public static string BuildEncryptedRequest(string email)
{
var request = new UserTokenModel
{
email = email
};
string jsonRequest = new JavaScriptSerializer().Serialize(request);
string encryptedRequest = Encripter.Encrypt(jsonRequest);
return encryptedRequest;
}
/// <summary>
/// 获取Token
/// </summary>
/// <param name="UserCode"></param>
/// <param name="Password"></param>
/// <param name="PhoneCode"></param>
/// <param name="userid"></param>
/// <param name="tokencode"></param>
/// <param name="message"></param>
/// <returns></returns>
public UserTokenModel Login(string UserCode, string Password, string PhoneCode, int LoginMode, out bool flag, out string message)
{
long vildid = 0;
UserTokenModel model = new UserTokenModel();
flag = false;
message = string.Empty;
lgk.Model.tb_user user = userBLL.GetModel(GetUserID(UserCode.Trim()));
if (user == null)
{
message = GetLanguage("AccountError");//账号或密码错误
return(model);
}
else if (LoginMode == 1)
{
if (user.Password.Length == 32 && Password.Trim().Length == 32)
{
if (user.Password != Password.Trim())
{
message = GetLanguage("AccountError");//账号或密码错误
return(model);
}
}
else
{
//安卓端注册时偶尔会出现传递的md5密码少第一个字符,只传递了31个字符,为了兼容多端登录需要做一下特殊处理
string pwd = user.Password, loginPwd = Password.Trim();
if (user.Password.Length == 32)
{
pwd = user.Password.Substring(1, user.Password.Length - 1);
}
if (Password.Trim().Length == 32)
{
loginPwd = Password.Substring(1, loginPwd.Length - 1);
}
if (pwd != loginPwd)
{
message = GetLanguage("AccountError");//账号或密码错误
return(model);
}
}
}
else if (LoginMode == 2)
{
vildid = CheckSMSCode(user.PhoneNum, PhoneCode, 2);
if (vildid < 0)
{
message = "验证码错误";
return(model);
}
}
else if (user.IsLock == 1)
{
message = "账户已冻结,登录失败";
return(model);
}
//lgk.Model.SMS smsModel = smsBLL.GetModelByPhoneAndCode(user.PhoneNum, PhoneCode);
//if(smsModel == null)
//{
// message = "短信验证码无效";
//}
//else if(smsModel.IsValid == 1)
//{
// message = "短信验证码无效";
//}
//else if(smsModel.ValidTime < DateTime.Now)
//{
// message = "短信验证码已过期";
//}
//else
//{
//更新用户当前有效的token为无效
logintokenBLL.UpdateIsValid(user.UserID, 0, 1);
//生成
string code = Guid.NewGuid().ToString().Replace("-", "") + new Random().Next(1111, 9999);
lgk.Model.tb_LoginToken tokenmodel = new lgk.Model.tb_LoginToken();
tokenmodel.UserID = user.UserID;
tokenmodel.SmsCode = PhoneCode;
tokenmodel.TokenCode = code;
tokenmodel.AddTime = DateTime.Now;
tokenmodel.EndTime = DateTime.Now.AddHours(24);
tokenmodel.IsValid = 0; //0:有效,1:无效
long lID = logintokenBLL.Add(tokenmodel);
if (lID > 0)
{
model.UserID = user.UserID;
model.Token = code;
model.UserCode = user.UserCode;
model.Hx_password = user.ThreePassword;
if (!string.IsNullOrEmpty(user.IdenCode))
{
model.IsCardValid = 1; //身份已验证
}
else
{
model.IsCardValid = 0; //身份未验证
}
flag = true;
message = "登录成功";
}
else
{
message = "登录失败";
}
//}
return(model);
}
public async Task <User> GetUserProfile(UserTokenModel currentUser)
{
return(await _userRepo.GetByIdAsync(currentUser.UserId));
}
public bool DelClassUser(ClassesUserModel model, UserTokenModel curUser)
{
return(rep.DelClassUser(model, curUser));
}
public int AddOrEditClasses(ClassesModel c, UserTokenModel curUser)
{
return(rep.AddOrEditClasses(c, curUser));
}
public int AddOrEditUser(UserModel user, UserTokenModel curUser)
{
if (user.UserId > 0)
{
goto editUser;
}
var ue = user.Adapt <User>();
ue.Password = "******";
