Esempio n. 1
0
        private static string BuildSign(string clientSecret, NameValueCollection collection)
        {
            string sign = HotSignatureHelper.BuildSign(collection,
                                                       clientSecret,
                                                       new HotSignatureHelper.BuildSettingModel()
            {
                EcryptType   = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32,
                SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.ALL,
                JoinFormat   = HotSignatureHelper.PreSignStrJoinFormatOptions.None
            }).ToUpper();

            return(sign);
        }
Esempio n. 2
0
 /// <summary>
 /// 验证签名
 /// </summary>
 public void VerifySignCheck()
 {
     try
     {
         prams = GetParams(Context.Request);
         if (enableSign)
         {
             string signParam = prams.Value <string>("sign");//签名
             long   timestamp = prams.Value <long>("timestamp");
             if (prams == null || prams.Count <= 0)
             {
                 result.setResult(ApiStatusCode.签名无效, "签名无效");
             }
             else
             {
                 DateTime date = DateTime.Now;
                 if (timestamp < GetUTCTime(date.AddMinutes(-5)) || timestamp > GetUTCTime(date.AddMinutes(5)))
                 {
                     result.setResult(ApiStatusCode.签名无效, "签名无效");
                 }
                 StringBuilder sbParam = new StringBuilder();
                 Dictionary <string, string> parameters = new Dictionary <string, string>();
                 foreach (var item in prams)
                 {
                     parameters.Add(item.Key.ToLower(), item.Value.ToString());
                 }
                 string sign = HotSignatureHelper.BuildSign(parameters, AppSecrect, new HotSignatureHelper.BuildSettingModel()
                 {
                     JoinFormat   = HotSignatureHelper.PreSignStrJoinFormatOptions.UrlParameter,
                     EcryptType   = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32,
                     SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.Suffix
                 });
                 if (string.IsNullOrEmpty(signParam) || !signParam.Equals(sign))
                 {
                     result.setResult(ApiStatusCode.签名无效, "签名无效");
                 }
             }
         }
     }
     catch (Exception ex)
     {
         LogHelper.Debug(string.Format("StackTrace:{0},Message:{1}", ex.StackTrace, ex.Message));
         result.setResult(ApiStatusCode.务器错误, ex.Message);
     }
     if (result.code != (int)ApiStatusCode.OK)
     {
         JsonResult(result);
     }
 }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            //获取头部信息
            HttpContextBase context    = filterContext.HttpContext;
            string          appVersion = GetHeaderValue(context, "appVersion");                                          //APP版本
            string          hwid       = GetHeaderValue(context, "hwid");                                                //设备号
            string          mobileType = GetHeaderValue(context, "mobileType");                                          //设备类型
            int             osType     = GetHeaderIntValue(context, "osType", (int)HQEnums.ClientOsTypeOptions.unknown); //系统类型  miniprogram->0;ios->1;android->2;h5->3
            string          osVersion  = GetHeaderValue(context, "osVersion");                                           // 系统版本
            string          ttid       = GetHeaderValue(context, "ttid");                                                //渠道信息
            string          userToken  = GetHeaderValue(context, "userToken");                                           //用户token
            string          userId     = GetHeaderValue(context, "userId");                                              //用户ID
            int             platType   = GetHeaderIntValue(context, "platType", (int)PlatformTypeOptions.拼多多);

            //签名校验
            if (!this.DebugMode)
            {
                string requestSign = context.Request["sign"];
                if (string.IsNullOrEmpty(requestSign))
                {
                    filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.签名未传);
                    return;
                }
                JObject prams = GetParams(filterContext.HttpContext.Request);
                SortedDictionary <string, string> paramters = new SortedDictionary <string, string>();
                paramters.Add("userToken", userToken);
                foreach (var item in prams)
                {
                    if (item.Key != "sign" && !string.IsNullOrEmpty(item.Value.ToString()))
                    {
                        paramters.Add(item.Key.ToLower(), item.Value.ToString());
                    }
                }

                string currentSign = HotSignatureHelper.BuildSign(paramters, HQGlobalConfigProvider.ApiSecret, new HotSignatureHelper.BuildSettingModel()
                {
                    JoinFormat   = HotSignatureHelper.PreSignStrJoinFormatOptions.None,
                    EcryptType   = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32,
                    SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.Suffix
                });

                if (!requestSign.Equals(currentSign))
                {
                    filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.签名错误);
                    return;
                }
            }

            //登录校验,由调用的地方自行决定是否需要
            if (this.flgCheckLogin)
            {
                UsersModel userInfo = UsersBLL.Instance.GetModelByToken(userToken);
                if (userInfo == null)
                {
                    filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户未登录);
                    return;
                }
                if (userInfo.UserId.ToString() != userId)
                {
                    filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户登录信息非法);
                    return;
                }
                if (userInfo.IsLocked == 1)
                {
                    filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户已被冻结);
                    return;
                }
            }

            //注入header参数
            var actionParameters = filterContext.ActionDescriptor.GetParameters();

            foreach (var p in actionParameters)
            {
                if (p.ParameterType == typeof(HQRequestHeader))
                {
                    int.TryParse(userId, out int iUserId);
                    filterContext.ActionParameters[p.ParameterName] = new HQRequestHeader()
                    {
                        appVersion = appVersion,
                        hwid       = hwid,
                        mobileType = mobileType,
                        osType     = osType,
                        ttid       = ttid,
                        userIdStr  = userId,
                        userId     = iUserId,
                        userToken  = userToken,
                        platType   = platType
                    };
                    break;
                }
            }
        }