/// <summary>
/// 唯一构造函数
/// </summary>
/// <param name="_logger">日志接口器</param>
/// <param name="_serializer">序列化接口器</param>
/// <param name="_apiaccesscontrol">api接入控制器</param>
/// <param name="_rolemanager">角色管理器</param>
/// <param name="_usermanager">用户管理器</param>
/// <param name="_menumanager">菜单管理器</param>
public PersonnelController(ILogger _logger, ISerializer _serializer,
APIAccessControl _apiaccesscontrol, RoleManager _rolemanager,
UserManager _usermanager, MenuManager _menumanager) :
base(_logger, _serializer, _apiaccesscontrol)
{
rolemanager = _rolemanager;
usermanager = _usermanager;
menumanager = _menumanager;
}
/// <summary>
/// 唯一构造函数
/// </summary>
/// <param name="logger">日志接口器</param>
/// <param name="serializer">序列化接口器</param>
/// <param name="apiaccesscontrol">api接入控制器</param>
/// <param name="voiceCommandManager">语音指令管理器</param>
/// <param name="trafficRestrictionManager">通行设置管理器</param>
/// <param name="openGateReasonManager">开闸原因设置管理器</param>
/// <param name="parkLotManager">车场管理器</param>
public SystemSetController(ILogger logger, ISerializer serializer, APIAccessControl apiaccesscontrol,
VoiceCommandManager voiceCommandManager,
TrafficRestrictionManager trafficRestrictionManager,
OpenGateReasonManager openGateReasonManager,
ParkLotManager parkLotManager) : base(logger, serializer, apiaccesscontrol)
{
_voiceCommandManager = voiceCommandManager;
_trafficRestrictionManager = trafficRestrictionManager;
_openGateReasonManager = openGateReasonManager;
_parkLotManager = parkLotManager;
}
public static void GetParamsFrom(HttpRequestMessage req,
out string reqOrigin,
out string reqMethod,
out ICollection <string> reqHeaders,
out APIAccessControl apiAC,
out bool isCrossOrigin,
out bool hasParseErrors,
out bool hasDuplicateRules,
string ctrl)
{
// init
hasParseErrors = false;
hasDuplicateRules = false;
apiAC = new APIAccessControl();
// read cors config and check for errors
CorsConfig accessControlSet = ReadCorsHeaders(ctrl, out hasParseErrors, out hasDuplicateRules);
// referrer url
//Uri uri = req.Headers.Referrer; only for chrome
Uri uri = req.RequestUri;
string destination = uri.Scheme + "://" + uri.Host;
if (uri.Host.Equals("localhost"))
{
destination += ":" + uri.Port;
}
IEnumerable <string> origins = new List <string>();
req.Headers.TryGetValues(AccessControlHeader.ORIGIN, out origins);
string origin = (origins != null && origins.Count() > 0) ? (origins.FirstOrDefault()) : (null);
isCrossOrigin = (origin == null || origin.Equals(destination, StringComparison.InvariantCultureIgnoreCase)) ? (false) : (true);
reqOrigin = (isCrossOrigin) ? (origin) : (null);
// method
reqMethod = req.Method.Method;
bool isPreflight = reqMethod.Equals("OPTIONS", StringComparison.InvariantCultureIgnoreCase) ? (true) : (false);
// if options request, then fetch from the request headers
if (isPreflight)
{
reqMethod = req.Headers.GetValues(AccessControlHeader.REQUEST_METHOD).FirstOrDefault();
}
// headers
reqHeaders = req.Headers.Select(p => p.Key).ToList <string>();
if (isPreflight)
{
reqHeaders.Clear();
if (req.Headers.Contains(AccessControlHeader.REQUEST_HEADERS))
{
string corsHeaders = req.Headers.GetValues(AccessControlHeader.REQUEST_HEADERS).FirstOrDefault();
reqHeaders = corsHeaders.Replace(" ", "").Split(',');
}
}
if (accessControlSet != null)
{
if (accessControlSet.AllowOrigin == null || accessControlSet.AllowMethods == null || accessControlSet.AllowHeaders == null)
{
apiAC = null;
}
else
{
apiAC.accessControlAllowOrigin = accessControlSet.AllowOrigin;
apiAC.accessControlAllowMethods = accessControlSet.AllowMethods;
apiAC.accessControlAllowHeaders = accessControlSet.AllowHeaders;
apiAC.accessControlAllowCredentials = accessControlSet.AllowCredentials;
apiAC.accessControlMaxAge = accessControlSet.MaxAge;
apiAC.accessControlExposeHeaders = accessControlSet.ExposeHeaders;
}
}
}