var pwd = Atom.Lib.Security.CryptographyUtils.Pwd(ue.Password);
ue.Password = pwd.Item1;
ue.Salt = pwd.Item2;
ue.LoginId = string.IsNullOrWhiteSpace(ue.LoginId) ? Guid.NewGuid().ToString("N") : user.LoginId;
//ue.SSN = ue.MobilePhone;
ue.AddUserId = curUser.UserId;
ue.EditUserId = curUser.UserId;
ue.AddTime = DateTime.Now;
ue.EditTime = DateTime.Now;
db.Set <User>().Add(ue);
db.SaveChanges();
if (user.UserType == 1)
{
var uex = user.Adapt <UserExtLearner>();
uex.AddUserId = curUser.UserId;
uex.EditUserId = curUser.UserId;
uex.AddTime = DateTime.Now;
uex.EditTime = DateTime.Now;
uex.UserId = ue.UserId;
db.Set <UserExtLearner>().Add(uex);
}
else if (user.UserType == 2)
{
var uext = user.Adapt <UserTecherExt>();
uext.AddUserId = curUser.UserId;
uext.EditUserId = curUser.UserId;
uext.AddTime = DateTime.Now;
uext.EditTime = DateTime.Now;
uext.UserId = ue.UserId;
db.Set <UserTecherExt>().Add(uext);
}
var uwr = new UserWorkRole();
uwr.IsValid = true;
uwr.AddUserId = curUser.UserId;
uwr.EditUserId = curUser.UserId;
uwr.AddTime = DateTime.Now;
uwr.EditTime = DateTime.Now;
uwr.RoleCode = user.UserType == 1 ? "learner" : "trainer";
uwr.UserId = ue.UserId;
db.Set <UserWorkRole>().Add(uwr);
return(db.SaveChanges());
editUser:
var exist = db.Set <User>().Find(user.UserId);
exist.UserName = user.UserName;
exist.MobilePhone = user.MobilePhone;
//exist.SSN = user.MobilePhone;
exist.Gender = user.Gender;
exist.HeadImg = user.HeadImg;
exist.BirthDay = user.BirthDay;
exist.EditTime = DateTime.Now;
exist.EditUserId = curUser.UserId;
exist.IsValid = user.IsValid;
db.Entry(exist).State = System.Data.Entity.EntityState.Modified;
if (user.UserType == 1)
{
var existuex = db.Set <UserExtLearner>().FirstOrDefault(t => t.UserId == user.UserId);
existuex.School = user.School;
existuex.Grade = user.Grade;
existuex.Likes = user.Likes;
existuex.Disposition = user.Disposition;
existuex.LikesStuff = user.LikesStuff;
existuex.HasEn = user.HasEn;
existuex.IsEarlyEdu = user.IsEarlyEdu;
existuex.IsHasAllergy = user.IsHasAllergy;
existuex.ParentName = user.ParentName;
existuex.ParentPhone = user.ParentPhone;
existuex.ParentGrade = user.ParentGrade;
existuex.ParentDoing = user.ParentDoing;
existuex.SendPeople = user.SendPeople;
existuex.SendPhone = user.SendPhone;
existuex.SendType = user.SendType;
existuex.TechPeople = user.TechPeople;
existuex.IsHasEduType = user.IsHasEduType;
existuex.HasKnowStdudent = user.HasKnowStdudent;
existuex.ComLearnType = user.ComLearnType;
existuex.EditUserId = curUser.UserId;
existuex.EditTime = DateTime.Now;
db.Entry(existuex).State = System.Data.Entity.EntityState.Modified;
}
else if (user.UserType == 2)
{
var existuext = db.Set <UserTecherExt>().FirstOrDefault(t => t.UserId == user.UserId);
existuext.TechHistory = user.TechHistory;
existuext.Certificate = user.Certificate;
existuext.EditUserId = curUser.UserId;
existuext.EditTime = DateTime.Now;
db.Entry(existuext).State = System.Data.Entity.EntityState.Modified;
}
return(db.SaveChanges());
}
public override void OnLoad(HttpContext context)
{
base.OnLoad(context);
requestBody = new RequestBody();
requestBody.accessToken = context.Request["accessToken"];
requestBody.uTo = Convert.ToInt32(context.Request["to"]);
requestBody.content = context.Request["content"];
if (requestBody.content.Length == 0 || requestBody.accessToken.Trim().Length == 0 || requestBody.uTo == 0)
{
