public override void OnActionExecuting(HttpActionContext actionContext)
{
var request = actionContext.Request;
var token = request.Headers.GetValues("Authorization").FirstOrDefault();
token = token.Substring(token.IndexOf(" ") + 1);
JwtPayload payload = JsonConvert.DeserializeObject <JwtPayload>(JwtHelper.VerifyToken(token).ToString());
if (payload.UserName != UserName)
{
var staff = new StaffDao().DetailEntryById(payload.UserId).FirstOrDefault();
IList <string> pers = new BaseDataDao().QueryRoleHasPermissions(staff.FROLEID);
if (!pers.Contains(PerName))
{
throw new System.Exception("no action permission");
}
}
base.OnActionExecuting(actionContext);
}
public Response Login(LoginVO vo)
{
if (vo.Phone == "administrator")
{
//反转字符串
var array = vo.Noncestr.ToCharArray();
Array.Reverse(array);
var key = new string(array);
// md5加密
var md5 = new MD5CryptoServiceProvider();
byte[] output1 = md5.ComputeHash(Encoding.Default.GetBytes(key));
var keyStr = BitConverter.ToString(output1).Replace("-", "").ToLower();
var ivChar = keyStr.ToCharArray();
Array.Reverse(ivChar);
var iv = new string(ivChar);
byte[] output2 = md5.ComputeHash(Encoding.Default.GetBytes(iv));
var ivStr = BitConverter.ToString(output2).Replace("-", "").ToLower().Substring(0, 16);
//密码解密
var password = AES256Helper.Decrypt(vo.Password, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr));
var isSuccess = BouncyCastleHashing.ValidatePassword(password, ADMIN_DEFAULT_SALT, ADMIN_DEFAULT_PWD);
if (isSuccess)
{
var token = JwtHelper.GenerateToken(-1, "administrator", 2);
var user = new
{
userId = -1,
userName = "******",
channelName = "系统管理员",
roleId = -1,
channelId = -1,
XCXOPENID = "-1",
auth = AuthorityService.GenerateVueMenu(0, true)
};
//生成keyStr
var nonceStr = TimeStampHelper.ToTimeStamp(DateTime.Now) / 50 * 90;
byte[] output3 = md5.ComputeHash(Encoding.UTF8.GetBytes(nonceStr.ToString()));
var keyStr2 = BitConverter.ToString(output3).Replace("-", "").ToLower();
//反转keyStr 生成 ivStr
var ivChar2 = keyStr2.ToCharArray();
Array.Reverse(ivChar2);
var iv2 = new string(ivChar2);
byte[] output4 = md5.ComputeHash(Encoding.UTF8.GetBytes(iv2));
var ivStr2 = BitConverter.ToString(output4).Replace("-", "").ToLower().Substring(0, 16);
//加密
var payload = AES256Helper.Encrypt(JsonConvert.SerializeObject(user), Encoding.UTF8.GetBytes(keyStr2), Encoding.UTF8.GetBytes(ivStr2));
return(new Response
{
Result = new
{
token,
payload,
noncestr = nonceStr,
vueRouter = AuthorityService.GenerateVueRouter(0, true)
}
});
}
else
{
return(new Response
{
Errcode = ExceptionHelper.UNKNOWN,
Errmsg = "密码错误!"
});
}
}
else
{
dynamic staff = StaffService.QuerySystemUserByPhoneNumber(vo.Phone);
if (staff == null)
{
return(new Response
{
Errcode = 10000,
Errmsg = "用户不存在或已被禁用"
});
}
else
{
//反转字符串
var array = vo.Noncestr.ToCharArray();
Array.Reverse(array);
var key = new string(array);
// md5加密
var md5 = new MD5CryptoServiceProvider();
byte[] output1 = md5.ComputeHash(Encoding.Default.GetBytes(key));
var keyStr = BitConverter.ToString(output1).Replace("-", "").ToLower();
var ivChar = keyStr.ToCharArray();
Array.Reverse(ivChar);
var iv = new string(ivChar);
byte[] output2 = md5.ComputeHash(Encoding.Default.GetBytes(iv));
var ivStr = BitConverter.ToString(output2).Replace("-", "").ToLower().Substring(0, 16);
//密码解密
var password = AES256Helper.Decrypt(vo.Password, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr));
var isSuccess = BouncyCastleHashing.ValidatePassword(password, (string)staff["SALT"], (string)staff["PASSWORD"]);
if (isSuccess)
{
var token = JwtHelper.GenerateToken((int)staff["FID"], (string)staff["FJOB"], 2);
var user = new
{
userId = (int)staff["FID"],
userName = (string)staff["FNAME"],
channelName = (string)staff["CHANNELNAME"],
