/// <summary>
/// 输入拦截器
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (!actionContext.ModelState.IsValid)
{
StringBuilder sb = new StringBuilder();
foreach (var m in actionContext.ModelState)
{
string[] key = m.Key.Split(".".ToCharArray());
string err = key.Length == 2 ? key[1] + "^" : "";
ModelErrorCollection errors = m.Value.Errors;
foreach (ModelError error in errors)
{
err += error.ErrorMessage + ",";
}
err = err.Substring(0, err.Length - 1) + "|";
sb.Append(err);
}
var resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = sb.ToString().Substring(0, sb.ToString().Length - 1),
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
}
base.OnActionExecuting(actionContext);
}
public HttpResponseMessage GetAuthorizationToken(GetTokenArgEntity arg)
{
BaseJsonResult <AccessTokenDto> resultMsg = null;
Logger(this.GetType(), "获取授权Token-GetAuthorizationToken", () =>
{
if (this.CheckBaseArgument(arg, out resultMsg))
{
if (arg.Account.Equals("guest") && arg.UserId.Equals("guest"))
{
JWTPlayloadInfo playload = new JWTPlayloadInfo
{
iss = "S_COMMON_TOKTN",
sub = arg.Account,
aud = arg.UserId,
userid = CommonHelper.GetGuid(),
extend = "PUBLIC_TOKTN"
};
string token = JWTHelper.GetToken(playload);
AccessTokenDto access = new AccessTokenDto
{
AccessToken = token,
ExpiryTime = playload.exp
};
resultMsg = this.GetBaseJsonResult <AccessTokenDto>(access, JsonObjectStatus.Success);
}
else
{
//TODO 根据UserID校验用户是否存在
//JWTPlayloadInfo playload = new JWTPlayloadInfo
//{
// iss = "S_USER_TOKTN",
// sub = arg.Account,
// aud = arg.UserId,
// userid = CommonHelper.GetGuid(),
// extend = "USER_TOKTN"
//};
//string token = JWTHelper.GetToken(playload);
//AccessTokenDto access = new AccessTokenDto
//{
// AccessToken = token,
// ExpiryTime = playload.exp
//};
//resultMsg = this.GetBaseJsonResult<AccessTokenDto>(access, JsonObjectStatus.Success);
resultMsg = this.GetBaseJsonResult <AccessTokenDto>(JsonObjectStatus.UserNotExist);
}
}
}, e =>
{
resultMsg = this.GetBaseJsonResult <AccessTokenDto>(JsonObjectStatus.Exception, ",异常信息:" + e.Message);
});
return(resultMsg.TryToHttpResponseMessage());
}
public HttpResponseMessage AddUser(UserEntity user)
{
BaseJsonResult <string> resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.Success,
Data = "V2-" + user.TryToJson(),
Message = "操作成功"
};
return(resultMsg.TryToHttpResponseMessage());
}
public HttpResponseMessage GetUserName(string userId, string name)
{
BaseJsonResult <string> resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.Success,
Data = "V2-" + userId + ":" + name,
Message = "操作成功"
};
return(resultMsg.TryToHttpResponseMessage());
}
public HttpResponseMessage GetUserName(string id)
{
BaseJsonResult <string> resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.Success,
Data = "V1-" + id,
Message = "操作成功"
};
return(resultMsg.TryToHttpResponseMessage());
}
/// <summary>
/// 返回到客户端的消息
/// </summary>
/// <param name="request"></param>
/// <param name="statusCode"></param>
/// <param name="message"></param>
/// <returns></returns>
private Task <HttpResponseMessage> CreateResponse(HttpRequestMessage request, HttpStatusCode statusCode, string message)
{
BaseJsonResult <string> resultMsg = new BaseJsonResult <string>
{
Status = statusCode == HttpStatusCode.OK ? GlobalErrorCodes.Success : GlobalErrorCodes.Fail,
Message = message
};
TaskCompletionSource <HttpResponseMessage> tsc = new TaskCompletionSource <HttpResponseMessage>();
HttpResponseMessage response = resultMsg.TryToHttpResponseMessage();
tsc.SetResult(response);
