/// <summary>
/// action执行以后
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuted(HttpActionExecutedContext actionContext)
{
try
{
// 构建一个日志数据模型
MApiRequestLogs apiRequestLogsM = new MApiRequestLogs();
// API名称
apiRequestLogsM.API = actionContext.Request.RequestUri.AbsolutePath;
// apiKey
apiRequestLogsM.API_KEY = HttpContext.Current.Request.QueryString["ApiKey"];
// IP地址
apiRequestLogsM.IP = FilterAttributeHelp.GetIPAddress(actionContext.Request);
// 获取token
string token = HttpContext.Current.Request.Headers.GetValues("Token") == null ? string.Empty :
HttpContext.Current.Request.Headers.GetValues("Token")[0];
apiRequestLogsM.TOKEN = token;
// URL
apiRequestLogsM.URL = actionContext.Request.RequestUri.AbsoluteUri;
// 返回信息
var objectContent = actionContext.Response.Content as ObjectContent;
var returnValue = objectContent.Value;
apiRequestLogsM.RESPONSE_INFOR = returnValue.ToString();
// 由于数据库中最大只能存储4000字符串,所以对返回值做一个截取
if (!string.IsNullOrEmpty(apiRequestLogsM.RESPONSE_INFOR) &&
apiRequestLogsM.RESPONSE_INFOR.Length > 4000)
{
apiRequestLogsM.RESPONSE_INFOR = apiRequestLogsM.RESPONSE_INFOR.Substring(0, 2000);
}
// 请求参数
apiRequestLogsM.REQUEST_INFOR = actionContext.Request.RequestUri.Query;
// 定义一个异步委托 ,异步记录日志
// Func<MApiRequestLogs, string> action = AddApiRequestLogs;//声明一个委托
// IAsyncResult ret = action.BeginInvoke(apiRequestLogsM, null, null);
}
catch (Exception ex)
{
}
}
/// <summary>
/// 认证授权验证
/// </summary>
/// <param name="actionContext">请求上下文</param>
public override void OnAuthorization(HttpActionContext actionContext)
{
// 有 AllowAnonymous 属性的接口直接开绿灯
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
// 在请求前做一层拦截,主要验证token的有效性和验签
HttpRequest httpRequest = HttpContext.Current.Request;
// 获取apikey
var apikey = httpRequest.QueryString["apikey"];
// 首先做IP白名单校验
MBaseResult <string> result = new AuthCheckService().CheckIpWhitelist(FilterAttributeHelp.GetIPAddress(actionContext.Request), apikey);
// 检验时间搓
string timestamp = httpRequest.QueryString["Timestamp"];
if (result.Code == MResultCodeEnum.successCode)
{
// 检验时间搓
result = new AuthCheckService().CheckTimestamp(timestamp);
}
if (result.Code == MResultCodeEnum.successCode)
{
// 做请求频率验证
string acitonName = actionContext.ActionDescriptor.ActionName;
string controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
result = new AuthCheckService().CheckRequestFrequency(apikey, $"api/{controllerName.ToLower()}/{acitonName.ToLower()}");
}
if (result.Code == MResultCodeEnum.successCode)
{
// 签名校验
// 获取全部的请求参数
Dictionary <string, string> queryParameters = httpRequest.GetAllQueryParameters();
result = new AuthCheckService().SignCheck(queryParameters, apikey);
if (result.Code == MResultCodeEnum.successCode)
{
// 如果有NoChekokenFilterAttribute 标签 那么直接不做token认证
if (actionContext.ActionDescriptor.GetCustomAttributes <XYHAPINoChekokenFilterAttribute>().Any())
{
return;
}
// 校验token的有效性
// 获取一个 token
string token = httpRequest.Headers.GetValues("Token") == null ? string.Empty :
httpRequest.Headers.GetValues("Token")[0];
result = new AuthCheckService().CheckToken(token, apikey, httpRequest.FilePath);
}
}
// 输出
if (result.Code != MResultCodeEnum.successCode)
{
// 一定要实例化一个response,是否最终还是会执行action中的代码
actionContext.Response = new HttpResponseMessage(HttpStatusCode.OK);
//需要自己指定输出内容和类型
HttpContext.Current.Response.ContentType = "text/html;charset=utf-8";
HttpContext.Current.Response.Write(JsonConvert.SerializeObject(result));
HttpContext.Current.Response.End(); // 此处结束响应,就不会走路由系统
}
}
