Example #1
0
        private static bool IsValidUser(
            ClientSignData clientSign, ISignableData data, bool isLoginAction,
            out ResponseBase response, out UserData user)
        {
            user = null;
            if (!AppRoot.UserSet.IsReadied)
            {
                string message = "服务器用户集启动中,请稍后";
                response = ResponseBase.NotExist(message);
                return(false);
            }
            if (!Timestamp.IsInTime(clientSign.Timestamp))
            {
                response = ResponseBase.Expired();
                return(false);
            }
            if (!string.IsNullOrEmpty(clientSign.LoginName))
            {
                user = AppRoot.UserSet.GetUser(clientSign.UserId);
            }
            if (user == null)
            {
                string message = "用户不存在";
                response = ResponseBase.NotExist(message);
                return(false);
            }
            if (isLoginAction)
            {
                if (!AppRoot.UserSet.CheckLoginTimes(clientSign.LoginName))
                {
                    response = ResponseBase.Forbidden("对不起,您的尝试太过频繁");
                    return(false);
                }
            }
            string mySign = HashUtil.CalcSign(user.LoginName, user.Password, clientSign.Timestamp, data);

            if (clientSign.Sign != mySign)
            {
                string message = "签名错误:1. 可能因为登录名或密码错误;2. 可能因为软件版本过期需要升级软件。";
                response = ResponseBase.Forbidden(message);
                return(false);
            }
            response = null;
            return(true);
        }