return(tsc.Task);
}
public HttpResponseMessage RefreshAuthorizationToken(GetTokenArgEntity arg)
{
BaseJsonResult <string> resultMsg = null;
Logger(this.GetType(), "刷新Token-RefreshAuthorizationToken", () =>
{
if (this.CheckBaseArgument(arg, out resultMsg))
{
JWTHelper.CheckTokenHasExpiry(arg.UserId, arg.Account);
resultMsg = this.GetBaseJsonResult <string>("Token刷新成功", JsonObjectStatus.Success);
}
}, e =>
{
resultMsg = this.GetBaseJsonResult <string>(JsonObjectStatus.Exception, ",异常信息:" + e.Message);
});
return(resultMsg.TryToHttpResponseMessage());
}
public virtual HttpResponseMessage HelloWorld(TestApiArgEntity arg)
{
BaseJsonResult <TestApiArgEntity> resultMsg = null;
Logger(this.GetType(), "测试是否连接成功-HelloWorld", () =>
{
if (this.CheckBaseArgument(arg, out resultMsg))
{
//TODO DoSomething
resultMsg = this.GetBaseJsonResult <TestApiArgEntity>(arg, JsonObjectStatus.Success);
}
}, e =>
{
resultMsg = this.GetBaseJsonResult <TestApiArgEntity>(JsonObjectStatus.Exception, ",异常信息:" + e.Message);
});
return(resultMsg.TryToHttpResponseMessage());
}
public virtual HttpResponseMessage Login(WeChatLoginArgEntity arg)
{
BaseJsonResult <WeChatUserInfoEntity> resultMsg = null;
Logger(this.GetType(), "微信登陆-Login", () =>
{
if (this.CheckBaseArgument(arg, out resultMsg))
{
HttpItem httpItem = new HttpItem
{
Url = string.Format(WeChatBaseInfo.I_GET_USER_INFO, arg.access_token, arg.openid, "zh_CN"),
Method = "GET",
ContentType = "application/json"
};
HttpResult result = httpHelper.GetHtml(httpItem);
if (result.StatusCode == HttpStatusCode.OK)
{
if (!string.IsNullOrEmpty(result.Html))
{
BaseJsonResult <WeChatUserInfoEntity> jsonResult = this.PreprocessingWeChatData <WeChatUserInfoEntity>(result.Html);
if (jsonResult.Status == (int)JsonObjectStatus.Success && jsonResult.Data != null)
{
WeChatUserInfoEntity userInfo = jsonResult.Data;
resultMsg = this.GetBaseJsonResult <WeChatUserInfoEntity>(userInfo, JsonObjectStatus.Success);
}
else
{
resultMsg = jsonResult;
}
}
}
}
}, e =>
{
resultMsg = this.GetBaseJsonResult <WeChatUserInfoEntity>(JsonObjectStatus.Exception, ",异常信息:" + e.Message);
});
return(resultMsg.TryToHttpResponseMessage());
}
/// <summary>
/// 正在请求时
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
string isInterfaceSignature = ConfigHelper.GetValue("IsInterfaceSignature");
if (isInterfaceSignature.ToLower() == "false")
{
base.OnActionExecuting(actionContext);
return;
}
BaseJsonResult <string> resultMsg = null;
//操作上下文请求信息
HttpRequestMessage request = actionContext.Request;
//请求方法
//string method = request.Method.Method;
string appkey = string.Empty, timestamp = string.Empty, nonce = string.Empty, access_token = string.Empty;
//string authority = request.RequestUri.Authority;
//string host = request.RequestUri.Host;
//string port = request.RequestUri.Port.ToString();
//if (request.IsLocal())
//{
//}
//参数列表
//Dictionary<string, object> dictionary = actionContext.ActionArguments;
//if (dictionary.ContainsKey("arg"))
//{
//}
//用户编号
if (request.Headers.Contains("AppKey"))
{
appkey = HttpUtility.UrlDecode(request.Headers.GetValues("AppKey").FirstOrDefault());
}
//时间戳
if (request.Headers.Contains("TimeStamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("TimeStamp").FirstOrDefault());
}
//随机数
if (request.Headers.Contains("Nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("Nonce").FirstOrDefault());
}
//数字签名数据
if (request.Headers.Contains("Authorization"))
{
access_token = HttpUtility.UrlDecode(request.Headers.GetValues("Authorization").FirstOrDefault());
}
