public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.Filters.Any(filter => filter is IAllowAnonymousFilter))
{
return;
}
var token = MemberShiper.AppAuthorize.Token;
if (string.IsNullOrEmpty(token))
{
ReponseEnd(new ResultMo(ResultTypes.UnAuthorize, "用户未登录!"), context);
return;
}
var userRes = UserCommon.GetCurrentUser().Result;
if (!userRes.IsSuccess())
{
ReponseEnd(userRes, context);
return;
}
MemberShiper.SetIdentity(new MemberIdentity()
{
Id = userRes.data.id, MemberInfo = userRes.data
});
}
public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.Filters.Any(filter => filter is IAllowAnonymousFilter))
{
return;
}
// 防止cotroller层和action的或者成员信息需求不一致时 的去重验证
if (infoType == MemberInfoType.OnlyId && MemberShiper.IsAuthenticated ||
infoType == MemberInfoType.Info && MemberShiper.Identity.MemberInfo != null)
{
return;
}
var identity = MemberShiper.Identity;
if (identity == null)
{
var identityRes = GetIndentityId();
if (!identityRes.IsSuccess)
{
context.Result = new JsonResult(identityRes);
return;
}
identity = identityRes.Data;
}
if (infoType == MemberInfoType.Info)
{
if (!GetIdentityMemberInfo(identity).IsSuccess)
{
context.Result = new JsonResult(new ResultMo(ResultTypes.UnAuthorize, "未发现授权用户信息"));
return;
}
}
MemberShiper.SetIdentity(identity);
}
public static ResultMo <(long id, int authType)> GetTokenDetail(string appSource, string tokenStr)
{
var tokenDetail = MemberShiper.GetTokenDetail(tokenSecret, tokenStr);
var tokenSplit = tokenDetail.Split('|');
return(new ResultMo <ValueTuple <long, int> >((tokenSplit[0].ToInt64(), tokenSplit[1].ToInt32())));
}
private static UserTokenResp GenerateUserToken(UserInfoBigMo user, MemberAuthorizeType authType)
{
var tokenStr = string.Concat(user.id, "|", (int)authType, "|", DateTime.Now.ToUtcSeconds());
var token = MemberShiper.GetToken(tokenSecret, tokenStr);
return(new UserTokenResp()
{
token = token, user = user.ConvertToMo()
});
}
public async Task Invoke(HttpContext context)
{
if (MemberShiper.AppAuthorize != null)
{
await _next.Invoke(context);
return;
}
SysAuthorizeInfo sysInfo = null;
// 这里是为了兼容App嵌套h5页面,使用App的授权信息
string auticketStr = context.Request.Headers[GlobalKeysUtil.AuthorizeTicketName];
if (!string.IsNullOrEmpty(auticketStr))
{
sysInfo = new SysAuthorizeInfo();
sysInfo.FromSignData(auticketStr);
var secretKeyRes = ApiSourceKeyUtil.GetAppSecretKey(sysInfo.AppSource);
if (!secretKeyRes.IsSuccess())
{
await ResponseEnd(context, secretKeyRes);
return;
}
if (!sysInfo.CheckSign(secretKeyRes.data))
{
await ResponseEnd(context, new ResultMo(ResultTypes.ParaError, "签名验证失败!"));
return;
}
sysInfo.OriginAppSource = sysInfo.AppSource;
}
// 如果不是App访问,添加Web相关系统信息
if (sysInfo == null)
{
sysInfo = new SysAuthorizeInfo
{
Token = context.Request.Cookies[GlobalKeysUtil.UserCookieName],
DeviceId = "WEB"
};
// todo appclient
}
CompleteAuthInfo(sysInfo, context);
MemberShiper.SetAppAuthrizeInfo(sysInfo);
await _next.Invoke(context);
}
public static ResultMo <string> AppendToken(string appSource, long id, MemberAuthorizeType authType)
{
var secreateKeyRes = ApiSourceKeyUtil.GetAppSecretKey(appSource);
if (!secreateKeyRes.IsSuccess)
{
return(secreateKeyRes.ConvertToResultOnly <string>());
}
var tokenCon = string.Concat(id, "|", (int)authType, "|", DateTime.Now.ToUtcSeconds());
return(new ResultMo <string>(MemberShiper.GetToken(secreateKeyRes.Data, tokenCon)));
}
public async void TestRestCommonJson()
{
var req = new OsHttpRequest
{
AddressUrl = "http://localhost:62936",
HttpMethod = HttpMethod.Get
};
MemberShiper.SetAppAuthrizeInfo(new AppAuthorizeInfo());
var res = await req.RestCommonJson <ResultMo>();
Assert.True(res.IsSuccess());
}
public static ResultMo <(long id, int authType)> GetTokenDetail(string appSource, string tokenStr)
{
var secreateKeyRes = ApiSourceKeyUtil.GetAppSecretKey(appSource);
if (!secreateKeyRes.IsSuccess)
{
return(secreateKeyRes.ConvertToResultOnly <(long id, int authType)>());
}
var tokenDetail = MemberShiper.GetTokenDetail(secreateKeyRes.Data, tokenStr);
var tokenSplit = tokenDetail.Split('|');
return(new ResultMo <ValueTuple <long, int> >((tokenSplit[0].ToInt64(), tokenSplit[1].ToInt32())));
}
