public static string GetAuth(this IHasMobileRequestHead mobileRequest, IHttpRequest request)
{
if (request != null && request.OriginalRequest != null)
{
try
{
string auth = null;
if (request.OriginalRequest is HttpRequest)
{
auth = GetCookieValue(request.OriginalRequest as HttpRequest, MobileAuthCookieKey);
}
else if (request.OriginalRequest is HttpListenerRequest)
{
auth = GetCookieValue(request.OriginalRequest as HttpListenerRequest, MobileAuthCookieKey);
}
if (auth != null)
{
return(auth);
}
}
catch { }
}
if (mobileRequest == null || mobileRequest.head == null || string.IsNullOrWhiteSpace(mobileRequest.head.auth))
{
return(null);
}
return(mobileRequest.head.auth);
}
public static void AddExtensionData(this IHasMobileRequestHead request, string name, string value)
{
if (request == null || name == null)
{
return;
}
if (request.head == null)
{
request.head = new MobileRequestHead();
}
if (request.head.extension == null)
{
request.head.extension = new List <ExtensionFieldType>();
}
List <ExtensionFieldType> existed = request.head.extension.Where(i => i != null && i.name == name).ToList();
foreach (ExtensionFieldType exitedItem in existed)
{
request.head.extension.Remove(exitedItem);
}
request.head.extension.Add(
new ExtensionFieldType()
{
name = name,
value = value
});
}
private static void AddRequestInfoToResponseStatus(IHttpRequest httpReq, IHasResponseStatus responseObject)
{
if (httpReq == null || responseObject == null)
return;
var traceIdString = httpReq.Headers[ServiceUtils.TRACE_ID_HTTP_HEADER];
if (!string.IsNullOrWhiteSpace(traceIdString))
responseObject.AddExtensionData(ServiceUtils.TRACE_ID_HTTP_HEADER, traceIdString);
IHasMobileRequestHead mobileRequest = httpReq.RequestObject as IHasMobileRequestHead;
if (mobileRequest != null)
{
foreach (string extensionKey in ServiceUtils.MobileWriteBackExtensionKeys)
{
string extensionData = mobileRequest.GetExtensionData(extensionKey);
if (extensionData != null)
responseObject.AddExtensionData(extensionKey, extensionData);
}
}
if (httpReq.IsH5GatewayRequest())
{
foreach (string key in httpReq.Headers.Keys)
{
string refinedKey = key.ToLower();
if (refinedKey.StartsWith(ServiceUtils.H5GatewayResponseDataHeaderPrefix))
{
string value = httpReq.Headers[key];
refinedKey = key.Substring(ServiceUtils.H5GatewayResponseDataHeaderPrefix.Length);
if (!string.IsNullOrWhiteSpace(refinedKey))
responseObject.AddExtensionData(refinedKey, value);
}
}
}
}
internal static string GetSAuth(this IHasMobileRequestHead mobileRequest)
{
if (mobileRequest == null || mobileRequest.head == null)
{
return(null);
}
return(mobileRequest.head.sauth);
}
private void AddAuthResponseData(IHttpRequest req, IHasMobileRequestHead mobileRequest, ValidateAndGetNewTokenResponse response)
{
mobileRequest.AddExtensionData(ServiceUtils.MobileAuthTokenExtensionKey, response.NewToken);
mobileRequest.AddExtensionData(MobileRequestUtils.MobileAuthLoginTypeExtensionKey, response.LoginType);
bool isNonMemberAuthLoginType = MobileRequestUtils.IsNonMemberAuthLoginType(response.LoginType);
if (string.IsNullOrWhiteSpace(response.UserID))
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + "'MobileAuthService' service returned null or white space UserID!");
}
if (!isNonMemberAuthLoginType)
{
mobileRequest.AddExtensionData(ServiceUtils.MobileUserIdExtensionKey, response.UserID);
mobileRequest.AddExtensionData(ServiceUtils.MobileIsMemberAuthExtensionKey, bool.TrueString);
if (mobileRequest.head != null)
{
mobileRequest.head.auth = response.NewToken;
}
return;
}
if (!IsPayment)
{
if (!AllowNonMemberAuth)
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Non-Member auth mode is unsupported!");