//接受客户端预请求
if (actionContext.Request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
base.OnActionExecuting(actionContext);
return;
}
//GetToken和Login方法不需要进行签名验证
string[] exceptRequest = GlobalConstCode.NOT_NEED_DIGITAL_SIGNATURE;
if (exceptRequest.Contains(actionContext.ActionDescriptor.ActionName))
{
if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = JsonObjectStatus.ParameterError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
//base.OnActionExecuting(actionContext);
//return;
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(access_token))
//if (string.IsNullOrEmpty(access_token) || string.IsNullOrEmpty(appkey))
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = JsonObjectStatus.ParameterError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
//判断当前时间戳是否有效
long now = (DateTime.Now.ToUniversalTime().Ticks - 621355968000000000) / 10000000;
//客户端传入得时间戳
long qeruest = 0;
bool timespanvalidate = long.TryParse(timestamp, out qeruest);
//当前时间必与请求时间差应在1分钟以内才算有效时间戳,防止伪造时间戳
bool falg = (now - qeruest) < 1 * 60;
//如果时间差大于1分钟或者时间戳转换失败则视为无效时间戳
if (!falg || !timespanvalidate)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.UrlExpireError,
Message = JsonObjectStatus.UrlExpireError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
//判断token是否有效
TokenViewModel token = CacheFactory.GetCache().Get <TokenViewModel>(appkey);
string serveraccesstoken = "AccessToken ";
if (token == null)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.TokenInvalid,
Message = JsonObjectStatus.TokenInvalid.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
serveraccesstoken += token.AccessToken;
}
#region 请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串
//请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串
//string data;
//switch (method)//根据请求类型拼接参数
//{
// case "POST":
// Stream stream = HttpContext.Current.Request.InputStream;
// StreamReader streamReader = new StreamReader(stream);
// data = streamReader.ReadToEnd();
// break;
// case "GET":
// NameValueCollection form = HttpContext.Current.Request.QueryString;
// //第一步:取出所有get参数
// IDictionary<string, string> parameters = new Dictionary<string, string>();
// for (int f = 0; f < form.Count; f++)
// {
// string key = form.Keys[f];
// parameters.Add(key, form[key]);
// }
// // 第二步:把字典按Key的字母顺序排序
// IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters);
// // ReSharper disable once GenericEnumeratorNotDisposed
// IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator();
// // 第三步:把所有参数名和参数值串在一起
// StringBuilder query = new StringBuilder();
// while (dem.MoveNext())
// {
// string key = dem.Current.Key;
// string value = dem.Current.Value;
// if (!string.IsNullOrEmpty(key))
// {
// query.Append(key).Append(value);
// }
// }
// data = query.ToString();
// break;
// default:
// resultMsg = new BaseJson<string>
// {
// Status = (int)JsonObjectStatus.HttpMehtodError,
// Message = JsonObjectStatus.HttpMehtodError.GetEnumDescription(),
// Data = ""
// };
// actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage();
// base.OnActionExecuting(actionContext);
// return;
//}
#endregion
//校验签名信息
bool result = SignExtension.ValidateSign(appkey, nonce, timestamp, serveraccesstoken, access_token);
if (!result)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.HttpRequestError,
Message = JsonObjectStatus.HttpRequestError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
}
else
{
base.OnActionExecuting(actionContext);
}
}
/// <summary>在调用操作方法之前发生。</summary>
