/// <summary>
/// 检查用户是否有该Action执行的操作权限
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
//增加操作日志
var log = new Log()
{
Action = $"{actionContext.ControllerContext.ControllerDescriptor.ControllerName}/{actionContext.ActionDescriptor.ActionName}",
Note = GetText(actionContext.ActionArguments)
};
var b = actionContext.Request.Headers.Referrer;
var attr = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>();
if (attr.Any(a => a != null))//判断是否允许匿名调用
{
base.OnActionExecuting(actionContext);
}
else if (b != null && CfgLoader.Instance.GetArraryConfig<string>("Csrf", "Address").Any(r => b.ToString().StartsWith(r)))
{
AuthFrom(actionContext, ref log);
}
else if (b == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
base.OnActionExecuting(actionContext);
log.Save(Guid.Empty);
}
/// <summary>
/// Logs an exception
/// </summary>
/// <param name="msg">Descriptive message</param>
/// <param name="ex">Current exception</param>
/// <param name="authName">Current users authentication name</param>
/// <param name="errorType">Error type</param>
/// <returns>bool Success</returns>
private static bool LogException(string msg, Exception ex, LogMessageType errorType, string authName)
{
bool Success = true;
try {
string exMessage = string.Empty;
string exType = string.Empty;
StringBuilder exSource = new StringBuilder();
string exStackTrace = string.Empty;
string scriptName;
string userAgent = string.Empty;
string referer = string.Empty;
string remoteHost = string.Empty;
string authUser = authName;
string formData = string.Empty;
string queryStringData = string.Empty;
string cookiesData = string.Empty;
if (ex != null) {
while (ex != null) {
if (ex.InnerException == null) {
exMessage = ex.Message;
exType = ex.GetType().ToString();
exStackTrace = ex.StackTrace;
}
exSource.Append("[");
exSource.Append(ex.Source);
exSource.Append("]");
ex = ex.InnerException;
}
}
// Leave all HTTP-specific information out if this
// method is being called from a Win/Console app.
if (HttpContext.Current == null)
scriptName = Environment.CommandLine;
else {
HttpContext thisContext = HttpContext.Current;
HttpRequest thisRequest = thisContext.Request;
scriptName = thisRequest.CurrentExecutionFilePath;
userAgent = thisRequest.ServerVariables["HTTP_USER_AGENT"];
referer = thisRequest.ServerVariables["HTTP_REFERER"];
remoteHost = thisRequest.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (string.IsNullOrEmpty(remoteHost))
remoteHost = thisRequest.ServerVariables["REMOTE_HOST"];
authUser = thisRequest.ServerVariables["AUTH_USER"];
formData = thisRequest.Form.ToString();
queryStringData = thisRequest.QueryString.ToString();
cookiesData = GetCookiesAsString(thisContext);
}
Log log = new Log();
log.AuthUser = authUser;
log.Referer = referer;
log.RemoteHost = remoteHost;
log.Message = msg ?? string.Empty;
log.UserAgent = userAgent;
log.ScriptName = scriptName;
log.ExceptionMessage = exMessage;
log.ExceptionSource = exSource.ToString();
log.ExceptionStackTrace = exStackTrace;
log.MachineName = Environment.MachineName;
log.ExceptionType = exType;
log.MessageType = (byte)errorType;
log.CookiesData = cookiesData;
log.FormData = formData;
log.QueryStringData = queryStringData;
log.LogDate = DateTime.UtcNow;
log.Save();
}
catch {
Success = false;
}
return Success;
}