/// <summary>
/// 构造器
/// </summary>
/// <param name="logger">日志器</param>
/// <param name="serializer">序列化器</param>
/// <param name="apiaccesscontrol">权限控制器</param>
public BaseController(ILogger logger, ISerializer serializer, APIAccessControl apiaccesscontrol)
{
Logger = logger;
Serializer = serializer;
Apiaccesscontrol = apiaccesscontrol;
}
/// <summary>
/// 唯一构造函数
/// </summary>
/// <param name="logger">日志接口器</param>
/// <param name="serializer">序列化接口器</param>
/// <param name="apiaccesscontrol">api接入控制器</param>
/// <param name="reportManager">报表管理</param>
public ReportController(ILogger logger, ISerializer serializer, APIAccessControl apiaccesscontrol,
ReportManager reportManager) :
base(logger, serializer, apiaccesscontrol)
{
_reportManager = reportManager;
}
/// <summary>
/// 拦截验证请求参数
/// </summary>
/// <param name="actionContext"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public override async Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
//标记 AllowAnonymousAttribute 特性的Controller/Action不做验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
//默认返回值
ResponseBaseCommon resp = new ResponseBaseCommon
{
IsSuccess = false,
MessageCode = (int)ApiBaseErrorCode.API_PARAM_ERROR,
MessageContent = ApiBaseErrorCode.API_PARAM_ERROR.GetRemark(),
};
//如果不是继承自BaseController,返回签名错误
if (!(actionContext.ControllerContext.Controller is BaseController))
{
resp.MessageContent += ",请求未授权";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
m_stattime = DateTime.Now;
var _baseController = ((BaseController)actionContext.ControllerContext.Controller);
i_logger = _baseController.Logger;
i_serializer = _baseController.Serializer;
apiaccesscontrol = _baseController.Apiaccesscontrol;
var appID = string.Empty;
var sign = string.Empty;
var timestamp = string.Empty;
var appid_header = "appid";
var sign_header = "sign";
var timestamp_header = "timestamp";
#region 通过APPID读取缓存的项目信息
if (actionContext.Request.Headers.Contains(appid_header))
{
appID = actionContext.Request.Headers.GetValues(appid_header).FirstOrDefault();
}
//没有指定标头的请求都返回签名错误
if (string.IsNullOrWhiteSpace(appID))
{
resp.MessageContent += ",缺少appid";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
//获取接入信息
APIAccessModel apiaccessmodel = apiaccesscontrol.Get(appID);
//找不到接入信息,返回签名错误
if (apiaccessmodel == null)
{
resp.MessageContent += ",appid无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
//如果不允许接入api,返回权限不足
if (apiaccessmodel.Enable == 0)
{
resp.MessageCode = (int)ApiBaseErrorCode.API_Unauthorized;
resp.MessageContent = ApiBaseErrorCode.API_Unauthorized.GetRemark();
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
#endregion
//1 时间戳验证、2 签名验证、 4 接口权限验证、 8参数验证
#region 验证时间戳
if ((apiaccessmodel.NeedVerify & 1) == 1)
{
if (actionContext.Request.Headers.Contains(timestamp_header))
{
timestamp = actionContext.Request.Headers.GetValues(timestamp_header).FirstOrDefault();
}
if (string.IsNullOrWhiteSpace(timestamp))
{
resp.MessageContent += ",时间戳无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
long _timestamp = 0L;
if (long.TryParse(timestamp, out _timestamp))
{
var reqTime = DateTime.Parse("1970.1.1").AddSeconds(_timestamp);
//请求时间在前后5分钟之外的,返回请求过期
if (reqTime > DateTime.UtcNow.AddMinutes(5) ||
reqTime < DateTime.UtcNow.AddMinutes(-5))
{
resp.MessageContent = "请求已过期";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
else
{
resp.MessageContent = "请求已过期";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
#endregion
#region 验证签名
//读取请求流,获取签名数据
var reqContent = string.Empty;
if ((apiaccessmodel.NeedVerify & 2) == 2)
{
//如果公钥或secret为空,返回签名错误
if (string.IsNullOrWhiteSpace(apiaccessmodel.PublicKey) || string.IsNullOrWhiteSpace(apiaccessmodel.Secret))
{
resp.MessageContent = "参数配置错误";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
if (actionContext.Request.Method.Method == "GET")
{
reqContent = HttpContext.Current.Request.QueryString.ToString();