/// <param name="actionContext">操作上下文。</param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
string isInterfaceSignature = ConfigHelper.GetValue("IsInterfaceSignature");
if (isInterfaceSignature.ToLower() != "true")
{
return;
}
BaseJsonResult <string> resultMsg = null;
//授权码,最终签名字符串,时间戳,随机数字符串
string accessToken = string.Empty, signature = string.Empty, timestamp = string.Empty, nonce = string.Empty;
//操作上下文请求信息
HttpRequestMessage request = actionContext.Request;
//请求方法
string method = request.Method.Method;
#region 接受客户端预请求
//接受客户端预请求
if (actionContext.Request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
return;
}
#endregion 接受客户端预请求
#region 忽略不需要授权的方法
//忽略不需要授权的方法
var attributes = actionContext.ActionDescriptor.GetCustomAttributes <IgnoreTokenAttribute>();
if (attributes.Count > 0 && attributes[0].Ignore)
{
return;
}
#endregion 忽略不需要授权的方法
_logHelper.Debug("*************************授权开始*************************\r\n");
_logHelper.Debug("鉴权地址:" + actionContext.Request.RequestUri + "\r\n");
#region 获取请求头信息
//授权Token
if (request.Headers.Contains("access_token"))
{
accessToken = HttpUtility.UrlDecode(request.Headers.GetValues("access_token").FirstOrDefault());
_logHelper.Debug("access_token:" + accessToken + "\r\n");
}
//签名字符串
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
_logHelper.Debug("signature:" + signature + "\r\n");
}
//时间戳
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
_logHelper.Debug("timestamp:" + timestamp + "\r\n");
}
//随机字符串
if (request.Headers.Contains("nonce_str"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce_str").FirstOrDefault());
_logHelper.Debug("nonce_str:" + nonce + "\r\n");
}
#endregion 获取请求头信息
#region 判断请求头是否包含以下参数
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(accessToken) || string.IsNullOrEmpty(signature) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.AuthParameterError,
Message = GlobalErrorCodes.AuthParameterError.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(请求头参数不完整)*************************\r\n");
return;
}
#endregion 判断请求头是否包含以下参数
#region 校验参数是否被篡改
////校验参数是否被篡改
//Dictionary<string, object> actionArguments = null;
//switch (method)
//{
// case "POST":
// actionArguments = actionContext.ActionArguments;
// KeyValuePair<string, object> keyValuePair = actionArguments.FirstOrDefault();
// actionArguments = keyValuePair.Value.Object2Dictionary();
// break;
// case "GET":
// actionArguments = actionContext.ActionArguments;
// break;
//}
//bool isSucc = this.CheckSignature(signature, actionArguments);
//if (!isSucc)
//{
// resultMsg = new BaseJsonResult<string>
// {
// Status = (int)JsonObjectStatus.ParameterManipulation,
// Message = JsonObjectStatus.ParameterManipulation.GetEnumDescription()
// };
// actionContext.Response = resultMsg.TryToHttpResponseMessage();
// _logHelper.Debug("*************************授权结束(请求参数被篡改或指纹有误)*************************\r\n");
// return;
//}
#endregion 校验参数是否被篡改
#region 校验Token是否有效
//校验Token是否有效
bool isCheckSucc = JWTHelper.CheckToken(accessToken, out JWTPlayloadInfo jwtPlayloadInfo);
if (!isCheckSucc)
{
_logHelper.Debug("校验Token是否有效:TOKEN失效\r\n");
resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.TokenInvalid,
Message = GlobalErrorCodes.TokenInvalid.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(TOKEN失效)*************************\r\n");
return;
}
else
{
//校验当前用户是否能够操作某些特定方法(比如更新用户信息)
if (!attributes[0].Ignore)
{
string userId = jwtPlayloadInfo.aud;
//访客用户不能访问未忽略的接口
if (!string.IsNullOrEmpty(userId) && userId.Equals(JWTPlayloadInfo.DefaultAud))
{
resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.NoPermission,
Message = GlobalErrorCodes.NoPermission.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(无权执行此操作)*************************\r\n");
return;
}
//TODO 验证正式用户或者试用用户是否有权操作当前方法
}
}
#endregion 校验Token是否有效
#region 验证签名字符串是否有效
SortedDictionary <string, object> dict = new SortedDictionary <string, object>
{
{ "access_token", accessToken },
{ "timestamp", timestamp },
{ "nonce_str", nonce },
};
bool isSucc = this.CheckSignature(signature, dict);
if (isSucc)
{
base.OnActionExecuting(actionContext);
}
else
{
resultMsg = new BaseJsonResult <string>
{
Status = GlobalErrorCodes.SignError,
Message = GlobalErrorCodes.SignError.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(签名有误)*************************\r\n");
return;
}
#endregion
_logHelper.Debug("*************************授权结束*************************\r\n");
}
/// <summary>
/// 输出拦截器
/// </summary>
/// <param name="actionExecutedContext"></param>
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (actionExecutedContext.Exception != null)
{
var resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.Exception,
Message = actionExecutedContext.Exception.Message,
};
actionExecutedContext.Response = resultMsg.TryToHttpResponseMessage();
}
else
{
if (actionExecutedContext.Response.Content == null)
{
var resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.Error,
Message = "HTTP响应消息内容为空",
};
actionExecutedContext.Response = resultMsg.TryToHttpResponseMessage();
}
else
{
string result;
long resultLength = 0;
if (actionExecutedContext.Response.Content is ObjectContent)
{
result = ((ObjectContent)actionExecutedContext.Response.Content).Value.ToString();
}
else
{
byte[] ctx = actionExecutedContext.Response.Content.ReadAsByteArrayAsync().Result;
//resultLength = ctx.LongLength;
result = Encoding.UTF8.GetString(ctx);
}
var Headers = actionExecutedContext.ActionContext.Request.Headers;
var AcceptEncoding = Headers.AcceptEncoding;
if (AcceptEncoding != null && AcceptEncoding.Contains(new StringWithQualityHeaderValue("gzip")))
{
byte[] body = Encoding.UTF8.GetBytes(result.ToString());
byte[] compressedData = GZipHelper.GZipCompress(body);
actionExecutedContext.Response.Content = new ByteArrayContent(compressedData);
actionExecutedContext.Response.Content.Headers.Remove("Content-Type");
actionExecutedContext.Response.Content.Headers.Add("Content-Encoding", "gzip");
actionExecutedContext.Response.Content.Headers.Add("Content-Type", "application/json; charset=utf-8");
}
else if (AcceptEncoding != null && AcceptEncoding.Contains(new StringWithQualityHeaderValue("deflate")))
{
byte[] body = Encoding.UTF8.GetBytes(result.ToString());
byte[] compressedData = GZipHelper.DeflateCompress(body);
actionExecutedContext.Response.Content = new ByteArrayContent(compressedData);
actionExecutedContext.Response.Content.Headers.Remove("Content-Type");
actionExecutedContext.Response.Content.Headers.Add("Content-Encoding", "deflate");
actionExecutedContext.Response.Content.Headers.Add("Content-Type", "application/json; charset=utf-8");
}
else
{
actionExecutedContext.Response = result.TryToHttpResponseMessage();
}
//if (resultLength > 1024)
//{
//}
//else
//{
// actionExecutedContext.Response.Content = new StringContent(result.TryToJson(), Encoding.UTF8, "application/json");
//}
}
}
base.OnActionExecuted(actionExecutedContext);
}
/// <summary>在调用操作方法之前发生。</summary>
/// <param name="actionContext">操作上下文。</param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
