Esempio n. 1
0
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var descriptor          = (Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
            var attributeController = (IgnoreSignAttribute)descriptor.ControllerTypeInfo.GetCustomAttributes(typeof(IgnoreSignAttribute), true).FirstOrDefault();

            if (attributeController != null)
            {
                goto gotoNext;
            }

            var attribute = (IgnoreSignAttribute)descriptor.MethodInfo.GetCustomAttributes(typeof(IgnoreSignAttribute), true).FirstOrDefault();

            if (attribute != null)
            {
                goto gotoNext;
            }

            if (!GetSignValue(context.HttpContext.Request))
            {
                SignCommon.BuildErrorJson(context);
                return;
            }
            else
            {
                goto gotoNext;
            }

gotoNext:
            base.OnActionExecuting(context);
        }
Esempio n. 2
0
        public IActionResult CreateSign()
        {
            var query = HttpUtility.ParseQueryString(string.Empty);

            query["appid"] = "sadfsdf";       //必传 应用id

            var sign = SignCommon.CreateSign("sadfsdf", query: query, body: new { a = 1, b = "1" });

            query.Add("sign", sign);
            return(Ok(sign));
        }
        public IActionResult CreateSign()
        {
            Dictionary <string, string> queryDic = new Dictionary <string, string>();

            queryDic.Add("appid", "111");
            queryDic.Add("c", "1");
            queryDic.Add("d", "1");
            var sign = SignCommon.CreateSign("sadfsdf", queryDic: queryDic, body: new { a = 1, b = "1" });

            queryDic.Add("sign", sign);
            return(Ok(sign));
        }
Esempio n. 4
0
        public IActionResult ValidSign()
        {
            var query = HttpUtility.ParseQueryString(string.Empty);

            query["serverid"] = "1";
            var sign = SignCommon.CreateSign("secret", query: query, body: new { a = 1, b = "1" });

            query.Add("sign", sign);
            return(Ok(new ResponseResult {
                Result = sign
            }));
        }
Esempio n. 5
0
        public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            IServiceProvider serviceProvider = context.HttpContext.RequestServices;
            var _logger           = serviceProvider.GetRequiredService <ILogger <VerifySignAttribute> >();
            var _configuration    = serviceProvider.GetRequiredService <IConfiguration>();
            var _verifySignCommon = serviceProvider.GetService <IOperationFilter>();
            var _verifySignOption = serviceProvider.GetService <VerifySignOption>();

            if (!_verifySignOption?.Enabled ?? true)
            {
                goto gotoNext;
            }

            var descriptor          = (Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
            var attributeController = (IgnoreSignAttribute)descriptor.ControllerTypeInfo.GetCustomAttributes(typeof(IgnoreSignAttribute), true).FirstOrDefault();

            if (attributeController != null)
            {
                goto gotoNext;
            }

            var attribute = (IgnoreSignAttribute)descriptor.MethodInfo.GetCustomAttributes(typeof(IgnoreSignAttribute), true).FirstOrDefault();

            if (attribute != null)
            {
                goto gotoNext;
            }

            var result = await GetSignValue(context.HttpContext, _logger, _verifySignOption, _verifySignCommon);

            if (_verifySignOption.IsForce && !result.Item1)
            {
                SignCommon.BuildErrorJson(context);
                await Task.CompletedTask;
                return;
            }
            else
            {
                goto gotoNext;
            }

gotoNext:
            await next();
        }
Esempio n. 6
0
        private async Task <Tuple <bool, string> > GetSignValue(HttpContext request, ILogger <VerifySignAttribute> _logger, VerifySignOption _verifySignOption, IOperationFilter _verifySignCommon)
        {
            try
            {
                var convertedDictionatry = request.Request.Query.ToDictionary(s => s.Key, s => s.Value);
                var queryDic             = new Dictionary <string, string>();
                foreach (var item in convertedDictionatry)
                {
                    queryDic.Add(item.Key.ToLower(), item.Value);
                }
                var encryptEnum = EncryptEnum.Default;

                var commonParameters = _verifySignOption.CommonParameters;

                if (!queryDic.ContainsKey(commonParameters.TimestampName) || !queryDic.ContainsKey(commonParameters.AppIdName) || !queryDic.ContainsKey(commonParameters.SignName))
                {
                    _logger.LogWarning("url参数中未找到签名所需参数[timestamp];[appid];[EncryptFlag]或[sign]");
                    return(Tuple.Create <bool, string>(false, "签名参数缺失"));
                }

                if (queryDic.ContainsKey(commonParameters.EncryptFlag) && int.TryParse(queryDic[commonParameters.EncryptFlag].ToString(), out int encryptint))
                {
                    encryptEnum = (EncryptEnum)encryptint;
                }

                var timestampStr = queryDic[commonParameters.TimestampName];
                if (!long.TryParse(timestampStr, out long timestamp) || !CheckTime(timestamp, _verifySignOption))
                {
                    _logger.LogWarning($"{timestampStr}时间戳已过期");
                    return(Tuple.Create <bool, string>(false, "请校准客户端时间后再试"));
                }

                var appIdString = queryDic[commonParameters.AppIdName].ToString();
                if (string.IsNullOrEmpty(appIdString))
                {
                    _logger.LogWarning(@"The request parameter is missing the Ak/Sk appID parameter
                                          VerifySign:{
                                            AppSecret:{
                                            [AppId]:[Secret]
                                                      }}");
                    return(Tuple.Create <bool, string>(false, "服务异常,AppIdName未配置"));
                }