SystemResponse.Output(SystemResponse.TYPE_NULLPARAMETER, out statusCode, out responseJson);
}
else
{
//验证用户
TokenHelper token = new TokenHelper();
UserTokenModel fromModel = token.getUserToken(requestBody.accessToken);
UserTokenModel toModel = token.getUserToken(requestBody.uTo);
if (fromModel == null)
{
SystemResponse.Output(SystemResponse.TYPE_EXPIRE, out statusCode, out responseJson);
}
else
{
int msgstatus = 0;
#region 入库至本地
ModelAdo <MsgModel> modelAdo = new ModelAdo <MsgModel>();
MsgModel msg = new MsgModel();
msg.ufrom = Convert.ToInt32(fromModel.uid);
msg.uto = requestBody.uTo;
msg.content = requestBody.content;
msg.createTime = StringHelper.ConvertDateTimeInt(DateTime.Now);
msg.status = msgstatus;
if (modelAdo.Insert(msg) >= 1)
{
#region 百度推送
if (toModel != null && toModel.bpuserId.Length >= 1 && toModel.channelId.Length >= 1)
{
//获取插入本地数据
MsgModel msgPush = modelAdo.GetModel("ufrom=?ufrom AND uto=?uto AND createTime=?createTime AND status=0", "",
new MySqlParameter("?ufrom", msg.ufrom),
new MySqlParameter("?uto", msg.uto),
new MySqlParameter("?createTime", msg.createTime));
if (msgPush != null)
{
try
{
//百度配置信息
string secretKey = ConfigurationManager.AppSettings["baidu_secret_key"];
string apiKey = ConfigurationManager.AppSettings["baidu_api_key"];
uint depolyStatus = uint.Parse(ConfigurationManager.AppSettings["baidu_depoly_status"]);
String messages = "";
TimeSpan ts = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0));
uint unixTime = (uint)ts.TotalSeconds;
string messageksy = "api";
uint message_type = 1;
BaiduPush Bpush = new BaiduPush("POST", secretKey);
if (toModel.deviceType == 1)
{
message_type = 1;
toModel.deviceType = 4;
IOSNotification notifaction = new IOSNotification();
notifaction.id = msgPush.id;
notifaction.ufrom = msgPush.ufrom;
notifaction.uto = msgPush.uto;
notifaction.content = msgPush.content.Trim();
notifaction.createTime = string.Format("{0:yyyy/MM/dd HH:mm:ss}", System.DateTime.Now);
notifaction.type = msgPush.type;
notifaction.status = 1;
IOSAPS aps = new IOSAPS()
{
alert = "收到一条新消息",
};
notifaction.aps = aps;
messages = notifaction.getJsonString();
}
else
{
message_type = 0;
toModel.deviceType = 3;
BaiduPushNotification notifaction = new BaiduPushNotification();
notifaction.title = "";
//构建custom_content信息
BaiduDescription bdMsg = new BaiduDescription();
bdMsg.id = msgPush.id;
bdMsg.ufrom = msgPush.ufrom;
bdMsg.uto = msgPush.uto;
bdMsg.content = msgPush.content;
bdMsg.createTime = string.Format("{0:yyyy/MM/dd HH:mm:ss}", System.DateTime.Now);
bdMsg.type = msgPush.type;
bdMsg.status = 1;
notifaction.description = "收到一条新消息";
notifaction.custom_content = bdMsg;
messages = notifaction.getJsonString();
}
PushOptions pOpts = new PushOptions("push_msg", apiKey, toModel.bpuserId.ToString(),
toModel.channelId.ToString(), Convert.ToUInt32(toModel.deviceType), messages, messageksy, unixTime);
pOpts.message_type = message_type;
pOpts.deploy_status = depolyStatus;
pOpts.push_type = 1;
string response = Bpush.PushMessage(pOpts);
responseJson = response;
msgstatus = 1;
//处理数据为已读
if (msg.status == 0)
{
msgPush.status = 1;
modelAdo.Update(msgPush);
}
//SystemResponse.Output(SystemResponse.TYPE_OK, out statusCode, out responseJson);
//responseJson = strBDMsg;
}
catch (Exception ex)
{
responseJson = ex.ToString();
SystemResponse.Output(SystemResponse.TYPE_ERROR, out statusCode, out responseJson);
