/// <summary>
/// 获取请求的方法对象
/// </summary>
/// <param name="obj"></param>
/// <param name="action"></param>
/// <param name="requestMethodInfo"></param>
/// <param name="signKeyEnum"></param>
private void GetMethodInfo(object obj, string action, ref MethodInfo requestMethodInfo, ref ApiMethodAttribute apiMethodAttribute, ref AuthorizeAttribute authorizeAttribute)
{
Type type = obj.GetType();
requestMethodInfo = type.GetMethod(action);
if (requestMethodInfo == null)
{
return;
}
Attribute attribute = requestMethodInfo.GetCustomAttribute(typeof(ApiMethodAttribute));
if (attribute != null)
{
ApiMethodAttribute apiMethodAttr = (ApiMethodAttribute)attribute;
apiMethodAttribute.SignKeyEnum = apiMethodAttr.SignKeyEnum;
apiMethodAttribute.RespDataTypeEnum = apiMethodAttr.RespDataTypeEnum;
apiMethodAttribute.SysIdAndVersionNo = apiMethodAttr.SysIdAndVersionNo;
apiMethodAttribute.IconOutputLock = apiMethodAttr.IconOutputLock;
}
else
{
apiMethodAttribute.SignKeyEnum = SignKeyEnum.DogNoToken;
apiMethodAttribute.RespDataTypeEnum = RespDataTypeEnum.Json;
apiMethodAttribute.SysIdAndVersionNo = true;
apiMethodAttribute.IconOutputLock = false;
}
//类对象授权验证
attribute = type.GetCustomAttribute(typeof(AuthorizeAttribute));
if (attribute != null)
{
AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute;
authorizeAttribute.Roles = authorizeAttr.Roles;
authorizeAttribute.Users = authorizeAttr.Users;
authorizeAttribute.Merches = authorizeAttr.Merches;
}
//方法授权验证
attribute = requestMethodInfo.GetCustomAttribute(typeof(AuthorizeAttribute));
if (attribute != null)
{
AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute;
authorizeAttribute.Roles = (authorizeAttribute.Roles + "," + authorizeAttr.Roles).Trim(',');
authorizeAttribute.Users = (authorizeAttribute.Users + "," + authorizeAttr.Users).Trim(',');
authorizeAttribute.Merches = (authorizeAttribute.Merches + "," + authorizeAttr.Merches).Trim(',');
}
//匿名授权验证
attribute = requestMethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
if (attribute != null)
{
authorizeAttribute.Roles = string.Empty;
authorizeAttribute.Users = string.Empty;
authorizeAttribute.Merches = string.Empty;
}
}
/// <summary>
/// 验证访问权限
/// </summary>
/// <param name="context">上下文信息</param>
/// <param name="errMsg">错误信息</param>
/// <returns></returns>
private bool CheckAuthorize(AuthorizeAttribute authorizeAttribute, SignKeyEnum signKeyEnum, Dictionary <string, object> dicParas, out string errMsg)
{
errMsg = string.Empty;
switch (signKeyEnum)
{
case SignKeyEnum.MobileToken: break;
case SignKeyEnum.XCGameMemberToken: break;
case SignKeyEnum.XCGameMemberOrMobileToken: break;
case SignKeyEnum.XCGameUserCacheToken: break;
case SignKeyEnum.XCCloudUserCacheToken:
{
string token = dicParas["userToken"].ToString();
//验证token
XCCloudUserTokenModel userTokenKeyModel = XCCloudUserTokenBusiness.GetUserTokenModel(token);
if (userTokenKeyModel == null)
{
errMsg = "token无效";
return(false);
}
else
{
if (!string.IsNullOrEmpty(authorizeAttribute.Roles))
{
string roleName = Enum.GetName(typeof(RoleType), userTokenKeyModel.LogType);
if (!authorizeAttribute.Roles.Contains(roleName))
{
errMsg = "当前用户无权访问";
return(false);
}
}
if (!string.IsNullOrEmpty(authorizeAttribute.Merches))
{
var merchDataModel = userTokenKeyModel.DataModel as MerchDataModel;
if (merchDataModel == null)
{
errMsg = "当前用户无权访问";
return(false);
}
string merchType = Enum.GetName(typeof(MerchType), merchDataModel.MerchType);
if (!authorizeAttribute.Merches.Contains(merchType))
{
errMsg = "当前用户无权访问";
return(false);
}
}
}
break;
}
case SignKeyEnum.MethodToken: break;
default: break;
}
return(true);
}
/// <summary>
/// 处理请求,完成安全验证,调用接口方法
/// </summary>
/// <param name="context"></param>
public void ProcessRequest(HttpContext context)
{
ApiRequestLog ar = new ApiRequestLog();
context.Response.AddHeader("Access-Control-Allow-Origin", "*");
//验证请求参数
string errMsg = string.Empty; //异常错误
string signKeyToken = string.Empty; //
string postJson = string.Empty; //json
int apiType = 0; //0-XCloud项目,1-XCGame项目,2-xcgamemana项目
ApiMethodAttribute apiMethodAttribute = new ApiMethodAttribute();
AuthorizeAttribute authorizeAttribute = new AuthorizeAttribute();
MethodInfo requestMethodInfo = null;
Dictionary <string, object> dicParas = null;
string requestUrl = string.Empty;
string action = RequestHelper.GetString("action");
try
{
//获取请求的方法信息
GetMethodInfo(this, action, ref requestMethodInfo, ref apiMethodAttribute, ref authorizeAttribute);
if (requestMethodInfo == null)
{
isSignKeyReturn = IsSignKeyReturn(apiMethodAttribute.SignKeyEnum);
errMsg = "请求方法无效";
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
return;
}
//验证请求参数
if (!CheckRequestParam(context, apiMethodAttribute, ref dicParas, out errMsg, out postJson, out apiType, out requestUrl, out sysId, out versionNo))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证参数签名
if (!CheckSignKey(apiMethodAttribute.SignKeyEnum, dicParas, out signKeyToken, out errMsg))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证访问权限
if (!CheckAuthorize(authorizeAttribute, apiMethodAttribute.SignKeyEnum, dicParas, out errMsg))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证是否锁定接口
//if(!CheckIconOutputLock(apiMethodAttribute,dicParas,out errMsg))
//{
// ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
// var obj = ResponseModelFactory.CreateModel(isSignKeyReturn, Return_Code.T, "", Result_Code.F, errMsg);
// SuccessResponseOutput(context, apiMethodAttribute, obj, signKeyToken);
// return;
//}
//调用请求方法
object[] paras = null;
if (requestMethodInfo.GetParameters().Count <object>() > 0)
{
paras = new object[1] {
dicParas
};
}
object resObj = requestMethodInfo.Invoke(this, paras);
SuccessResponseOutput(context, apiMethodAttribute, resObj, signKeyToken);
string return_code;
string return_msg;
string result_code;
string result_msg;
GetResObjInfo(resObj, out return_code, out return_msg, out result_code, out result_msg);
ar.show(apiType, requestUrl + "?action=" + action, postJson, return_code, return_msg, sysId, result_msg);
}
catch (Exception ex)
{
FailResponseOutput(context, apiMethodAttribute, ex.Message, signKeyToken);
LogHelper.SaveLog(TxtLogType.Api, TxtLogContentType.Exception, TxtLogFileType.Day, Utils.GetException(ex));
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, Utils.GetException(ex), sysId);
}
}