                var signvalue = queryDic[commonParameters.SignName].ToString();
                queryDic.Remove(commonParameters.SignName);

                var bodyValue = await SignCommon.ReadAsStringAsync(request);

                if (!string.IsNullOrEmpty(bodyValue) && !"null".Equals(bodyValue))
                {
                    bodyValue = Regex.Replace(bodyValue, @"\s(?=([^""]*""[^""]*"")*[^""]*$)", string.Empty);

                    bodyValue = bodyValue.Replace("\r\n", "").Replace(" : ", ":").Replace("\n  ", "").Replace("\n", "").Replace(": ", ":").Replace(", ", ",");

                    queryDic.Add("body", bodyValue);
                }
                var dicOrder = queryDic.OrderBy(s => s.Key, StringComparer.Ordinal).ToList();

                StringBuilder requestStr = new StringBuilder();
                for (int i = 0; i < dicOrder.Count(); i++)
                {
                    if (i == dicOrder.Count() - 1)
                    {
                        requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}");
                    }
                    else
                    {
                        requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}&");
                    }
                }

                var utf8Request = SignCommon.GetUtf8(requestStr.ToString());

                var result = _verifySignCommon.GetSignhHash(utf8Request, _verifySignCommon.GetSignSecret(appIdString), encryptEnum);
                if (_verifySignOption.IsDebug)
                {
                    _logger.LogInformation($"请求接口地址:{request.Request.Path}");
                    _logger.LogInformation($"拼装排序后的值{Convert.ToBase64String(Encoding.Default.GetBytes(utf8Request))}");
                    _logger.LogInformation($"摘要比对: {result}----{signvalue }");
                }
                else if (signvalue != result)
                {
                    _logger.LogWarning(@$ "摘要被篡改:[iphide]----{signvalue }
                                            查看详情,请设置VerifySignOption节点的IsDebug为true");
                }
                if (signvalue == result)
                {
                    return(Tuple.Create <bool, string>(true, "签名通过"));
                }
                return(Tuple.Create <bool, string>(false, "签名异常,请求非法"));
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "签名异常");
                return(Tuple.Create <bool, string>(false, "签名异常"));
            }
        }
Esempio n. 7
0
        private bool GetSignValue(HttpRequest request)
        {
            try
            {
                var queryDic         = request.Query.ToDictionary(s => s.Key, s => s.Value);
                var commonParameters = _verifySignOption.CommonParameters;
                if (!queryDic.ContainsKey(commonParameters.TimestampName) || !queryDic.ContainsKey(commonParameters.AppIdName) || !queryDic.ContainsKey(commonParameters.SignName))
                {
                    _logger.LogError("url参数中未找到签名所需参数[timestamp];[appid]或[sign]");
                    return(false);
                }

                var timestampStr = queryDic[commonParameters.TimestampName];
                if (!long.TryParse(timestampStr, out long timestamp) || !CheckTime(timestamp))
                {
                    _logger.LogError($"{timestampStr}时间戳已过期");
                    return(false);
                }

                var appIdString = queryDic[commonParameters.AppIdName].ToString();
                if (string.IsNullOrEmpty(appIdString))
                {
                    _logger.LogError(@"The request parameter is missing the Ak/Sk appID parameter
                                          VerifySign:{
                                            AppSecret:{
                                            [AppId]:[Secret]
                                                      }}");
                    return(false);
                }

                var signvalue = queryDic[commonParameters.SignName].ToString();
                queryDic.Remove(commonParameters.SignName);

                var bodyValue = SignCommon.ReadAsString(request);
                if (!string.IsNullOrEmpty(bodyValue) && !"null".Equals(bodyValue))
                {
                    var dict = JsonSerializer.Deserialize <Dictionary <string, string> >(bodyValue);
                    foreach (var item in dict)
                    {
                        queryDic.Add(item.Key, item.Value);
                        if (_verifySignOption.IsDebug)
                        {
                            _logger.LogInformation($"字段:{item.Key}--值:{item.Value}");
                        }
                    }
                }
                var dicOrder = queryDic.OrderBy(s => s.Key, StringComparer.Ordinal).ToList();

                StringBuilder requestStr = new StringBuilder();
                for (int i = 0; i < dicOrder.Count(); i++)
                {
                    if (i == dicOrder.Count() - 1)
                    {
                        requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}");
                    }
                    else
                    {
                        requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}&");
                    }
                }

                var utf8Request = SignCommon.GetUtf8(requestStr.ToString());

                var result = _verifySignCommon.GetSignhHash(utf8Request, _verifySignCommon.GetSignSecret(appIdString));
                if (_verifySignOption.IsDebug)
                {
                    _logger.LogInformation($"拼装排序后的值{request.Path}");
                    _logger.LogInformation($"拼装排序后的值{requestStr}");
                    _logger.LogInformation($"摘要计算后的值:{result}");
                    _logger.LogInformation($"摘要比对: {result}----{signvalue }");
                }
                else if (signvalue != result)
                {
                    _logger.LogWarning(@$ "摘要被篡改:[iphide]----{signvalue }
                                            查看详情,请设置VerifySignOption节点的IsDebug为true");
                }
                return(signvalue == result);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "签名异常");
                return(false);
            }
        }