}
}
#endregion
}
else
{
SystemResponse.Output(SystemResponse.TYPE_ERROR, out statusCode, out responseJson);
}
#endregion
}
}
}
}
public static void AddToken(UserTokenModel token)
{
lock (UserTokens) {
UserTokens.Add(token);
}
}
public bool AddOrEditTrain(TrainModel model, UserTokenModel curUser)
{
if (model.Id > 0)
{
goto editLogic;
}
var ue = model.Adapt <Train>();
ue.AddUserId = curUser.UserId;
ue.EditUserId = curUser.UserId;
ue.AddTime = DateTime.Now;
ue.EditTime = DateTime.Now;
db.Set <Train>().Add(ue);
db.SaveChanges();
model.TeacherIds.ForEach(t =>
{
var te = new TrainTeacher();
te.AddUserId = curUser.UserId;
te.EditUserId = curUser.UserId;
te.AddTime = DateTime.Now;
te.EditTime = DateTime.Now;
te.IsValid = true;
te.TrainId = ue.Id;
te.UserId = t;
db.Set <TrainTeacher>().Add(te);
});
db.SaveChanges();
var classUsers = db.Set <ClassUser>().Where(t => t.IsValid && t.ClassId == model.ClassId).ToList();
classUsers.ForEach(t =>
{
var te = new TrainLearner();
te.AddUserId = curUser.UserId;
te.EditUserId = curUser.UserId;
te.AddTime = DateTime.Now;
te.EditTime = DateTime.Now;
te.IsValid = true;
te.TrainId = ue.Id;
te.UserId = t.UserId;
te.Remark = "";
db.Set <TrainLearner>().Add(te);
});
db.SaveChanges();
return(true);
editLogic:
var exist = db.Set <Train>().Find(model.Id);
exist.StartTime = model.StartTime;
exist.EndTime = model.EndTime;
exist.ClassId = model.ClassId;
exist.CourseCode = model.CourseCode;
exist.Remark = model.Remark;
exist.EditTime = DateTime.Now;
exist.EditUserId = curUser.UserId;
exist.IsValid = model.IsValid;
db.Entry(exist).State = System.Data.Entity.EntityState.Modified;
db.SaveChanges();
var existTrainTeachers = db.Set <TrainTeacher>().Where(t => t.IsValid && t.TrainId == exist.Id).ToList();
existTrainTeachers.ForEach(t =>
{
t.IsValid = false;
db.Entry(t).State = System.Data.Entity.EntityState.Modified;
});
db.SaveChanges();
model.TeacherIds.ForEach(t =>
{
var te = new TrainTeacher();
te.AddUserId = curUser.UserId;
te.EditUserId = curUser.UserId;
te.AddTime = DateTime.Now;
te.EditTime = DateTime.Now;
te.IsValid = true;
te.TrainId = exist.Id;
te.UserId = t;
db.Set <TrainTeacher>().Add(te);
});
db.SaveChanges();
var existTrainLearners = db.Set <TrainLearner>().Where(t => t.IsValid && t.TrainId == exist.Id).ToList();
existTrainLearners.ForEach(t =>
{
t.IsValid = false;
db.Entry(t).State = System.Data.Entity.EntityState.Modified;
});
db.SaveChanges();
var classUserse = db.Set <ClassUser>().Where(t => t.IsValid && t.ClassId == model.ClassId).ToList();
classUserse.ForEach(t =>
{
var te = new TrainLearner();
te.AddUserId = curUser.UserId;
te.EditUserId = curUser.UserId;
te.AddTime = DateTime.Now;
te.EditTime = DateTime.Now;
te.IsValid = true;
te.TrainId = exist.Id;
te.UserId = t.UserId;
te.Remark = "";
db.Set <TrainLearner>().Add(te);
});
db.SaveChanges();
return(true);
}
public override void OnLoad(HttpContext context)
{
base.OnLoad(context);
requestBody = new RequestBody();
requestBody.accessToken = context.Request["accessToken"];
requestBody.oid = context.Request["oid"];
requestBody.uid = context.Request["uid"];
if (requestBody.accessToken == null || requestBody.accessToken.Trim().Length == 0 || requestBody.oid.Length == 0 || requestBody.uid.Length == 0)
{
SystemResponse.Output(SystemResponse.TYPE_NULLPARAMETER, out statusCode, out responseJson);
}
else
{
List <int> values = JsonConvert.DeserializeObject <List <int> >(requestBody.uid);
