/// <summary> /// 获取请求的方法对象 /// </summary> /// <param name="obj"></param> /// <param name="action"></param> /// <param name="requestMethodInfo"></param> /// <param name="signKeyEnum"></param> private void GetMethodInfo(object obj, string action, ref MethodInfo requestMethodInfo, ref ApiMethodAttribute apiMethodAttribute, ref AuthorizeAttribute authorizeAttribute) { Type type = obj.GetType(); requestMethodInfo = type.GetMethod(action); if (requestMethodInfo == null) { return; } Attribute attribute = requestMethodInfo.GetCustomAttribute(typeof(ApiMethodAttribute)); if (attribute != null) { ApiMethodAttribute apiMethodAttr = (ApiMethodAttribute)attribute; apiMethodAttribute.SignKeyEnum = apiMethodAttr.SignKeyEnum; apiMethodAttribute.RespDataTypeEnum = apiMethodAttr.RespDataTypeEnum; apiMethodAttribute.SysIdAndVersionNo = apiMethodAttr.SysIdAndVersionNo; apiMethodAttribute.IconOutputLock = apiMethodAttr.IconOutputLock; } else { apiMethodAttribute.SignKeyEnum = SignKeyEnum.DogNoToken; apiMethodAttribute.RespDataTypeEnum = RespDataTypeEnum.Json; apiMethodAttribute.SysIdAndVersionNo = true; apiMethodAttribute.IconOutputLock = false; } //类对象授权验证 attribute = type.GetCustomAttribute(typeof(AuthorizeAttribute)); if (attribute != null) { AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute; authorizeAttribute.Roles = authorizeAttr.Roles; authorizeAttribute.Users = authorizeAttr.Users; authorizeAttribute.Merches = authorizeAttr.Merches; } //方法授权验证 attribute = requestMethodInfo.GetCustomAttribute(typeof(AuthorizeAttribute)); if (attribute != null) { AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute; authorizeAttribute.Roles = (authorizeAttribute.Roles + "," + authorizeAttr.Roles).Trim(','); authorizeAttribute.Users = (authorizeAttribute.Users + "," + authorizeAttr.Users).Trim(','); authorizeAttribute.Merches = (authorizeAttribute.Merches + "," + authorizeAttr.Merches).Trim(','); } //匿名授权验证 attribute = requestMethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute)); if (attribute != null) { authorizeAttribute.Roles = string.Empty; authorizeAttribute.Users = string.Empty; authorizeAttribute.Merches = string.Empty; } }
/// <summary> /// 验证访问权限 /// </summary> /// <param name="context">上下文信息</param> /// <param name="errMsg">错误信息</param> /// <returns></returns> private bool CheckAuthorize(AuthorizeAttribute authorizeAttribute, SignKeyEnum signKeyEnum, Dictionary <string, object> dicParas, out string errMsg) { errMsg = string.Empty; switch (signKeyEnum) { case SignKeyEnum.MobileToken: break; case SignKeyEnum.XCGameMemberToken: break; case SignKeyEnum.XCGameMemberOrMobileToken: break; case SignKeyEnum.XCGameUserCacheToken: break; case SignKeyEnum.XCCloudUserCacheToken: { string token = dicParas["userToken"].ToString(); //验证token XCCloudUserTokenModel userTokenKeyModel = XCCloudUserTokenBusiness.GetUserTokenModel(token); if (userTokenKeyModel == null) { errMsg = "token无效"; return(false); } else { if (!string.IsNullOrEmpty(authorizeAttribute.Roles)) { string roleName = Enum.GetName(typeof(RoleType), userTokenKeyModel.LogType); if (!authorizeAttribute.Roles.Contains(roleName)) { errMsg = "当前用户无权访问"; return(false); } } if (!string.IsNullOrEmpty(authorizeAttribute.Merches)) { var merchDataModel = userTokenKeyModel.DataModel as MerchDataModel; if (merchDataModel == null) { errMsg = "当前用户无权访问"; return(false); } string merchType = Enum.GetName(typeof(MerchType), merchDataModel.MerchType); if (!authorizeAttribute.Merches.Contains(merchType)) { errMsg = "当前用户无权访问"; return(false); } } } break; } case SignKeyEnum.MethodToken: break; default: break; } return(true); }
/// <summary> /// 处理请求,完成安全验证,调用接口方法 /// </summary> /// <param name="context"></param> public void ProcessRequest(HttpContext context) { ApiRequestLog ar = new ApiRequestLog(); context.Response.AddHeader("Access-Control-Allow-Origin", "*"); //验证请求参数 string errMsg = string.Empty; //异常错误 string signKeyToken = string.Empty; // string postJson = string.Empty; //json int apiType = 0; //0-XCloud项目,1-XCGame项目,2-xcgamemana项目 ApiMethodAttribute apiMethodAttribute = new ApiMethodAttribute(); AuthorizeAttribute authorizeAttribute = new AuthorizeAttribute(); MethodInfo requestMethodInfo = null; Dictionary <string, object> dicParas = null; string requestUrl = string.Empty; string action = RequestHelper.GetString("action"); try { //获取请求的方法信息 GetMethodInfo(this, action, ref requestMethodInfo, ref apiMethodAttribute, ref authorizeAttribute); if (requestMethodInfo == null) { isSignKeyReturn = IsSignKeyReturn(apiMethodAttribute.SignKeyEnum); errMsg = "请求方法无效"; FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken); return; } //验证请求参数 if (!CheckRequestParam(context, apiMethodAttribute, ref dicParas, out errMsg, out postJson, out apiType, out requestUrl, out sysId, out versionNo)) { FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken); ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId); return; } //验证参数签名 if (!CheckSignKey(apiMethodAttribute.SignKeyEnum, dicParas, out signKeyToken, out errMsg)) { FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken); ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId); return; } //验证访问权限 if (!CheckAuthorize(authorizeAttribute, apiMethodAttribute.SignKeyEnum, dicParas, out errMsg)) { FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken); ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId); return; } //验证是否锁定接口 //if(!CheckIconOutputLock(apiMethodAttribute,dicParas,out errMsg)) //{ // ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId); // var obj = ResponseModelFactory.CreateModel(isSignKeyReturn, Return_Code.T, "", Result_Code.F, errMsg); // SuccessResponseOutput(context, apiMethodAttribute, obj, signKeyToken); // return; //} //调用请求方法 object[] paras = null; if (requestMethodInfo.GetParameters().Count <object>() > 0) { paras = new object[1] { dicParas }; } object resObj = requestMethodInfo.Invoke(this, paras); SuccessResponseOutput(context, apiMethodAttribute, resObj, signKeyToken); string return_code; string return_msg; string result_code; string result_msg; GetResObjInfo(resObj, out return_code, out return_msg, out result_code, out result_msg); ar.show(apiType, requestUrl + "?action=" + action, postJson, return_code, return_msg, sysId, result_msg); } catch (Exception ex) { FailResponseOutput(context, apiMethodAttribute, ex.Message, signKeyToken); LogHelper.SaveLog(TxtLogType.Api, TxtLogContentType.Exception, TxtLogFileType.Day, Utils.GetException(ex)); ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, Utils.GetException(ex), sysId); } }