/// <summary>
///
/// </summary>
/// <param name="url">要请求的地址</param>
/// <param name="queryStringData">querystring参数键值对</param>
/// <returns></returns>
public async Task <SDKResult> GetAsync(string url, IDictionary <string, object> queryStringData)
{
// var orderedQS = queryStringData.OrderBy(kv => kv.Key);
//var qsItems = orderedQS.Select(kv=>kv.Key+"="+kv.Value);
if (queryStringData == null)
{
throw new ArgumentNullException("queryStringData不能为null");
}
var qsItems = queryStringData.OrderBy(kv => kv.Key)
.Select(kv => kv.Key + "=" + kv.Value);
var queryString = string.Join("&", qsItems);
string sign = MD5Helper.ComputeMd5(queryString + appSecret);
using (HttpClient hc = new HttpClient())
{
hc.DefaultRequestHeaders.Add("AppKey", appKey);
hc.DefaultRequestHeaders.Add("Sign", sign);
var resp = await hc.GetAsync(serverRoot + url + "?" + queryString);
SDKResult sdkResult = new SDKResult();
sdkResult.Result = await resp.Content.ReadAsStringAsync();
sdkResult.StatusCode = resp.StatusCode;
return(sdkResult);
}
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//获得报文头中的AppKey和Sign
IEnumerable <string> appKeys;
if (!actionContext.Request.Headers.TryGetValues("AppKey", out appKeys))
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("报文头中的AppKey为空")
});
}
IEnumerable <string> signs;
if (!actionContext.Request.Headers.TryGetValues("Sign", out signs))
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("报文头中的Sign为空")
});
}
string appKey = appKeys.First();
string sign = signs.First();
var appInfo = await appInfoService.GetByAppKeyAsync(appKey);
if (appInfo == null)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("不存在的AppKey")
});
}
if (!appInfo.IsEnabled)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent("AppKey已经被封禁")
});
}
//计算用户输入参数的连接+AppSecret的Md5值
//orderedQS就是按照key(参数的名字)进行排序的QueryString集合
var orderedQS = actionContext.Request.GetQueryNameValuePairs().OrderBy(kv => kv.Key);
var segments = orderedQS.Select(kv => kv.Key + "=" + kv.Value); //拼接key=value的数组
string qs = string.Join("&", segments); //用&符号拼接起来
string computedSign = MD5Helper.ComputeMd5(qs + appInfo.AppSecret); //计算qs+secret的md5值
//用户传进来md5值和计算出来的比对一下,就知道数据是否有被篡改过
if (sign.Equals(computedSign, StringComparison.CurrentCultureIgnoreCase))
{
return(await continuation());
}
else
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
{
Content = new StringContent("sign验证失败")
});
}
}
public async Task <bool> CheckLoginAsync(string phoneNum, string password)
{
using (UCDbContext ctx = new UCDbContext())
{
var user = await ctx.Users.SingleOrDefaultAsync(e => e.PhoneNum == phoneNum);
if (user == null)
{
return(false);
}
string inputHash = MD5Helper.ComputeMd5(password + user.PasswordSalt);
return(user.PasswordHash == inputHash);
}
}
public async Task <long> AddNewAsync(string phoneNum, string nickName, string password)
{
using (UCDbContext ctx = new UCDbContext())
{
if (await ctx.Users.AnyAsync(u => u.PhoneNum == phoneNum))
{
throw new ApplicationException("手机号" + phoneNum + "已经存在");
}
User user = new User();
user.NickName = nickName;
user.PhoneNum = phoneNum;
string salt = new Random().Next(10000, 99999).ToString();
string hash = MD5Helper.ComputeMd5(password + salt);
user.PasswordHash = hash;
user.PasswordSalt = salt;
ctx.Users.Add(user);
await ctx.SaveChangesAsync();
return(user.Id);
}
}
/// <summary>
///
/// </summary>
/// <param name="url">要请求的地址</param>
/// <param name="queryStringData">queryStringData参数键值对</param>
/// <returns></returns>
public async Task <SDKResult> GetAsync(string url, IDictionary <string, object> queryStringData)
{
if (queryStringData == null)
{
throw new ArgumentException("参数queryStringData不能为null");
}
var orderedQS = queryStringData.OrderBy(kv => kv.Key);
var qsList = orderedQS.Select(q => q.Key + "=" + q.Value);
var qsStr = String.Join("&", qsList);
string sign = MD5Helper.ComputeMd5(qsStr + appSecret);
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Add("appKey", appKey);
httpClient.DefaultRequestHeaders.Add("sign", sign);
var response = await httpClient.GetAsync(serverRoot + url + "?" + qsStr);
SDKResult skdResult = new SDKResult();
skdResult.Result = await response.Content.ReadAsStringAsync();
skdResult.StatusCode = response.StatusCode;
return(skdResult);
}
}