//验证用户
TokenHelper token = new TokenHelper();
UserTokenModel userTokenModel = token.getUserToken(requestBody.accessToken);
if (userTokenModel == null)
{
SystemResponse.Output(SystemResponse.TYPE_EXPIRE, out statusCode, out responseJson);
}
else
{
//获取订单表数据
ModelAdo <OrderModel> modelAdoOrder = new ModelAdo <OrderModel>();
OrderModel orderModel = modelAdoOrder.GetModel("(id=?id AND ostatus=?ostatus) or (id=?id AND ostatus=?ostatus1) ", "",
new MySqlParameter("?id", requestBody.oid),
new MySqlParameter("?ostatus", 2),
new MySqlParameter("?ostatus1", 1));
if (orderModel != null)
{
ModelAdo <OrderUserModel> modelAdo = new ModelAdo <OrderUserModel>();
int existCount = modelAdo.GetRecordCount("oid=?oid",
new MySqlParameter("?oid", requestBody.oid));
if (existCount >= 1)
{
int delCount = modelAdo.ExecuteSql("DELETE FROM ct_order_user WHERE oid=?oid",
new MySqlParameter("?oid", requestBody.oid));
if (delCount >= 1)
{
StringBuilder sbValues = new StringBuilder();
sbValues.Append(" INSERT INTO ct_order_user(oid,uid,status,remark) VALUES ");
for (int i = 0; i < values.Count; i++)
{
sbValues.Append("(" + requestBody.oid + "," + values[i] + ",1,'派送中的订单'),");
}
sbValues.Remove(sbValues.Length - 1, 1).Append(";");
int inCount = modelAdo.ExecuteSql(sbValues.ToString());
if (inCount >= 1)
{
if (orderModel != null)
{
orderModel.ostatus = 2;
modelAdoOrder.Update(orderModel);
}
SystemResponse.Output(SystemResponse.TYPE_OK, out statusCode, out responseJson);
}
else
{
SystemResponse.Output(SystemResponse.TYPE_NULL, out statusCode, out responseJson);
}
}
else
{
SystemResponse.Output(SystemResponse.TYPE_ERROR, out statusCode, out responseJson);
}
}
else
{
StringBuilder sbValues = new StringBuilder();
sbValues.Append(" INSERT INTO ct_order_user(oid,uid,status) VALUES ");
for (int i = 0; i < values.Count; i++)
{
sbValues.Append("(" + requestBody.oid + "," + values[i] + ",1),");
}
sbValues.Remove(sbValues.Length - 1, 1).Append(";");
int inCount = modelAdo.ExecuteSql(sbValues.ToString());
if (inCount >= 1)
{
SystemResponse.Output(SystemResponse.TYPE_OK, out statusCode, out responseJson);
}
else
{
SystemResponse.Output(SystemResponse.TYPE_NULL, out statusCode, out responseJson);
}
}
}
else
{
SystemResponse.Output(SystemResponse.TYPE_NULL, out statusCode, out responseJson);
}
}
}
}
public override void OnLoad(HttpContext context)
{
base.OnLoad(context);
requestBody = new RequestBody();
requestBody.accessToken = context.Request["accessToken"];
requestBody.page = Convert.ToInt32(context.Request["page"]);
requestBody.pageSize = Convert.ToInt32(context.Request["pageSize"]);
requestBody.status = Convert.ToInt32(context.Request["status"]);
if (requestBody.accessToken == null || requestBody.accessToken.Trim().Length == 0)
{
SystemResponse.Output(SystemResponse.TYPE_NULLPARAMETER, out statusCode, out responseJson);
}
//验证用户
TokenHelper token = new TokenHelper();
UserTokenModel userTokenModel = token.getUserToken(requestBody.accessToken);
if (userTokenModel == null)
{
SystemResponse.Output(SystemResponse.TYPE_EXPIRE, out statusCode, out responseJson);
}
else
{
ModelAdo <SupplierOrderModel> orderModel = new ModelAdo <SupplierOrderModel>();
List <SupplierOrderModel> models = null;
int pagenumber = requestBody.page == 0 ? 1 : requestBody.page;
int totalCount = 1;
orderModel.PageSize = requestBody.pageSize == 0 ? orderModel.PageSize : requestBody.pageSize;
