().Result; request.Body.Seek(0, SeekOrigin.Begin); } YuebonCacheHelper yuebonCacheHelper = new YuebonCacheHelper(); object reqtimeStampCache = yuebonCacheHelper.Get("request_" + timeStamp + nonce); if (reqtimeStampCache != null) { result.ErrCode = "40004"; result.ErrMsg = "无效签名"; return(result); } TimeSpan expiresSliding = DateTime.Now.AddMinutes(120) - DateTime.Now; yuebonCacheHelper.Add("request_" + timeStamp + nonce, timeStamp + nonce, expiresSliding); bool blValidate = Validate(timeStamp.ToString(), nonce, allowCacheApp.AppSecret, data, signature); if (!blValidate) { result.ErrCode = "40004"; result.ErrMsg = "无效签名"; return(result); } else { result.ErrCode = "0"; result.Success = true; return(result); } }