public ActionResult ResourceModel(string modelName)
{
if (string.IsNullOrEmpty(modelName))
{
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
var modelDescriptionGenerator = _configuration.GetModelDescriptionGenerator();
ModelDescription modelDescription;
if (modelDescriptionGenerator.GeneratedModels.TryGetValue(modelName, out modelDescription))
{
return(PartialView(modelDescription));
}
if (!TryInitialize())
{
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
// retry
if (modelDescriptionGenerator.GeneratedModels.TryGetValue(modelName, out modelDescription))
{
return(PartialView(modelDescription));
}
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
public async Task <ActionResult> Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
var applicationUserCreateOptions = _mapping.Map <ApplicationUserCreateOptions>(model);
var result = await _membershipService.CreateUser(applicationUserCreateOptions).ConfigureAwait(false);
if (result.Succeeded)
{
var user = await _membershipService.GetUser(model.Email).ConfigureAwait(false);
await _applicationSignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);
// For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
// Send an email with this link
// string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
// var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
// await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a>");
return(JsonResultEx.Create());
}
AddErrors(result);
}
return(JsonResultEx.Create(ModelState));
}
public async Task <ActionResult> Index(ApplicationUserQueryViewModel model)
{
var applicationUserQueryOptions = _mapping.Map <ApplicationUserQueryOptions>(model);
var applicationUsers = await _membershipService.GetUsers(applicationUserQueryOptions).ToPagedListAsync(model).ConfigureAwait(false);
var viewModel = _mapping.Map <PagedListViewModel <ApplicationUserListViewModel> >(applicationUsers);
return(JsonResultEx.Create(viewModel));
}
public ActionResult Api(string apiId)
{
if (string.IsNullOrEmpty(apiId))
{
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
var apiModel = _configuration.GetHelpPageApiModel(apiId);
if (apiModel != null)
{
return(PartialView(apiModel));
}
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
public async Task <ActionResult> Edit(Guid id)
{
var applicationUser = await _membershipService.GetUser(id).ConfigureAwait(false);
if (applicationUser == null)
{
return(JsonResultEx.Create(HttpStatusCode.NotFound));
}
return(JsonResultEx.Create(new
{
RoleList = await _membershipService.GetRoles().Select(x => x.Name).ToListAsync().ConfigureAwait(false),
ClaimList = await _membershipService.GetClaimTypes().ToListAsync().ConfigureAwait(false),
Model = _mapping.Map <ApplicationUserViewModel>(applicationUser)
}));
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(JsonResultEx.Create(ModelState));
}
var result = await _applicationSignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false).ConfigureAwait(false);
switch (result)
{
case SignInStatus.Success:
return(JsonResultEx.Create());
case SignInStatus.LockedOut:
case SignInStatus.RequiresVerification:
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return(JsonResultEx.Create(ModelState));
}
}
public async Task <ActionResult> Password(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(JsonResultEx.Create(ModelState));
}
var result = await _applicationUserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword).ConfigureAwait(false);
if (result.Succeeded)
{
var user = await _applicationUserManager.FindByIdAsync(User.Identity.GetUserId()).ConfigureAwait(false);
if (user != null)
{
await _applicationSignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false).ConfigureAwait(false);
}
return(JsonResultEx.Create());
}
AddErrors(result);
return(JsonResultEx.Create(ModelState));
}
public async Task <ActionResult> Update(Guid id, ApplicationUserUpdateViewModel model)
{
if (!ModelState.IsValid)
{
return(JsonResultEx.Create(ModelState));
}
// create role if not exists
model.Roles = (model.Roles ?? new List <string>()).Distinct();
var roles = await _membershipService.GetRoles().Select(x => x.Name).ToListAsync().ConfigureAwait(false);
foreach (var role in model.Roles)
{
if (!roles.Contains(role))
{
await _membershipService.CreateRole(role);
}
}
var applicationUserUpdateOptions = _mapping.Map <ApplicationUserUpdateOptions>(model, options => options.Items.Add(nameof(id), id));
var result = await _membershipService.UpdateUser(applicationUserUpdateOptions).ConfigureAwait(false);
return(JsonResultEx.Create(result));
}
public ActionResult LogOff()
{
_authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return(JsonResultEx.Create());
}
public ActionResult CurrentUser()
{
var currentUser = _mapping.Map <CurrentUserViewModel>(User.Identity);
return(JsonResultEx.Create(currentUser));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var currentController = ((Controller)filterContext.Controller);
if (!currentController.ModelState.IsValid)
{
var errorMessageBuilder = new StringBuilder();
var errorMessage = string.Empty;
currentController.ModelState.Values.Select(value => value.Errors.Select(error =>
{
if (!error.ErrorMessage.IsNullOrEmpty())
{
errorMessageBuilder.AppendLine(error.ErrorMessage);
}
else
{
errorMessageBuilder.AppendLine(ExceptionHelper.Build(error.Exception));
}
return(error);
}).Count()).Count();
#region 再次验证
errorMessage = errorMessageBuilder.ToString().ToLower();
//.Replace("script", "");
int sindex = errorMessage.IndexOf('<');
int eindex = errorMessage.IndexOf('>');
for (int i = 0; i < eindex - sindex; i += 5)
{
errorMessage = errorMessage.Replace("script", "");
}
//errorMessage = errorMessageBuilder.ToString();
#endregion
if (errorMessage.EndsWith("\r\n"))
{
errorMessage = errorMessage.TrimEnd("\r\n".ToCharArray());
}
if (currentController.Request.ContentType.Contains("/json") || currentController.Request.Url.ToString().ToLower().Contains("/api/") || currentController.ToString().ToLower().StartsWith("dupont.api") || currentController.ToString().ToLower().StartsWith("dupont.presentation") || currentController.ToString().ToLower().StartsWith("dupont.controllers"))
{
var jsonResult = new JsonResultEx();
var responseResult = new ResponseResult <object>()
{
IsSuccess = false, Message = errorMessage
};
responseResult.State.Id = (int)ResponseStatusCode.ExpectError;
responseResult.State.Description = ResponseStatusCode.ExpectError.GetDescription();
jsonResult.Data = responseResult;
filterContext.Result = jsonResult;
}
else
{
currentController.TempData["Error"] = errorMessage;
filterContext.Result = new ViewResult {
ViewName = null, MasterName = null, ViewData = currentController.ViewData, TempData = currentController.TempData, ViewEngineCollection = currentController.ViewEngineCollection
};
}
}
foreach (var item in currentController.Request.Headers.AllKeys)
{
if (item.ToLower().Contains("referer"))
{
var referer = currentController.Request.Headers.Get("Referer");
int sindex = referer.ToString().IndexOf("//");
int eindex = referer.ToString().IndexOf('/', sindex + 2);
string refererhost = null;
if (eindex != -1)
{
refererhost = referer.ToString().Substring(sindex + 2, eindex - (sindex + 2));
}
else
{
refererhost = referer.ToString().Substring(sindex + 2);
}
if (refererhost != currentController.Request.Headers.Get("Host"))
{
currentController.TempData["Error"] += "禁止CSRF";
currentController.Response.StatusCode = 500;
filterContext.Result = new ViewResult {
ViewName = null, MasterName = null, ViewData = currentController.ViewData, TempData = currentController.TempData, ViewEngineCollection = currentController.ViewEngineCollection
};
currentController.HttpContext.Items[DataKey.RemoveSessionCookie] = "yes";
}
}
else if (item.ToLower().Contains("x-forwarded-for"))
{
currentController.Request.Headers.Set("X-Forwarded-For", "");
currentController.TempData["Error"] += "禁止XFF";
currentController.Response.StatusCode = 500;
filterContext.Result = new ViewResult {
ViewName = null, MasterName = null, ViewData = currentController.ViewData, TempData = currentController.TempData, ViewEngineCollection = currentController.ViewEngineCollection
};
currentController.HttpContext.Items[DataKey.RemoveSessionCookie] = "yes";
}
}
if (!(currentController.Request.Url.LocalPath.ToLower() == "/account/login" || currentController.Request.Url.LocalPath.ToLower() == "/"))
{
NameValueCollection parames = new NameValueCollection();
if (currentController.Request.Url.LocalPath.ToLower().IndexOf("form") == -1)
{
parames.Add(currentController.Request.QueryString);
}
if (currentController.Request.Url.LocalPath.ToLower() != "/learngarden/addarticle")
{
parames.Add(currentController.Request.Form);
}
foreach (var item in parames)
{
string inputparams = currentController.Request[item.ToString()].ToString();
if (!ValidateSqlStr(inputparams))
{
currentController.TempData["Error"] += "禁止脚本注入";
currentController.Response.StatusCode = 500;
filterContext.Result = new ViewResult {
ViewName = null, MasterName = null, ViewData = currentController.ViewData, TempData = currentController.TempData, ViewEngineCollection = currentController.ViewEngineCollection
};
}
}
}
base.OnActionExecuting(filterContext);
}