if (requestBody.status == 4)
{
ModelAdo <OrderModel> closeOrderModel = new ModelAdo <OrderModel>();
List <OrderModel> closeOrderModels = closeOrderModel.GetList(pagenumber, " sendUid=?sendUid AND ostatus=5", "", out totalCount, "",
new MySqlParameter("?sendUid", userTokenModel.uid)
);
if (closeOrderModels.Count >= 1)
{
//构建返回对象
List <Order> orders = new List <Order>();
foreach (OrderModel model in closeOrderModels)
{
Order order = new Order();
order.uid = model.uid.ToString();
order.title = model.title;
order.createDate = string.Format("{0:d}", StringHelper.GetNomalTime(model.createDate));
order.status = model.ostatus;
order.price = model.amount.ToString("f2");
order.oid = model.id.ToString();
order.type = model.otid;
Ext from = new Ext();
from.uid = model.uid.ToString();
from.city = model.address1;
from.date = string.Format("{0:d}", StringHelper.GetNomalTime(model.time1));
order.from = from;
Ext to = new Ext();
to.uid = model.uid.ToString();
to.city = model.address2;
to.date = string.Format("{0:d}", StringHelper.GetNomalTime(model.time2));
order.to = to;
orders.Add(order);
}
responseBody = new ResponseBody
{
page = 1,
pageTotal = (totalCount + orderModel.PageSize - 1) / orderModel.PageSize,
total = totalCount,
orders = orders
};
responseJson = JsonConvert.SerializeObject(responseBody, Formatting.Indented);
}
else
{
SystemResponse.Output(SystemResponse.TYPE_NULL, out statusCode, out responseJson);
}
}
else
{
if (requestBody.status == 0)
{
models = orderModel.GetList(pagenumber, " uid=?uid ", "", out totalCount, "",
new MySqlParameter("?uid", userTokenModel.uid)
);
}
else
{
models = orderModel.GetList(pagenumber, " uid=?uid AND status=?status", "", out totalCount, "",
new MySqlParameter("?uid", Convert.ToInt32(userTokenModel.uid)),
new MySqlParameter("?status", requestBody.status)
);
}
if (models.Count >= 1)
{
//构建返回对象
List <Order> orders = new List <Order>();
foreach (SupplierOrderModel model in models)
{
Order order = new Order();
order.uid = model.uid.ToString();
order.oid = model.oid.ToString();
order.title = model.title;
order.createDate = string.Format("{0:d}", StringHelper.GetNomalTime(model.createDate));
order.status = model.ostatus;
order.price = model.amount.ToString("f2");
order.type = model.otid;
Ext from = new Ext();
from.uid = model.uid.ToString();
from.city = model.address1;
from.date = string.Format("{0:d}", StringHelper.GetNomalTime(model.time1));
order.from = from;
Ext to = new Ext();
to.uid = model.uid.ToString();
to.city = model.address2;
to.date = string.Format("{0:d}", StringHelper.GetNomalTime(model.time2));
order.to = to;
orders.Add(order);
}
responseBody = new ResponseBody
{
page = 1,
pageTotal = (totalCount + orderModel.PageSize - 1) / orderModel.PageSize,
total = totalCount,
orders = orders
};
responseJson = JsonConvert.SerializeObject(responseBody, Formatting.Indented);
}
else
{
SystemResponse.Output(SystemResponse.TYPE_NULL, out statusCode, out responseJson);
}
}
}
}
public int AddOrEditUser(UserModel user, UserTokenModel curUser)
{
var result = rep.AddOrEditUser(user, curUser);
return(result);
}
//private static readonly log4net.ILog log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
//log4net.GlobalContext.Properties["ClientIP"] = request.GetClientIP();
//Evitar que requisições específicas e de documentação SWASHBUCKLE sejam verificadas.
