Exemple #1
0
        static void ValidateRequest(HttpRequestBase request)
        {
            var apiKey = request.GetParameter(XAuthApiKeyKey);

            if (string.IsNullOrEmpty(apiKey))
            {
                throw new ApiAuthorizeException("api key is not found");
            }

            var app = Models.AppInfo.Apps.Where(x => x.ApiKey == apiKey).FirstOrDefault();

            if (null == app)
            {
                throw new ApiAuthorizeException("api key is invalid");
            }

            if (Models.AppInfo.AppStatus.Normal != app.Status)
            {
                throw new ApiAuthorizeException("app is invalid");
            }

            //ts
            var timestamp = request.GetParameter(XAuthTimeStampKey);

            if (string.IsNullOrEmpty(timestamp))
            {
                throw new ApiAuthorizeException("timestamp is not found");
            }

            double ts;

            if (!double.TryParse(timestamp, out ts))
            {
                throw new ApiAuthorizeException("timestamp is invalid");
            }

            //timespan 5 min expire
            var      time = DateTimeExtensions.Date1970.AddMilliseconds(ts);
            var      now  = DateTime.UtcNow;
            TimeSpan span = now - time;

            if (Math.Abs(span.TotalMinutes) > TimeSpanDifferInMinute)
            {
                throw new ApiAuthorizeException("request is timeout");
            }

            //nonce
            var nonce = request.GetParameter(XAuthNonceKey);

            if (string.IsNullOrEmpty(nonce))
            {
                throw new ApiAuthorizeException("request nonce is not found");
            }

            if (NonceCache.Contains(nonce))
            {
                throw new ApiAuthorizeException("duplicated request");
            }
            else
            {
                NonceCache.Add(nonce);
            }

            //signature
            var signature = request.GetParameter(XAuthSignatureKey);

            if (string.IsNullOrEmpty(signature))
            {
                throw new ApiAuthorizeException("signature is not found");
            }

            //compute signature
            var method = request.HttpMethod.ToUpper();

            var url = request.Url.AbsoluteUri;

            if (!string.IsNullOrEmpty(request.Url.Query))
            {
                url = url.Replace(request.Url.Query, string.Empty);
            }

            var paramters = new Dictionary <string, string>();

            foreach (var k in request.Form.AllKeys)
            {
                paramters.Add(k, request.Form.Get(k));
            }
            foreach (var k in request.QueryString.AllKeys)
            {
                paramters.Add(k, request.QueryString.Get(k));
            }

            var paramString = string.Join("&", paramters.OrderBy(d => d.Key).Select(d => string.Format("{0}={1}", (d.Key), (d.Value))).ToArray());

            //METHOD&url&paramString&nonce&timestamp&secret
            var source = UrlEncode(method) + "&" +
                         UrlEncode(url) + "&" +
                         UrlEncode(paramString) + "&" +
                         UrlEncode(nonce) + "&" +
                         timestamp + "&" + app.ApiSecret;

            //LogHelper.Info(source);

            var hash = Hashing.ComputeMD5(source);

            if (hash != signature)
            {
                throw new ApiAuthorizeException("signature is invalid");
            }

            //valid request
            //LogHelper.Info(app.Name + "'s request #" + nonce);
        }