/// <summary> /// GET /// </summary> /// <param name="context"></param> /// <param name="partner"></param> /// <param name="queryDic"></param> private void GetExecuting(ActionExecutingContext context, Partner partner, IDictionary <string, string> queryDic) { //如果为编辑权限或管理权限,则必须检测数字签名 if (Code == Role.Editor || Code == Role.Admin) { if (string.IsNullOrEmpty(partner.Sign)) { context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数Sign缺失"); return; } var s = Strings.SignRequest(queryDic, partner.Authorize.AppSecret); if (partner.Sign != s) { context.Result = ActionResultHelper.Error(ResultCode.SignException, "未通过签名验证,请检查签名的参数和顺序是否正确"); return; } } //是否有权限访问 bool powerSuccess = CheckModulePower(partner); //权限 if (!powerSuccess) { context.Result = ActionResultHelper.Error(ResultCode.AuthorizationFailed, "模块权限不足"); return; } }
/// <summary> /// POST /// </summary> /// <param name="context"></param> /// <param name="partner"></param> /// <param name="queryDic"></param> private void PostExecuting(ActionExecutingContext context, Partner partner, IDictionary <string, string> queryDic) { var request = context.HttpContext.Request; if (string.IsNullOrEmpty(partner.Sign)) { context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数Sign缺失"); return; } //采用协调世界时进行校验(接口请求时同样采用协调世界时处理) if (partner.Timestamp.AddMinutes(5) < DateTime.Now.ToUniversalTime()) { context.Result = ActionResultHelper.Error(ResultCode.RequestExpires, "API请求时间超时,服务过期,请检查Timestamp或同步服务器时间"); return; } if (partner.Authorize == null) { context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, "模块授权信息不存在"); return; } queryDic.Remove(RequestParameterNames.Sign); try { var data = request.Form; var dic = new Dictionary <string, string>(); foreach (var item in data) { if (!queryDic.ContainsKey(item.Key)) { queryDic.Add(item.Key, item.Value[0]); } } } catch (Exception ex) { //ex context.Result = ActionResultHelper.Error(ResultCode.DataException, "request.Form 获取表单数据异常"); return; } var s = Strings.SignRequest(queryDic, partner.Authorize.AppSecret ?? string.Empty); if (partner.Sign != s) { context.Result = ActionResultHelper.Error(ResultCode.SignException, "未通过签名验证,请检查签名的参数和顺序是否正确"); return; } //是否有权限访问 bool powerSuccess = CheckModulePower(partner); //权限 if (!powerSuccess) { context.Result = ActionResultHelper.Error(ResultCode.AuthorizationFailed, "模块权限不足"); return; } }
public override void OnActionExecuting(ActionExecutingContext context) { var request = context.HttpContext.Request; var method = request.Method; IDictionary <string, string> queryDic = Strings.SplitUrlQuery(request.QueryString.Value); if (queryDic == null) { context.Result = ActionResultHelper.Error(ResultCode.ParametersMissing, "URL参数缺失"); return; } #region //合作者身份 Partner partner = new Partner { Timestamp = DateTime.Parse("1970-01-01").ToUniversalTime() }; foreach (var item in queryDic) { if (item.Key == RequestParameterNames.Sign) { partner.Sign = item.Value; } if (item.Key == RequestParameterNames.PartnerId) { partner.PartnerId = item.Value; } if (item.Key == RequestParameterNames.Timestamp) { long ticks = 0; long.TryParse(item.Value, out ticks); partner.Timestamp = DateTime.FromBinary(ticks); } } #endregion if (string.IsNullOrEmpty(partner.PartnerId)) { context.Result = ActionResultHelper.Error(ResultCode.ParametersError, "必须参数PartnerId缺失"); return; } #region 授权信息 var moduleInfo = new System_ModuleAuthorize(); try { moduleInfo = ModuleAuthorizeCache.GetSecret(partner.PartnerId); } catch (Exception ex) { // 记录授权异常信息。 Td.Diagnostics.Logger.Error(ex); context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, ex.Message); return; } if (moduleInfo == null) { context.Result = ActionResultHelper.Error(ResultCode.GetModuleException, "模块授权信息不存在"); return; } partner.Authorize = moduleInfo; #endregion if (method == "POST") { PostExecuting(context, partner, queryDic); } else if (method == "GET") { GetExecuting(context, partner, queryDic); } else { context.Result = ActionResultHelper.Error(ResultCode.RequestModeInvalid, "请求的模式不正确"); return; } UpdateHttpContextItems(context.HttpContext, queryDic); }