if (request.RequestUri.Segments.Any(s => s.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries).Contains("swagger")) ||
request.RequestUri.Segments.Any(s => s.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries).Contains("help")) ||
request.RequestUri.Segments.Any(s => s.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries).Contains("hangfire")) ||
request.RequestUri.ToString().ToLower().Contains("account/authenticate"))
{
return(await base.SendAsync(request, cancellationToken));
}
//TokenMessage tokenMsg;
HttpResponseMessage reply;
IEnumerable <string> keys = null;
if (request.Headers.TryGetValues("token", out keys) && !string.IsNullOrEmpty(keys.First()))
{
try
{
string token = keys.First();
var plainTextSecurityKey = "PosGraduacaoTcc2017WilsonDonizetti";
var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey));
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var tokenValidationParameters = new TokenValidationParameters()
{
ValidAudiences = new string[]
{
"http://my.website.com",
"http://my.otherwebsite.com"
},
ValidIssuers = new string[]
{
"http://my.tokenissuer.com",
"http://my.othertokenissuer.com"
},
IssuerSigningKey = signingKey
};
SecurityToken validatedToken;
ClaimsPrincipal principal = tokenHandler.ValidateToken(token,
tokenValidationParameters, out validatedToken);
if (principal == null || principal.Identity.IsAuthenticated == false)
{
#region Identidade do usuário ou máquina cliente inválida.
var tokenMsg = new UserTokenModel()
{
Success = false,
Token = null,
Message = $"{(short)HttpStatusCode.Unauthorized} - {HttpStatusCode.Unauthorized.ToString()} (Identidade do usuário ou máquina cliente inválida.)"
};
reply = request.CreateResponse(HttpStatusCode.Unauthorized, tokenMsg);
//log.Info($"{token.User} - {token.IP} - {request.RequestUri.ToString()} - {tokenMsg.Message}");
return(await Task.FromResult(reply));
#endregion
}
//Set The User Principal
request.Properties.Add("MS_UserPrincipal", principal);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
catch (Exception ex)
{
#region Erro no processamento do Token.
string msgEx = (ex.Message.Length <= 100) ? ex.Message : string.Concat(ex.Message.Substring(0, 100), "...");
var tokenMsg = new UserTokenModel()
{
Success = false,
Token = null,
Message = $"{(short)HttpStatusCode.BadRequest} - {HttpStatusCode.BadRequest.ToString()} (Erro no processamento do Token. [{msgEx}])"
};
reply = request.CreateResponse(HttpStatusCode.BadRequest, tokenMsg);
//log.Info($"{request.RequestUri.ToString()} - {tokenMsg.Message}");
return(await Task.FromResult(reply));
#endregion
}
}
else
{
#region Token inexistente.
var tokenMsg = new UserTokenModel
{
Success = false,
Token = null,
Message = $"{(short)HttpStatusCode.ExpectationFailed} - {HttpStatusCode.ExpectationFailed.ToString()} (Token inexistente.)"