}
if (string.IsNullOrWhiteSpace(response.LoginName))
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterNonMemberAuthException("OperationName: " + req.OperationName + ". Non-Member auth returned null or white space [LoginName] by 'MobileAuthService' service!");
}
}
mobileRequest.AddExtensionData(ServiceUtils.MobileUserIdExtensionKey, response.UserID);
mobileRequest.AddExtensionData(ServiceUtils.MobileUserPhoneExtensionKey, response.LoginName);
mobileRequest.AddExtensionData(ServiceUtils.MobileIsNonMemberAuthExtensionKey, bool.TrueString);
if (mobileRequest.head != null)
{
mobileRequest.head.auth = response.NewToken;
}
}
public static string GetExtensionData(this IHasMobileRequestHead request, string name)
{
if (request == null || request.head == null || request.head.extension == null || name == null)
{
return(null);
}
ExtensionFieldType field = request.head.extension.Where(i => i != null && i.name == name).LastOrDefault();
if (field == null)
{
return(null);
}
return(field.value);
}
public static bool IsNonMemberAuth(this IHasMobileRequestHead request)
{
return(GetExtensionData(request, MobileIsNonMemberAuthExtensionKey) == bool.TrueString);
}
public static bool HasExtensionData(this IHasMobileRequestHead request, string name)
{
return(GetExtensionData(request, name) != null);
}
private void AuthenticateSecondAuth(IHttpRequest req, IHasMobileRequestHead mobileRequest, string auth, string sauth)
{
if (mobileRequest.HasExtensionData(ServiceUtils.MobileAuthTokenExtensionKey))
{
throw new MobileRequestFilterException(
"OperationName: " + req.OperationName + ". Request Head Extension fileds have had the authenticated auth. Request Head has bad data or MobileRequestFilter has been applied.");
}
if (mobileRequest.HasExtensionData(MobileRequestUtils.MobileSecondAuthExtensionKey))
{
throw new MobileRequestFilterException(
"OperationName: " + req.OperationName + ". Request Head Extension fileds have had the authenticated sauth. Request Head has bad data or MobileRequestFilter has been applied.");
}
if (!string.IsNullOrWhiteSpace(sauth))
{
CheckSecondTokenResponse checkSecondTokenResponse = null;
try
{
checkSecondTokenResponse = _secondAuthServiceClient.CheckSecondToken(
new CheckSecondTokenRequest()
{
Token = sauth,
Auth = auth
});
}
catch (CServiceException ex)
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Error happened when doing second Authorization.", ex);
}
catch (Exception ex)
{
if (IsOnDemandMode)
{
return;
}
throw new Exception("OperationName: " + req.OperationName + ". Error happened when connecting to Authorization service: " + ex.Message, ex);
}
if (IsOnDemandMode && checkSecondTokenResponse.ReturnCode != 0)
{
return;
}
switch (checkSecondTokenResponse.ReturnCode)
{
case 0:
break;
case 101:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". No second auth for authentication. Message: " + checkSecondTokenResponse.Message + ". \nReference document: " + AuthWiki);
case 102:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". No first auth for authentication. Message: " + checkSecondTokenResponse.Message + ". \nReference document: " + AuthWiki);
case 201:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". " + ServiceUtils.InvalidTokenExceptionMessage + " Message: " + checkSecondTokenResponse.Message + ". \nReference document: " + AuthWiki);
case 900:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". Authorization Service Internal Exception. Message: " + checkSecondTokenResponse.Message + ". \nReference document: " + AuthWiki);
default:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Unknown Authorization Service Return Code: "