string isInterfaceSignature = ConfigHelper.GetValue("IsInterfaceSignature");
if (isInterfaceSignature.ToLower() == "false")
{
return;
}
BaseJsonResult <string> resultMsg = null;
//授权码,指纹,时间戳,8位随机数
string accessToken = string.Empty, signature = string.Empty, timestamp = string.Empty, nonce = string.Empty;
//操作上下文请求信息
HttpRequestMessage request = actionContext.Request;
//请求方法
string method = request.Method.Method;
#region 接受客户端预请求
//接受客户端预请求
if (actionContext.Request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
return;
}
#endregion
#region 忽略不需要授权的方法
//忽略不需要授权的方法
var attributes = actionContext.ActionDescriptor.GetCustomAttributes <IgnoreTokenAttribute>();
if (attributes.Count == 0 || (attributes.Count > 0 && attributes[0].Ignore))
{
return;
}
#endregion
_logHelper.Debug("*************************授权开始*************************\r\n");
_logHelper.Debug("鉴权地址:" + actionContext.Request.RequestUri + "\r\n");
#region 获取请求头信息
//授权Token
if (request.Headers.Contains("Authorization"))
{
accessToken = HttpUtility.UrlDecode(request.Headers.GetValues("Authorization").FirstOrDefault());
_logHelper.Debug("Authorization:" + accessToken + "\r\n");
}
////指纹
//if (request.Headers.Contains("Signature"))
//{
// signature = HttpUtility.UrlDecode(request.Headers.GetValues("Signature").FirstOrDefault());
// _logHelper.Debug("Signature:" + signature + "\r\n");
//}
#endregion
#region 判断请求头是否包含以下参数
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(accessToken))
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = JsonObjectStatus.ParameterError.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(请求头参数不完整)*************************\r\n");
return;
}
#endregion
#region 校验参数是否被篡改
////校验参数是否被篡改
//Dictionary<string, object> actionArguments = null;
//switch (method)
//{
// case "POST":
// actionArguments = actionContext.ActionArguments;
// KeyValuePair<string, object> keyValuePair = actionArguments.FirstOrDefault();
// actionArguments = keyValuePair.Value.Object2Dictionary();
// break;
// case "GET":
// actionArguments = actionContext.ActionArguments;
// break;
//}
//bool isSucc = this.CheckSignature(signature, actionArguments);
//if (!isSucc)
//{
// resultMsg = new BaseJsonResult<string>
// {
// Status = (int)JsonObjectStatus.ParameterManipulation,
// Message = JsonObjectStatus.ParameterManipulation.GetEnumDescription()
// };
// actionContext.Response = resultMsg.TryToHttpResponseMessage();
// _logHelper.Debug("*************************授权结束(请求参数被篡改或指纹有误)*************************\r\n");
// return;
//}
#endregion
#region 校验Token是否有效
//校验Token是否有效
JWTPlayloadInfo playload = JWTHelper.CheckToken(accessToken);
if (playload == null)
{
_logHelper.Debug("校验Token是否有效:TOKEN失效\r\n");
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.TokenInvalid,
Message = JsonObjectStatus.TokenInvalid.GetEnumDescription()
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
_logHelper.Debug("*************************授权结束(TOKEN失效)*************************\r\n");
return;
}
else
{
//TODO 等系统开放了登陆,取消此段代码注释
//校验当前用户是否能够操作某些特定方法(比如更新用户信息)
//if (!attributes[0].Ignore)
//{
// if (!string.IsNullOrEmpty(playload.aud) && playload.aud.Equals("guest"))
// {
// resultMsg = new BaseJsonResult<string>
// {
// Status = (int)JsonObjectStatus.Unauthorized,
// Message = JsonObjectStatus.Unauthorized.GetEnumDescription()
// };
// actionContext.Response = resultMsg.TryToHttpResponseMessage();
// return;
// }
//}
}
#endregion
_logHelper.Debug("*************************授权结束*************************\r\n");
//base.OnActionExecuting(actionContext);
}