channelCode = (string)staff["FCHANNELCODE"],
channelId = (int)staff["FCHANNELID"],
customerId = (int)staff["FCUSTOMERID"],
channelTypeId = (int)staff["FCHANNELTYPEID"],
channelTypeName = (string)staff["FCHANNELTYPENAME"],
roleId = (int)staff["FROLEID"],
modules = BaseDataDao.QueryRoleHasModules((int)staff["FROLEID"]).Select(x => x.FNAME).ToList(),
pers = BaseDataDao.QueryRoleHasPermissions((int)staff["FROLEID"]),
auth = AuthorityService.GenerateVueMenu((int)staff["FROLEID"], false),
XCXOPENID = (string)staff["XCXOPENID"],
FMOBILE = (string)staff["FMOBILE"]
};
//生成keyStr
var nonceStr = TimeStampHelper.ToTimeStamp(DateTime.Now) / 50 * 90;
byte[] output3 = md5.ComputeHash(Encoding.UTF8.GetBytes(nonceStr.ToString()));
var keyStr2 = BitConverter.ToString(output3).Replace("-", "").ToLower();
//反转keyStr 生成 ivStr
var ivChar2 = keyStr2.ToCharArray();
Array.Reverse(ivChar2);
var iv2 = new string(ivChar2);
byte[] output4 = md5.ComputeHash(Encoding.UTF8.GetBytes(iv2));
var ivStr2 = BitConverter.ToString(output4).Replace("-", "").ToLower().Substring(0, 16);
//加密
var payload = AES256Helper.Encrypt(JsonConvert.SerializeObject(user), Encoding.UTF8.GetBytes(keyStr2), Encoding.UTF8.GetBytes(ivStr2));
return(new Response
{
Result = new
{
token,
payload,
noncestr = nonceStr,
vueRouter = AuthorityService.GenerateVueRouter(user.roleId, false)
}
});
}
else
{
return(new Response
{
Errcode = ExceptionHelper.UNKNOWN,
Errmsg = "密码错误!"
});
}
}
}
}
/// <summary>
/// 微信小程序用户注册
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public object WxRegister(string wxCode, ChannelStaffVO vo)
{
HttpClient client = new HttpClient();
string url = "https://api.weixin.qq.com/sns/jscode2session?appid={0}&secret={1}&js_code={2}&grant_type=authorization_code";
url = string.Format(url, AppId, Secret, wxCode);
HttpResponseMessage response = client.GetAsync(url).Result;
response.EnsureSuccessStatusCode();
string msg = response.Content.ReadAsStringAsync().Result;
dynamic data = JsonConvert.DeserializeObject <dynamic>(msg);
if (data.errcode == null)
{
try
{
var openid = (string)data.openid;
//查询手机号是否已注册
dynamic staff = StaffService.QueryWxappUserByPhoneNumber(vo.FMOBILE);
if (staff != null)
{
return(new
{
Result = 0
});
}
vo.FWECHAT = openid;
vo.FENABLE = '1';
vo.FTELE = string.Empty;
vo.FCREATEDATE = System.DateTime.Now;
vo.FMODIFYDATE = System.DateTime.Now;
vo.FCREATORID = 0;
vo.FMODIFIERID = 0;
vo.FQQ = string.Empty;
ChannelStaffLVO staffLVO = new ChannelStaffLVO
{
FNAME = "微信注册用户",
FJOB = "门店客户",
FREMARK = string.Empty,
FROLEID = 3027
};
vo.ChannelStaffLVOs = staffLVO;
StaffService.Save(vo);
NHSessionProvider.GetCurrentSession().Flush();
dynamic temp = StaffService.QueryWxappUserByPhoneNumber(vo.FMOBILE);
var token = JwtHelper.GenerateToken((int)temp["FID"], (string)temp["FJOB"], 2);
var user = new
{
userId = (int)temp["FID"],
userName = (string)temp["FNAME"],
channelName = (string)temp["CHANNELNAME"],
channelCode = (string)temp["FCHANNELCODE"],
channelId = (int)temp["FCHANNELID"],
customerId = (int)temp["FCUSTOMERID"],
channelTypeId = (int)temp["FCHANNELTYPEID"],
channelTypeName = (string)temp["FCHANNELTYPENAME"],
modules = BaseDataDao.QueryRoleHasModules((int)temp["FROLEID"]).Select(x => x.FNAME).ToList(),
pers = BaseDataDao.QueryRoleHasPermissions((int)temp["FROLEID"])
};
var encryptStr = new
{
Openid = openid,
Desc = "NEB_DH2.2019"
};
return(new
{
Result = new
{
token,
user
//id = temp["FID"],
////IsOrg = 1,
//channelid = temp["FCHANNELID"],
//channelname = temp["CHANNELNAME"],
//Token = AES256Helper.Encrypt(JsonConvert.SerializeObject(encryptStr))
}
});
}
catch (Exception ex)
{
return(new
{
ErrMsg = ex.Message
});
}
}
else
{
return(new
{
ErrMsg = (string)data.errmsg
});
}
}
