private static string BuildSign(string clientSecret, NameValueCollection collection) { string sign = HotSignatureHelper.BuildSign(collection, clientSecret, new HotSignatureHelper.BuildSettingModel() { EcryptType = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32, SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.ALL, JoinFormat = HotSignatureHelper.PreSignStrJoinFormatOptions.None }).ToUpper(); return(sign); }
/// <summary> /// 验证签名 /// </summary> public void VerifySignCheck() { try { prams = GetParams(Context.Request); if (enableSign) { string signParam = prams.Value <string>("sign");//签名 long timestamp = prams.Value <long>("timestamp"); if (prams == null || prams.Count <= 0) { result.setResult(ApiStatusCode.签名无效, "签名无效"); } else { DateTime date = DateTime.Now; if (timestamp < GetUTCTime(date.AddMinutes(-5)) || timestamp > GetUTCTime(date.AddMinutes(5))) { result.setResult(ApiStatusCode.签名无效, "签名无效"); } StringBuilder sbParam = new StringBuilder(); Dictionary <string, string> parameters = new Dictionary <string, string>(); foreach (var item in prams) { parameters.Add(item.Key.ToLower(), item.Value.ToString()); } string sign = HotSignatureHelper.BuildSign(parameters, AppSecrect, new HotSignatureHelper.BuildSettingModel() { JoinFormat = HotSignatureHelper.PreSignStrJoinFormatOptions.UrlParameter, EcryptType = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32, SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.Suffix }); if (string.IsNullOrEmpty(signParam) || !signParam.Equals(sign)) { result.setResult(ApiStatusCode.签名无效, "签名无效"); } } } } catch (Exception ex) { LogHelper.Debug(string.Format("StackTrace:{0},Message:{1}", ex.StackTrace, ex.Message)); result.setResult(ApiStatusCode.务器错误, ex.Message); } if (result.code != (int)ApiStatusCode.OK) { JsonResult(result); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { //获取头部信息 HttpContextBase context = filterContext.HttpContext; string appVersion = GetHeaderValue(context, "appVersion"); //APP版本 string hwid = GetHeaderValue(context, "hwid"); //设备号 string mobileType = GetHeaderValue(context, "mobileType"); //设备类型 int osType = GetHeaderIntValue(context, "osType", (int)HQEnums.ClientOsTypeOptions.unknown); //系统类型 miniprogram->0;ios->1;android->2;h5->3 string osVersion = GetHeaderValue(context, "osVersion"); // 系统版本 string ttid = GetHeaderValue(context, "ttid"); //渠道信息 string userToken = GetHeaderValue(context, "userToken"); //用户token string userId = GetHeaderValue(context, "userId"); //用户ID int platType = GetHeaderIntValue(context, "platType", (int)PlatformTypeOptions.拼多多); //签名校验 if (!this.DebugMode) { string requestSign = context.Request["sign"]; if (string.IsNullOrEmpty(requestSign)) { filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.签名未传); return; } JObject prams = GetParams(filterContext.HttpContext.Request); SortedDictionary <string, string> paramters = new SortedDictionary <string, string>(); paramters.Add("userToken", userToken); foreach (var item in prams) { if (item.Key != "sign" && !string.IsNullOrEmpty(item.Value.ToString())) { paramters.Add(item.Key.ToLower(), item.Value.ToString()); } } string currentSign = HotSignatureHelper.BuildSign(paramters, HQGlobalConfigProvider.ApiSecret, new HotSignatureHelper.BuildSettingModel() { JoinFormat = HotSignatureHelper.PreSignStrJoinFormatOptions.None, EcryptType = HotSignatureHelper.EncryptTypeOptions.MD5_UTF8_32, SaltPosition = HotSignatureHelper.SaltAppendPositionOptions.Suffix }); if (!requestSign.Equals(currentSign)) { filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.签名错误); return; } } //登录校验,由调用的地方自行决定是否需要 if (this.flgCheckLogin) { UsersModel userInfo = UsersBLL.Instance.GetModelByToken(userToken); if (userInfo == null) { filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户未登录); return; } if (userInfo.UserId.ToString() != userId) { filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户登录信息非法); return; } if (userInfo.IsLocked == 1) { filterContext.Result = this.GetJsonResult(HQEnums.ResultOptionType.用户已被冻结); return; } } //注入header参数 var actionParameters = filterContext.ActionDescriptor.GetParameters(); foreach (var p in actionParameters) { if (p.ParameterType == typeof(HQRequestHeader)) { int.TryParse(userId, out int iUserId); filterContext.ActionParameters[p.ParameterName] = new HQRequestHeader() { appVersion = appVersion, hwid = hwid, mobileType = mobileType, osType = osType, ttid = ttid, userIdStr = userId, userId = iUserId, userToken = userToken, platType = platType }; break; } } }