public async Task Invoke(HttpContext context)
{
if (MemberShiper.AppAuthorize != null)
{
await _next.Invoke(context);
return;
}
AppAuthorizeInfo sysInfo = null;
// 这里是为了兼容App内部嵌套h5页面,使用App的授权信息
string auticketStr = context.Request.Headers[GlobalKeysUtil.AuthorizeTicketName];
if (!string.IsNullOrEmpty(auticketStr))
{
sysInfo = new AppAuthorizeInfo();
sysInfo.FromSignData(auticketStr);
}
// 如果不是App访问,添加Web相关系统信息
if (sysInfo == null)
{
sysInfo = new AppAuthorizeInfo
{
Token = context.Request.Cookies[GlobalKeysUtil.UserCookieName],
DeviceId = "WEB"
};
// todo 给 webbrowser 赋值
}
sysInfo.AppVersion = _appVersion;
sysInfo.AppSource = _appSource;
if (string.IsNullOrEmpty(sysInfo.IpAddress))
{
sysInfo.IpAddress = GetIpAddress(context);
}
MemberShiper.SetAppAuthrizeInfo(sysInfo);
await _next.Invoke(context);
}
public async Task Invoke(HttpContext context)
{
if (MemberShiper.AppAuthorize != null)
{
await _next.Invoke(context);
return;
}
SysAuthorizeInfo sysInfo = null;
// 这里是为了兼容App嵌套h5页面,使用App的授权信息
string auticketStr = context.Request.Headers[authorizeTicket];
if (!string.IsNullOrEmpty(auticketStr))
{
sysInfo = new SysAuthorizeInfo();
sysInfo.FromSignData(auticketStr);
var secretKeyRes = ApiSourceKeyUtil.GetAppSecretKey(sysInfo.AppSource);
if (!secretKeyRes.IsSuccess || !sysInfo.CheckSign(secretKeyRes.Data))
{
context.Response.Redirect(string.Concat("/un/error?msg=", "不正确的应用来源!"));
return;
}
sysInfo.OriginAppSource = sysInfo.AppSource;
}
// 如果不是App访问,添加Web相关系统信息
if (sysInfo == null)
{
sysInfo = new SysAuthorizeInfo();
sysInfo.Token = context.Request.Cookies["ct_id"];
// todo appclient
sysInfo.DeviceId = "WEB";
}
CompleteAuthInfo(sysInfo, context);
MemberShiper.SetAppAuthrizeInfo(sysInfo);
await _next.Invoke(context);
}
public async Task Invoke(HttpContext context)
{
string auticketStr = context.Request.Headers[GlobalKeysUtil.AuthorizeTicketName];
if (string.IsNullOrEmpty(auticketStr))
{
await ResponseEnd(context, new ResultMo(ResultTypes.UnKnowSource, "未知应用来源"));
return;
}
var sysInfo = new SysAuthorizeInfo();
sysInfo.FromSignData(auticketStr);
var secretKeyRes = ApiSourceKeyUtil.GetAppSecretKey(sysInfo.AppSource);
if (!secretKeyRes.IsSuccess())
{
await ResponseEnd(context, secretKeyRes);
return;
}
if (!sysInfo.CheckSign(secretKeyRes.data))
{
await ResponseEnd(context, new ResultMo(ResultTypes.ParaError, "非法应用签名!"));
return;
}
if (string.IsNullOrEmpty(sysInfo.IpAddress))
{
sysInfo.IpAddress = GetIpAddress(context);
}
MemberShiper.SetAppAuthrizeInfo(sysInfo);
await _next.Invoke(context);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
AppAuthorizeInfo sysInfo = null;
var checkSign = !context.Filters.Any(filter => filter is AllowNoSignAttribute);
if (checkSign)
{
string auticketStr = context.HttpContext.Request.Headers[GlobalKeysUtil.AuthorizeTicketName];
if (string.IsNullOrEmpty(auticketStr))
{
context.Result = new JsonResult(new ResultMo(ResultTypes.UnKnowSource, "未知应用来源"));
return;
}
sysInfo = new AppAuthorizeInfo();
sysInfo.FromTicket(auticketStr);
var secretKeyRes = ApiSourceKeyUtil.GetAppSecretKey(sysInfo.AppSource, sysInfo.TenantId);
if (!secretKeyRes.IsSuccess())
{
context.Result = new JsonResult(secretKeyRes);
return;
}
if (!sysInfo.CheckSign(secretKeyRes.data))
{
context.Result = new JsonResult(new ResultMo(ResultTypes.ParaError, "非法应用签名!"));
return;
}
}
if (sysInfo == null)
{
sysInfo = new AppAuthorizeInfo();
}
SetSystemAuthorizeInfo(sysInfo, context);
MemberShiper.SetAppAuthrizeInfo(sysInfo);
}
public async Task Invoke(HttpContext context)
{
string auticketStr = context.Request.Headers[authorizeTicket];
if (auticketStr == null)
{
await ResponseEnd(context, new ResultMo(ResultTypes.UnKnowSource, "未知应用来源"));
return;
}
var sysInfo = new SysAuthorizeInfo();
sysInfo.FromSignData(auticketStr);
var secretKeyRes = ApiSourceKeyUtil.GetAppSecretKey(sysInfo.AppSource);
if (!secretKeyRes.IsSuccess)
{
await ResponseEnd(context, secretKeyRes);
return;
}
if (!sysInfo.CheckSign(secretKeyRes.Data))
{
await ResponseEnd(context, new ResultMo(ResultTypes.ParaNotMeet, "非法应用签名!"));
return;
}
CompleteAuthInfo(sysInfo, context);
MemberShiper.SetAppAuthrizeInfo(sysInfo);
await _next.Invoke(context);
}