+ checkSecondTokenResponse.ReturnCode + ". Message: " + checkSecondTokenResponse.Message + ". \nReference document: " + AuthWiki);
}
if (string.IsNullOrWhiteSpace(checkSecondTokenResponse.Uid))
{
if (IsOnDemandMode)
{
return;
}
string format = "OperationName: {0}. Empty uid was returned by Authorization service. IsNew: {1}, Message: {2}";
string message = string.Format(format, req.OperationName, checkSecondTokenResponse.IsNew, checkSecondTokenResponse.Message);
throw new MobileRequestFilterException(message);
}
if (string.IsNullOrWhiteSpace(checkSecondTokenResponse.Token))
{
if (IsOnDemandMode)
{
return;
}
string format = "OperationName: {0}. Empty token was returned by Authorization service. IsNew: {1}, Message: {2}";
string message = string.Format(format, req.OperationName, checkSecondTokenResponse.IsNew, checkSecondTokenResponse.Message);
throw new MobileRequestFilterException(message);
}
if (!string.IsNullOrWhiteSpace(auth))
{
mobileRequest.AddExtensionData(ServiceUtils.MobileAuthTokenExtensionKey, auth);
}
mobileRequest.AddExtensionData(MobileRequestUtils.MobileSecondAuthExtensionKey, checkSecondTokenResponse.Token);
mobileRequest.AddExtensionData(ServiceUtils.MobileUserIdExtensionKey, checkSecondTokenResponse.Uid);
return;
}
GenSecondAuthorizationTokenResponse genSecondAuthorizationTokenResponse = null;
try
{
genSecondAuthorizationTokenResponse = _secondAuthServiceClient.GenSecondAuthorizationToken(
new GenSecondAuthorizationTokenRequest()
{
Auth = auth
});
}
catch (CServiceException ex)
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Error happened when doing GenSecondAuthorizationToken.", ex);
}
catch (Exception ex)
{
if (IsOnDemandMode)
{
return;
}
throw new Exception("OperationName: " + req.OperationName + ". Error happened when connecting to Authorization service: " + ex.Message, ex);
}
if (IsOnDemandMode && genSecondAuthorizationTokenResponse.ReturnCode != 0)
{
return;
}
switch (genSecondAuthorizationTokenResponse.ReturnCode)
{
case 0:
break;
case 101:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". No auth for authentication. Message: " + genSecondAuthorizationTokenResponse.Message + ". \nReference document: " + AuthWiki);
case 201:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". " + ServiceUtils.InvalidTokenExceptionMessage + " Message: " + genSecondAuthorizationTokenResponse.Message + ". \nReference document: " + AuthWiki);
case 900:
throw new MobileRequestFilterException("OperationName: " + req.OperationName
+ ". Authorization Service Internal Exception. Message: " + genSecondAuthorizationTokenResponse.Message + ". \nReference document: " + AuthWiki);
default:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Unknown Authorization Service Return Code: "
+ genSecondAuthorizationTokenResponse.ReturnCode + ". Message: " + genSecondAuthorizationTokenResponse.Message + ". \nReference document: " + AuthWiki);
}
if (string.IsNullOrWhiteSpace(genSecondAuthorizationTokenResponse.Token))
{
if (IsOnDemandMode)
{
return;
}
string format = "OperationName: {0}. Empty new second auth token was returned by Authorization service. ExpiredTime: {1}, Message: {2}";
string message = string.Format(format, req.OperationName, genSecondAuthorizationTokenResponse.ExpiredTime, genSecondAuthorizationTokenResponse.Message);
throw new MobileRequestFilterException(message);
}
mobileRequest.AddExtensionData(ServiceUtils.MobileAuthTokenExtensionKey, auth);
mobileRequest.AddExtensionData(MobileRequestUtils.MobileSecondAuthExtensionKey, genSecondAuthorizationTokenResponse.Token);
