public HttpResponseMessage DeleteArticle(string Id)
        {
            ApiResultViewModel result = new ApiResultViewModel();

            //取得使用者ID
            string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);

            ArticleViewModel ArticleViewModel = articleRepository.GetArticle(Id, UserID);

            if (ArticleViewModel == null)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "查無此文章資料!!!";
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            bool IsSuccess = articleRepository.DeleteArticle(Id, UserID);

            if (IsSuccess)
            {
                result.Result  = true;
                result.Status  = ResponseCode.Success.ToString();
                result.Message = "刪除成功!!!";
            }
            else
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "刪除文章資料發生錯誤!!!";
            }

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
        public HttpResponseMessage AddArticle([FromBody] ArticleModel articleModel)
        {
            ApiResultViewModel result = new ApiResultViewModel();

            //驗證欄位資訊
            if (!ModelState.IsValid)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = AllShared.GetModelStateError(ModelState);
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            //取得使用者ID
            string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);

            articleModel.UID = UserID;

            bool IsSuccess = articleRepository.AddArticle(articleModel);

            if (IsSuccess)
            {
                result.Result  = true;
                result.Status  = ResponseCode.Success.ToString();
                result.Message = "新增成功!!!";
            }
            else
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "新增資料時發生錯誤!!!";
            }

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
        public HttpResponseMessage UpdateArticle(string Id, [FromBody] ArticleUpdateModel UpdateInfo)
        {
            ApiResultViewModel result = new ApiResultViewModel();

            if (!ModelState.IsValid)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = AllShared.GetModelStateError(ModelState);
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            if (UpdateInfo == null)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "無修改資料相關參數";
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            //取得使用者ID
            string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);

            ArticleViewModel ArticleViewModel = articleRepository.GetArticle(Id, UserID);

            if (UpdateInfo.Title == null)
            {
                UpdateInfo.Title = ArticleViewModel.Title;
            }
            if (UpdateInfo.Content == null)
            {
                UpdateInfo.Content = ArticleViewModel.Content;
            }

            if (ArticleViewModel == null)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "查無此文章資料!!!";
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            bool IsSuccess = articleRepository.UpdateArticle(Id, UserID, UpdateInfo);

            if (IsSuccess)
            {
                result.Result  = true;
                result.Status  = ResponseCode.Success.ToString();
                result.Message = "修改成功!!!";
            }
            else
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "修改文章資料發生錯誤!!!";
            }

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
Exemple #4
0
        public HttpResponseMessage Login([FromBody] LoginModel loginModel)
        {
            ApiResultViewModel result = new ApiResultViewModel();

            UserModel userModel = userRepository.GetUser(loginModel.UID, loginModel.Pwd.GetMD5());

            if (userModel == null)
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "查無帳號資訊!!!";
                return(Request.CreateResponse(HttpStatusCode.OK, result));
            }

            string token = JWTShared.CreateToken(userModel);

            result.Result     = true;
            result.Status     = ResponseCode.Success.ToString();
            result.Message    = "登入成功!!!";
            result.ObjectData = new { token = token };

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            #region IgnoreValidateAttribute判斷
            //有掛上這個Attribute的,直接就return掉
            if (actionContext.ActionDescriptor.GetCustomAttributes <IgnoreValidateAttribute>(false).Any())
            {
                return;
            }
            #endregion

            ApiResultViewModel result = new ApiResultViewModel();

            #region 判斷有沒有JWT的驗證
            //判斷有沒有Header和判斷是不是JWT的Scheme(Bearer)
            if (actionContext.Request.Headers.Authorization == null || actionContext.Request.Headers.Authorization.Scheme != "Bearer")
            {
                result.Result  = false;
                result.Status  = ResponseCode.Fail.ToString();
                result.Message = "驗證Token失敗!!!請確認驗證資料是否正確";

                //回傳Response的一種寫法
                setErrorResponse(actionContext, result);
                return;
            }
            #endregion

            //取得Token 這裡主要取得Header的Authorization屬性
            var token = actionContext.Request.Headers.Authorization.Parameter;
            result = JWTShared.TokenVerification(token);

            #region 驗證Token是否正確
            //驗證Token
            if (!result.Result)
            {
                //回傳Response另一種寫法
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, result);
                return;
            }
            #endregion

            //取出Token資料
            JObject jObject = JObject.Parse(result.ObjectData.ToString());
            string  UID     = jObject["Id"].ToString();
            string  Role    = jObject["role"].ToString();

            #region 驗證是否為管理者
            //有掛上這個Attribute的,要驗證是否為管理者
            if (actionContext.ActionDescriptor.GetCustomAttributes <ManagerOnlyAttribute>(false).FirstOrDefault() != null)
            {
                if (!Role.Equals("Manager"))
                {
                    result.Result     = false;
                    result.Status     = ResponseCode.Fail.ToString();
                    result.Message    = "此功能需要管理者權限!!!";
                    result.ObjectData = null;
                    setErrorResponse(actionContext, result);
                    return;
                }
            }
            #endregion

            #region 驗證是否是同一個人
            if (actionContext.ActionDescriptor.GetCustomAttributes <PersonalOnlyAttribute>(false).FirstOrDefault() != null)
            {
                //取得參數中的Id
                string Id = actionContext.ActionArguments["Id"].ToString();

                if (!Role.Equals("Manager"))
                {
                    if (!Id.Equals(UID))
                    {
                        result.Result     = false;
                        result.Status     = ResponseCode.Fail.ToString();
                        result.Message    = "您沒有權限變更他人資料!!!";
                        result.ObjectData = null;
                        setErrorResponse(actionContext, result);
                        return;
                    }
                }
            }
            #endregion



            //if (actionContext.ModelState.IsValid == false)
            //{
            //    actionContext.Response = actionContext.Request.CreateErrorResponse(
            //        HttpStatusCode.BadRequest, actionContext.ModelState);
            //}


            base.OnActionExecuting(actionContext);
        }