if (!string.IsNullOrEmpty(reqContent))
{
reqContent = reqContent.TrimStart('?');
}
}
else
{
var stream = await actionContext.Request.Content.ReadAsStreamAsync();
stream.Position = 0;
var reader = new StreamReader(stream);
reqContent = reader.ReadToEnd();
//重置请求流文件的状态
stream.Position = 0;
}
if (string.IsNullOrWhiteSpace(reqContent))
{
resp.MessageContent += ",未检测到请求参数";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
if (actionContext.Request.Headers.Contains(sign_header))
{
sign = actionContext.Request.Headers.GetValues(sign_header).FirstOrDefault();
}
// sign标头值为空,则返回签名错误
if (string.IsNullOrWhiteSpace(sign))
{
resp.MessageContent += ",签名无效";
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
else
{
string signparam = string.Empty;
try
{
//要签名的字符串为参数拼接后的字符串(或json字符串)+secret+timestamp
signparam = string.Concat("param=", reqContent, "&secret=", apiaccessmodel.Secret, "×tamp=", timestamp);
var result = Signature.verify(signparam, sign, apiaccessmodel.PublicKey, "UTF-8");
if (!result)
{
resp.MessageContent = "验证签名失败";
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogLogic(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};signparam:{3};返回参数:{4}", reqContent, appID, sign, signparam, i_serializer.Serialize(resp))
);
return;
}
}
catch (Exception ex)
{
resp.MessageContent = "验证签名失败";
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogError(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};signparam:{3};返回参数:{4}", reqContent, appID, sign, signparam, i_serializer.Serialize(resp)),
ex.ToString()
);
return;
}
}
}
#endregion
#region 接口权限验证
if ((apiaccessmodel.NeedVerify & 4) == 4)
{
var url = actionContext.ControllerContext.Request.RequestUri.ToString().Split('/');
if (url.Length == 6)
{
bool result = false;
string[] test = { };
//todo 权限验证
foreach (var item in test)
{
if (url[5].Equals(item))
{
result = true;
break;
}
}
if (!result)
{
resp.MessageCode = (int)ApiBaseErrorCode.API_INTERFACENAME_ERROR;
resp.MessageContent = ApiBaseErrorCode.API_INTERFACENAME_ERROR.GetRemark();
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(resp);
return;
}
}
#endregion
#region 验证参数规范
if ((apiaccessmodel.NeedVerify & 8) == 8)
{
if (!actionContext.ModelState.IsValid)
{
int num = 1;
List <string> values = new List <string>();
//获取所有错误的Key
List <string> Keys = actionContext.ModelState.Keys.ToList();
//获取每一个key对应的ModelStateDictionary
foreach (var key in Keys)
{
var errors = actionContext.ModelState[key].Errors.ToList();
//将错误描述添加到sb中
foreach (var error in errors)
{
values.Add(string.Concat(num, ".", key + ":", error.ErrorMessage));
num++;
}
}
resp.MessageContent = string.Concat(ApiBaseErrorCode.API_PARAM_ERROR.GetRemark(), ":", string.Join(";", values));
actionContext.Response = actionContext.Request.CreateResponse(resp);
i_logger.LogLogic(
LoggerLogicEnum.Filter,
"", "", "",
string.Concat(m_projectInfo, ".OnActionExecuting"),
string.Format("请求参数:{0};appid:{1};sign:{2};返回参数:{3}", reqContent, appID, sign, i_serializer.Serialize(resp))
);
return;
}
}
#endregion
}
/// <summary>
/// 唯一构造函数
/// </summary>
/// <param name="logger">日志接口器</param>
/// <param name="serializer">序列化接口器</param>
/// <param name="apiaccesscontrol">api接入控制器</param>
/// <param name="cardServiceManager">卡务管理器</param>
public CardServiceController(ILogger logger, ISerializer serializer, APIAccessControl apiaccesscontrol,
CardServiceManager cardServiceManager) : base(logger, serializer, apiaccesscontrol)
{
_cardServiceManager = cardServiceManager;
}
/// <summary>
/// 构造器
/// </summary>
/// <param name="_logger">日志器</param>
/// <param name="_serializer">序列化器</param>
/// <param name="_apiaccesscontrol">权限控制器</param>
public BaseController(ILogger _logger, ISerializer _serializer, APIAccessControl _apiaccesscontrol)
{
Logger = _logger;
Serializer = _serializer;
apiaccesscontrol = _apiaccesscontrol;
}