};
reply = request.CreateResponse(HttpStatusCode.ExpectationFailed, tokenMsg);
//log.Info($"{request.RequestUri.ToString()} - {tokenMsg.Message}");
return(await Task.FromResult(reply));
#endregion
}
//log.Info($"{request.RequestUri.ToString()} - {HttpStatusCode.OK.ToString()}");
return(await base.SendAsync(request, cancellationToken));;
}
protected async Task SetUserTokenAsync(UserTokenModel userToken)
{
await _secureStoreService
.SetUserTokenAsync(userToken);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
//是否启用令牌验证
var rquired = SiteConfig.GetSite("CustomConfiguration", "IsVerifyToken").ToLower() == "true";
if (!rquired)
{
return;
}
var rquireduas = SiteConfig.GetSite("CustomConfiguration", "IsVerifyUasToken").ToLower() == "true";
//是否匿名访问验证
var isDefined = false;
if (context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor)
{
isDefined = controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
.Any(a => a.GetType().Equals(typeof(AnonymousFilter)));
}
if (isDefined)
{
return;
}
JsonSerializerSettings setting = Util.GetJsonSetting();
try
{
var requestHead = context.HttpContext.Request.Headers;
var ReqUserToken = requestHead["ReqUserToken"];
var ReqUserId = requestHead["ReqUserId"];
var ReqDateExpire = requestHead["ReqDateExpire"];
var ReqUasToken = requestHead["ReqUasToken"];
var ReqUasSub = requestHead["ReqUasSub"];
UserTokenModel token = getUserToken(ReqUserToken, ReqUserId, ReqDateExpire);
if (token == null || string.IsNullOrEmpty(token.ReqUserId) || string.IsNullOrEmpty(token.ReqUserToken))
{
var requestQuery = context.HttpContext.Request.Query;
ReqUserToken = requestQuery["ReqUserToken"];
ReqUserId = requestQuery["ReqUserId"];
ReqDateExpire = requestQuery["ReqDateExpire"];
ReqUasToken = requestQuery["ReqUasToken"];
ReqUasSub = requestQuery["ReqUasSub"];
token = getUserToken(ReqUserToken, ReqUserId, ReqDateExpire);
}
if (token == null)
{
token = new UserTokenModel {
ReqUserId = string.Empty
};
}
if (token.ReqUserId == string.Empty || string.IsNullOrEmpty(token.ReqUserToken))
{
context.Result = new JsonResult(new ApiReponseModel <string>()
{
Code = ApiResponseCode.businessfail, Message = "无效的令牌请求参数"
}, setting);
}
else
{
//验证用户令牌
var message = string.Empty;
try
{
if (rquireduas)
{
//Log.Log4netHelper.Error(this, "ReqUasToken:" + ReqUasToken + ">>ReqUasSub:" + ReqUasSub);
if (string.IsNullOrEmpty(ReqUasToken) || string.IsNullOrEmpty(ReqUasSub))
{
message = "UasToken验证失败:ReqUasToken或ReqUasSub为空";
}
else if (!RedisOperation.RedisHelper.Default.KeyExists(ReqUasSub))
{
message = "UasToken验证失败:Redis中不存在Key";
}
else
{
var redisUasToken = RedisOperation.RedisHelper.Default.GetStringKey <string>(ReqUasSub);
if (!redisUasToken.Equals(ReqUasToken))
{
message = "UasToken验证失败:redis中的key与传递的key不相等";
}
}
}
if (string.IsNullOrEmpty(message))
{
var rsa = new RSAHelper(RSAType.RSA2);
var decrypt = rsa.Decrypt(token.ReqUserToken);
if (string.IsNullOrEmpty(decrypt) || decrypt.Length != 36)
{
message = "错误的用户令牌";
}
else if (decrypt != token.ReqUserId)
{
message = "用户信息错误,请重新登录";
}
}
}
catch (Exception ex)
{
message = Util.ExceptionMessage(ex);
}
if (string.IsNullOrEmpty(message))
{
return;
}
context.Result = new JsonResult(new ApiReponseModel <string>()
{
Code = ApiResponseCode.businessfail, Message = message
}, setting);
}
}
catch (Exception ex)
{
var message = Util.ExceptionMessage(ex);
context.Result = new JsonResult(new ApiReponseModel <string>()
{
Code = ApiResponseCode.businessfail, Message = message
}, setting);
}
}
