public APIAccessModel Get(string appid)
{
APIAccessModel model = null;
redisoperate.model = new APIAccessModel()
{
AppID = appid
};
model = redisoperate.GetFromRedis();
//从数据库读
if (model == null)
{
model = databaseoperate.GetFromDataBase(appid);
//缓存到redis
if (model != null)
{
redisoperate.model = model;
redisoperate.SaveToRedis();
}
}
return(model);
}
/// <summary>
/// 拦截验证请求参数
/// </summary>
/// <param name="actionContext"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public override async Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
//标记 AllowAnonymousAttribute 特性的Controller/Action不做验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
//默认返回值
ResponseBaseCommon resp = new ResponseBaseCommon
{
IsSuccess = false,
MessageCode = (int)ApiBaseErrorCode.API_PARAM_ERROR,
MessageContent = ApiBaseErrorCode.API_PARAM_ERROR.GetRemark(),
};
//如果不是继承自BaseController,返回签名错误
if (!(actionContext.ControllerContext.Controller is BaseController))
{
resp.MessageContent += ",请求未授权";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
m_stattime = DateTime.Now;
var _baseController = ((BaseController)actionContext.ControllerContext.Controller);
i_logger = _baseController.Logger;
i_serializer = _baseController.Serializer;
apiaccesscontrol = _baseController.Apiaccesscontrol;
var appID = string.Empty;
var sign = string.Empty;
var timestamp = string.Empty;
var appid_header = "appid";
var sign_header = "sign";
var timestamp_header = "timestamp";
#region 通过APPID读取缓存的项目信息
if (actionContext.Request.Headers.Contains(appid_header))
{
appID = actionContext.Request.Headers.GetValues(appid_header).FirstOrDefault();
}
//没有指定标头的请求都返回签名错误
if (string.IsNullOrWhiteSpace(appID))
{
resp.MessageContent += ",缺少appid";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
//获取接入信息
APIAccessModel apiaccessmodel = apiaccesscontrol.Get(appID);
//找不到接入信息,返回签名错误
if (apiaccessmodel == null)
{
resp.MessageContent += ",appid无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
//如果不允许接入api,返回权限不足
if (apiaccessmodel.Enable == 0)
{
resp.MessageCode = (int)ApiBaseErrorCode.API_Unauthorized;
resp.MessageContent = ApiBaseErrorCode.API_Unauthorized.GetRemark();
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
#endregion
//1 时间戳验证、2 签名验证、 4 接口权限验证、 8参数验证
#region 验证时间戳
if ((apiaccessmodel.NeedVerify & 1) == 1)
{
if (actionContext.Request.Headers.Contains(timestamp_header))
{
timestamp = actionContext.Request.Headers.GetValues(timestamp_header).FirstOrDefault();
}
if (string.IsNullOrWhiteSpace(timestamp))
{
resp.MessageContent += ",时间戳无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
long _timestamp = 0L;
if (long.TryParse(timestamp, out _timestamp))
{
var reqTime = DateTime.Parse("1970.1.1").AddSeconds(_timestamp);
//请求时间在前后5分钟之外的,返回请求过期
if (reqTime > DateTime.UtcNow.AddMinutes(5) ||
reqTime < DateTime.UtcNow.AddMinutes(-5))
{
resp.MessageContent = "请求已过期";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
else
{
resp.MessageContent = "请求已过期";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
#endregion
#region 验证签名
//读取请求流,获取签名数据
var reqContent = string.Empty;
if ((apiaccessmodel.NeedVerify & 2) == 2)
{
//如果公钥或secret为空,返回签名错误
if (string.IsNullOrWhiteSpace(apiaccessmodel.PublicKey) || string.IsNullOrWhiteSpace(apiaccessmodel.Secret))
{
resp.MessageContent = "参数配置错误";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
if (actionContext.Request.Method.Method == "GET")
{
reqContent = HttpContext.Current.Request.QueryString.ToString();
if (!string.IsNullOrEmpty(reqContent))
{
reqContent = reqContent.TrimStart('?');
}
}
else
{
var stream = await actionContext.Request.Content.ReadAsStreamAsync();
stream.Position = 0;
var reader = new StreamReader(stream);
reqContent = reader.ReadToEnd();
//重置请求流文件的状态
stream.Position = 0;
}
if (string.IsNullOrWhiteSpace(reqContent))
{
resp.MessageContent += ",未检测到请求参数";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
if (actionContext.Request.Headers.Contains(sign_header))
{
sign = actionContext.Request.Headers.GetValues(sign_header).FirstOrDefault();
}
// sign标头值为空,则返回签名错误
if (string.IsNullOrWhiteSpace(sign))
{
resp.MessageContent += ",签名无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
else
{
string signparam = string.Empty;
try
{
//要签名的字符串为参数拼接后的字符串(或json字符串)+secret+timestamp
signparam = string.Concat("param=", reqContent, "&secret=", apiaccessmodel.Secret, "×tamp=", timestamp);
var result = Signature.verify(signparam, sign, apiaccessmodel.PublicKey, "UTF-8");
if (!result)
{
resp.MessageContent = "验证签名失败";
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogLogic(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};signparam:{3};返回参数:{4}", reqContent, appID, sign, signparam, i_serializer.Serialize(resp))
);
return;
}
}
catch (Exception ex)
{
resp.MessageContent = "验证签名失败";
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogError(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};signparam:{3};返回参数:{4}", reqContent, appID, sign, signparam, i_serializer.Serialize(resp)),
ex.ToString()
);
return;
}
}
}
#endregion
#region 接口权限验证
if ((apiaccessmodel.NeedVerify & 4) == 4)
{
var url = actionContext.ControllerContext.Request.RequestUri.ToString().Split('/');
if (url.Length == 6)
{
bool result = false;
string[] test = { };
//todo 权限验证
foreach (var item in test)
{
if (url[5].Equals(item))
{
result = true;
break;
}
}
if (!result)
{
resp.MessageCode = (int)ApiBaseErrorCode.API_INTERFACENAME_ERROR;
resp.MessageContent = ApiBaseErrorCode.API_INTERFACENAME_ERROR.GetRemark();
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
#endregion
#region 验证参数规范
if ((apiaccessmodel.NeedVerify & 8) == 8)
{
if (!actionContext.ModelState.IsValid)
{
int num = 1;
List <string> values = new List <string>();
//获取所有错误的Key
List <string> Keys = actionContext.ModelState.Keys.ToList();
//获取每一个key对应的ModelStateDictionary
foreach (var key in Keys)
{
var errors = actionContext.ModelState[key].Errors.ToList();
//将错误描述添加到sb中
foreach (var error in errors)
{
values.Add(string.Concat(num, ".", key + ":", error.ErrorMessage));
num++;
}
}
resp.MessageContent = string.Concat(ApiBaseErrorCode.API_PARAM_ERROR.GetRemark(), ":", string.Join(";", values));
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogLogic(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};返回参数:{3}", reqContent, appID, sign, i_serializer.Serialize(resp))
);
return;
}
}
#endregion
}