mobileRequest.AddExtensionData(ServiceUtils.MobileUserIdExtensionKey, genSecondAuthorizationTokenResponse.Uid);
}
public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto)
{
if (IsH5OnlyMode && !req.IsGatewayRequest())
{
return;
}
if (AuthenticationMode == AuthenticationModeEnum.BanH5Request)
{
if (req.IsGatewayRequest())
{
ErrorUtils.LogError("H5 reqeust to internal operation " + req.OperationName + " is not allowed.", req, default(Exception), false, "FXD300017");
res.StatusCode = (int)HttpStatusCode.Forbidden;
res.AddHeader(ServiceUtils.ResponseStatusHttpHeaderKey, AckCodeType.Failure.ToString());
string traceIdString = req.Headers[ServiceUtils.TRACE_ID_HTTP_HEADER];
if (!string.IsNullOrWhiteSpace(traceIdString))
{
res.AddHeader(ServiceUtils.TRACE_ID_HTTP_HEADER, traceIdString);
}
res.LogRequest(req);
res.EndHttpHandlerRequest(true);
}
return;
}
if (req.OperationName.Trim().ToLower() == ServiceUtils.CheckHealthOperationName.ToLower())
{
return;
}
IHasMobileRequestHead mobileRequest = requestDto as IHasMobileRequestHead;
bool hasMobileRequestHead = mobileRequest != null && mobileRequest.head != null;
string auth = mobileRequest.GetAuth(req);
if (hasMobileRequestHead)
{
mobileRequest.head.auth = auth;
}
bool hasAuthToken = !string.IsNullOrWhiteSpace(auth);
if (!hasMobileRequestHead && !hasAuthToken)
{
if (AuthenticationMode == AuthenticationModeEnum.ByPass || IsOnDemandMode)
{
return;
}
res.WriteErrorToResponse(
req,
req.ResponseContentType,
new MobileRequestFilterException("OperationName: " + req.OperationName + ". Request head is null and cookie auth is null."),
false,
"FXD300018");
if (res.ExecutionResult != null)
{
res.ExecutionResult.FrameworkExceptionThrown = false;
res.ExecutionResult.ValidationExceptionThrown = true;
}
res.AddHeader(ServiceUtils.ResponseStatusHttpHeaderKey, AckCodeType.Failure.ToString());
res.LogRequest(req);
res.EndHttpHandlerRequest(true);
return;
}
string sauth = mobileRequest.GetSAuth();
bool hasSAuthToken = !string.IsNullOrWhiteSpace(sauth);
if (IsOnDemandMode && !hasAuthToken)
{
if (!UseSecondAuth || UseSecondAuth && !hasSAuthToken)
{
return;
}
}
if (AuthenticationMode == AuthenticationModeEnum.ByPass)
{
if (hasAuthToken)
{
mobileRequest.AddExtensionData(ServiceUtils.MobileAuthTokenExtensionKey, auth);
}
if (hasSAuthToken)
{
mobileRequest.AddExtensionData(MobileRequestUtils.MobileSecondAuthExtensionKey, sauth);
}
return;
}
try
{
if (UseSecondAuth)
{
AuthenticateSecondAuth(req, mobileRequest, auth, sauth);
return;
}
AuthenticateRequest(req, mobileRequest, auth);
}
catch (Exception ex)
{
res.WriteErrorToResponse(req, req.ResponseContentType, ex, false, "FXD300016");
if (res.ExecutionResult != null)
{
res.ExecutionResult.FrameworkExceptionThrown = false;
res.ExecutionResult.ValidationExceptionThrown = true;
}
res.AddHeader(ServiceUtils.ResponseStatusHttpHeaderKey, AckCodeType.Failure.ToString());
res.LogRequest(req);
res.EndHttpHandlerRequest(true);
}
}
protected virtual void AuthenticateRequest(IHttpRequest req, IHasMobileRequestHead mobileRequest, string auth)
{
if (mobileRequest.HasExtensionData(ServiceUtils.MobileAuthTokenExtensionKey))
{
throw new MobileRequestFilterException(
"OperationName: " + req.OperationName + ". Request Head Extension fileds have had the authenticated auth. Request Head has bad data or MobileRequestFilter has been applied.");
}
ValidateAndGetNewTokenResponse response = null;
try
{
response = _mobileAuthServiceClient.ValidateAndGetNewToken(new ValidateAndGetNewTokenRequest()
{
Token = auth
});
}
catch (CServiceException ex)
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Error happened when doing Auth.", ex);
}
catch (Exception ex)
