protected bool HandleAuthToken(string token, string empAccount, out ArticleAjaxAuthData authData) { bool isValidToken = true; authData = null; if (string.IsNullOrEmpty(token)) { isValidToken = false; } // decrypt token if (isValidToken) { try { string aesKeyOfBP = ConfigurationManager.AppSettings["AesKeyOfBP"]; string basicIV = ConfigurationManager.AppSettings["AesIV"]; string authJson = AesUtility.Decrypt(token, aesKeyOfBP, basicIV); authData = JsonConvert.DeserializeObject <ArticleAjaxAuthData>(authJson); } catch (Exception ex) { logger.Error("", ex); isValidToken = false; } } // check account if (isValidToken) { if (empAccount != authData.EmpAccount) { isValidToken = false; } } // check postDate if (isValidToken) { if ((DateTime.Now - authData.PostDate).TotalHours >= 24) { isValidToken = false; } } return(isValidToken); }
public override ClientResult ProcessRequest() { ClientResult cr = null; string mdfAccount = c.GetEmpAccount(); if (string.IsNullOrEmpty(mdfAccount)) { cr = new ClientResult() { b = false, err = "invalid login status" }; return(cr); } string token = GetParamValue("token"); ArticleAjaxAuthData authData = null; if (!HandleAuthToken(token, c.GetEmpAccount(), out authData)) { cr = new ClientResult() { b = false, err = "invalid token" }; return(cr); } string artId = GetParamValue("artId"); Guid articleId; if (!Guid.TryParse(artId, out articleId)) { cr = new ClientResult() { b = false, err = "invalid artId" }; return(cr); } string sortField = GetParamValue("sortField"); string strIsSortDesc = GetParamValue("isSortDesc"); bool isSortDesc = false; if (strIsSortDesc == "") { strIsSortDesc = isSortDesc.ToString(); } else { isSortDesc = Convert.ToBoolean(strIsSortDesc); } if (sortField == "") { strIsSortDesc = ""; } ArticlePublisherLogic artPub = new ArticlePublisherLogic(); ArticleUpdateSortFieldOfFrontStageParams param = new ArticleUpdateSortFieldOfFrontStageParams() { ArticleId = articleId, SortFieldOfFrontStage = sortField, IsSortDescOfFrontStage = isSortDesc, MdfAccount = mdfAccount, AuthUpdateParams = new AuthenticationUpdateParams() { CanEditSubItemOfOthers = authData.CanEditSubItemOfOthers, CanEditSubItemOfCrew = authData.CanEditSubItemOfCrew, CanEditSubItemOfSelf = authData.CanEditSubItemOfSelf, MyAccount = c.GetEmpAccount(), MyDeptId = c.GetDeptId() } }; bool result = artPub.UpdateArticleSortFieldOfFrontStage(param); if (result) { SortFieldInfo sortFieldInfo = new SortFieldInfo() { sortField = sortField, isSortDesc = strIsSortDesc }; cr = new ClientResult() { b = true, o = sortFieldInfo }; } else { cr = new ClientResult() { b = false, err = "update failed" }; } return(cr); }
public override ClientResult ProcessRequest() { ClientResult cr = null; string mdfAccount = c.GetEmpAccount(); if (string.IsNullOrEmpty(mdfAccount)) { cr = new ClientResult() { b = false, err = "invalid login status" }; return(cr); } string token = GetParamValue("token"); ArticleAjaxAuthData authData = null; if (!HandleAuthToken(token, c.GetEmpAccount(), out authData)) { cr = new ClientResult() { b = false, err = "invalid token" }; return(cr); } string artId = GetParamValue("artId"); Guid articleId; if (!Guid.TryParse(artId, out articleId)) { cr = new ClientResult() { b = false, err = "invalid artId" }; return(cr); } string areaName = GetParamValue("areaName"); bool isShow = Convert.ToBoolean(GetParamValue("isShow")); ArticlePublisherLogic artPub = new ArticlePublisherLogic(); ArticleUpdateIsAreaShowInFrontStageParams param = new ArticleUpdateIsAreaShowInFrontStageParams() { ArticleId = articleId, AreaName = areaName, IsShowInFrontStage = isShow, MdfAccount = mdfAccount, AuthUpdateParams = new AuthenticationUpdateParams() { CanEditSubItemOfOthers = authData.CanEditSubItemOfOthers, CanEditSubItemOfCrew = authData.CanEditSubItemOfCrew, CanEditSubItemOfSelf = authData.CanEditSubItemOfSelf, MyAccount = c.GetEmpAccount(), MyDeptId = c.GetDeptId() } }; bool result = artPub.UpdateArticleIsAreaShowInFrontStage(param); if (result) { cr = new ClientResult() { b = true }; } else { cr = new ClientResult() { b = false, err = "update failed" }; } return(cr); }