public static bool IsValid <TResponse>(this ISignatureRequest request, Func <string, IUser> getUser, string clientIp, out IUser user, out TResponse response) where TResponse : ResponseBase, new()
 {
     if (clientIp == "localhost" || clientIp == "127.0.0.1")
     {
         user     = null;
         response = null;
         return(true);
     }
     if (_isInnerIpEnabled && Ip.Util.IsInnerIp(clientIp))
     {
         user     = null;
         response = null;
         return(true);
     }
     if (string.IsNullOrEmpty(request.LoginName))
     {
         response = ResponseBase.InvalidInput <TResponse>("登录名不能为空");
         user     = null;
         return(false);
     }
     user = getUser.Invoke(request.LoginName);
     if (user == null)
     {
         string message = "登录名不存在";
         if (request.LoginName == "admin")
         {
             message = "第一次使用,请先设置密码";
         }
         Write.DevLine($"{request.LoginName} {message}");
         response = ResponseBase.NotExist <TResponse>(message);
         return(false);
     }
     if (!request.Timestamp.IsInTime())
     {
         Write.DevLine($"过期的请求 {request.Timestamp}");
         response = ResponseBase.Expired <TResponse>();
         return(false);
     }
     if (request.Sign != request.GetSign(user.Password))
     {
         string message = "用户名或密码错误";
         Write.DevLine($"{request.LoginName} {message}");
         response = ResponseBase.Forbidden <TResponse>(message);
         return(false);
     }
     response = null;
     return(true);
 }
Esempio n. 2
0
        public static bool IsValid <TResponse>(this IGetSignData data, IUser user, string sign, ulong timestamp, string clientIp, out TResponse response) where TResponse : ResponseBase, new()
        {
            if (clientIp == "localhost" || clientIp == "127.0.0.1")
            {
                response = null;
                return(true);
            }
            if (_isInnerIpEnabled && Net.Util.IsInnerIp(clientIp))
            {
                response = null;
                return(true);
            }
            if (user == null)
            {
                string message = "用户不存在";
                response = ResponseBase.NotExist <TResponse>(message);
                return(false);
            }
            else if (user.LoginName == "admin" && string.IsNullOrEmpty(user.Password))
            {
                string message = "第一次使用,请先设置密码";
                response = ResponseBase.NotExist <TResponse>(message);
                return(false);
            }
            if (!timestamp.IsInTime())
            {
                response = ResponseBase.Expired <TResponse>();
                return(false);
            }
            string mySign = GetSign(data, user.LoginName, user.Password, timestamp);

            if (sign != mySign)
            {
                string message = "用户名或密码错误";
                response = ResponseBase.Forbidden <TResponse>(message);
                Write.DevDebug($"{message} sign:{sign} mySign:{mySign}");
                return(false);
            }
            response = null;
            return(true);
        }