static void ValidateRequest(HttpRequestBase request)
{
var apiKey = request.GetParameter(XAuthApiKeyKey);
if (string.IsNullOrEmpty(apiKey))
{
throw new ApiAuthorizeException("api key is not found");
}
var app = Models.AppInfo.Apps.Where(x => x.ApiKey == apiKey).FirstOrDefault();
if (null == app)
{
throw new ApiAuthorizeException("api key is invalid");
}
if (Models.AppInfo.AppStatus.Normal != app.Status)
{
throw new ApiAuthorizeException("app is invalid");
}
//ts
var timestamp = request.GetParameter(XAuthTimeStampKey);
if (string.IsNullOrEmpty(timestamp))
{
throw new ApiAuthorizeException("timestamp is not found");
}
double ts;
if (!double.TryParse(timestamp, out ts))
{
throw new ApiAuthorizeException("timestamp is invalid");
}
//timespan 5 min expire
var time = DateTimeExtensions.Date1970.AddMilliseconds(ts);
var now = DateTime.UtcNow;
TimeSpan span = now - time;
if (Math.Abs(span.TotalMinutes) > TimeSpanDifferInMinute)
{
throw new ApiAuthorizeException("request is timeout");
}
//nonce
var nonce = request.GetParameter(XAuthNonceKey);
if (string.IsNullOrEmpty(nonce))
{
throw new ApiAuthorizeException("request nonce is not found");
}
if (NonceCache.Contains(nonce))
{
throw new ApiAuthorizeException("duplicated request");
}
else
{
NonceCache.Add(nonce);
}
//signature
var signature = request.GetParameter(XAuthSignatureKey);
if (string.IsNullOrEmpty(signature))
{
throw new ApiAuthorizeException("signature is not found");
}
//compute signature
var method = request.HttpMethod.ToUpper();
var url = request.Url.AbsoluteUri;
if (!string.IsNullOrEmpty(request.Url.Query))
{
url = url.Replace(request.Url.Query, string.Empty);
}
var paramters = new Dictionary <string, string>();
foreach (var k in request.Form.AllKeys)
{
paramters.Add(k, request.Form.Get(k));
}
foreach (var k in request.QueryString.AllKeys)
{
paramters.Add(k, request.QueryString.Get(k));
}
var paramString = string.Join("&", paramters.OrderBy(d => d.Key).Select(d => string.Format("{0}={1}", (d.Key), (d.Value))).ToArray());
//METHOD&url¶mString&nonce×tamp&secret
var source = UrlEncode(method) + "&" +
UrlEncode(url) + "&" +
UrlEncode(paramString) + "&" +
UrlEncode(nonce) + "&" +
timestamp + "&" + app.ApiSecret;
//LogHelper.Info(source);
var hash = Hashing.ComputeMD5(source);
if (hash != signature)
{
throw new ApiAuthorizeException("signature is invalid");
}
//valid request
//LogHelper.Info(app.Name + "'s request #" + nonce);
}