{
if (IsOnDemandMode)
{
return;
}
throw new Exception("OperationName: " + req.OperationName + ". Error happened when connecting to mobile auth service: " + ex.Message, ex);
}
if (IsOnDemandMode && response.ReturnCode != 0)
{
return;
}
switch (response.ReturnCode)
{
case 0:
break;
case 1001:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". No auth for authentication. Message: " + response.Message + ". \nReference document: " + AuthWiki);
case 2001:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". " + ServiceUtils.InvalidTokenExceptionMessage + " Message: " + response.Message + ". \nReference document: " + AuthWiki);
case 9000:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Mobile Auth Service Internal Exception. Message: " + response.Message + ". \nReference document: " + AuthWiki);
default:
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Unknown Auth Service Return Code: " + response.ReturnCode + ". Message: " + response.Message + ". \nReference document: " + AuthWiki);
}
if (string.IsNullOrWhiteSpace(response.NewToken))
{
if (IsOnDemandMode)
{
return;
}
throw new MobileRequestFilterException("OperationName: " + req.OperationName + ". Empty new auth was returned by MobileAuthService.");
}
AddAuthResponseData(req, mobileRequest, response);
}
/// <summary>
/// 注意:此方法依赖于线程静态数据,只能在请求执行的同步线程里使用,不能在新开启的异步线程里使用。
/// </summary>
/// <param name="mobileRequest"></param>
/// <returns></returns>
public static string GetAuth(this IHasMobileRequestHead mobileRequest)
{
return(GetAuth(mobileRequest, HostContext.Instance.Request));
}
public static string GetMobileAuthLoginType(this IHasMobileRequestHead request)
{
return(request.GetExtensionData(MobileAuthLoginTypeExtensionKey));
}
public static void LogRequest(this IHttpResponse response, IHttpRequest request, int?statusCode = null)
{
try
{
if (!EndpointHost.Config.MetadataMap[request.ServicePath].LogCommonRequestInfo)
{
return;
}
Dictionary <string, string> additionalInfo = new Dictionary <string, string>()
{
{ "ClientIP", request.RemoteIp },
{ "AbsolutePath", request.GetAbsolutePath() },
{ "HostAddress", request.GetUrlHostName() },
{ "ResponseStatus", (statusCode ?? (response.StatusCode <= 0 ? 200 : response.StatusCode)).ToString() }
};
string requestType = EndpointHost.Config.MetadataMap[request.ServicePath].FullServiceName;
if (!string.IsNullOrWhiteSpace(request.OperationName))
{
requestType += "." + request.OperationName;
}
additionalInfo["RequestType"] = requestType;
string appId = request.Headers[ServiceUtils.AppIdHttpHeaderKey];
if (!string.IsNullOrWhiteSpace(appId))
{
additionalInfo["ClientAppId"] = appId;
}
if (request.RequestObject != null && request.RequestObject is IHasMobileRequestHead)
{
IHasMobileRequestHead h5Request = request.RequestObject as IHasMobileRequestHead;
if (h5Request.head != null)
{
Dictionary <string, string> extension = null;
if (EndpointHost.Config.MetadataMap[request.ServicePath].LogH5HeadExtensionData)
{
extension = new Dictionary <string, string>();
foreach (ExtensionFieldType item in h5Request.head.extension)
{
if (!string.IsNullOrWhiteSpace(item.name) &&
item.name != ServiceUtils.MobileUserIdExtensionKey && item.name != ServiceUtils.MobileAuthTokenExtensionKey)
{
extension[item.name] = item.value;
}
}
if (extension.Count == 0)
{
extension = null;
}
}
additionalInfo["H5Head"] = TypeSerializer.SerializeToString(
new
{
ClientID = h5Request.head.cid,
ClientToken = h5Request.head.ctok,
ClientVersion = h5Request.head.cver,
SystemCode = h5Request.head.syscode,
SourceID = h5Request.head.sid,
Language = h5Request.head.lang,
Extension = extension
});
}
}
}
catch { }
}
