private static readonly bool Enable = false; // bool.Parse(System.Configuration.ConfigurationManager.AppSettings["Md5VerificationEnable"]);
//private static IAPP_WhiteListDomainService WhiteListDomainService => IoC.Resolve<IAPP_WhiteListDomainService>();
//private static IAPP_SysLogDomainService app_SysLogDomainService => IoC.Resolve<IAPP_SysLogDomainService>();
//public class Singleton
//{
// private static T_SYS_InvokeLog _Singleton = null;
// private static object InvokeLog_Lock = new object();
// public static T_SYS_InvokeLog CreateInstance()
// {
// if (_Singleton == null) //双if +lock
// {
// lock (InvokeLog_Lock)
// {
// if (_Singleton == null)
// {
// _Singleton = new T_SYS_InvokeLog();
// }
// }
// }
// return _Singleton;
// }
//}
///// <summary>
///// api身份验证执行
///// </summary>
///// <param name="context"></param>
//public override void OnActionExecuting(ActionExecutingContext context)
//{
// //秘钥校验
// var heads = context.HttpContext.Request.Headers;
// string sign = "";
// foreach (var item in heads)
// {
// switch (item.Key.ToUpper())
// {
// case "SIGN":
// sign = item.Value;
// break;
// default:
// break;
// }
// }
// //string path = new ConfigurationHelper().config["RedisPath"];
// ApiAuthorize apiAuth = new ConfigurationHelper().GetAppSettings<ApiAuthorize>("ApiAuthorize");
// var key = apiAuth.Appid + apiAuth.AppSecret;
// string md5str = HttpContextUtils.Md5Encrypt(key).ToUpper();
// _Log4Net.Info(string.Format("api获取的签名参数:{0},加密后{1}------>", key, md5str));
// _Log4Net.Info(string.Format("前端加密sign:{0}", sign));
// if (sign != md5str)
// {
// _Log4Net.Info(string.Format("sign加密验证失败 前端:{0}api:{1}------>", sign, md5str));
// ReturnError(context, "sign加密验证失败");
// }
// base.OnActionExecuting(context);
//}
/// <summary>
/// 校验秘钥签名
/// </summary>
/// <param name="context"></param>
private void CheckAppSign(ActionExecutingContext context)
{
//秘钥校验
var heads = context.HttpContext.Request.Headers;
string sign = "";
foreach (var item in heads)
{
switch (item.Key.ToUpper())
{
case "SIGN":
sign = item.Value;
break;
default:
break;
}
}
//string path = new ConfigurationHelper().config["RedisPath"];
ApiAuthorize apiAuth = new ConfigurationHelper().GetAppSettings <ApiAuthorize>("ApiAuthorize");
var key = apiAuth.Appid + apiAuth.AppSecret;
string md5str = HttpContextUtils.Md5Encrypt(key).ToUpper();
_Log4Net.Info(string.Format("api获取的签名参数:{0},加密后{1}------>", key, md5str));
_Log4Net.Info(string.Format("前端加密sign:{0}", sign));
if (sign != md5str)
{
_Log4Net.Info(string.Format("sign加密验证失败 前端:{0}api:{1}------>", sign, md5str));
ReturnError(context, "sign加密验证失败");
}
}
public bool register(AuthClientDetails clientDetails)
{
// 客户端的名称和回调地址不能为空
if (!string.IsNullOrEmpty(clientDetails.getClientName()) && !string.IsNullOrEmpty(clientDetails.getRedirectUri()))
{
// 生成24位随机的clientId
string clientId = EncryptUtils.getRandomStr1(24);
AuthClientDetails savedClientDetails = authClientDetailsMapper.selectByClientId(clientId);
//生成的clientId必须是唯一的
for (int i = 0; i < 10; i++)
{
if (savedClientDetails == null)
{
break;
}
else
{
clientId = EncryptUtils.getRandomStr1(24);
savedClientDetails = authClientDetailsMapper.selectByClientId(clientId);
}
}
// 生成32位随机的clientSecret
string clientSecret = EncryptUtils.getRandomStr1(32);
DateTime current = new DateTime();
HttpSessionState session = HttpContextUtils.getSession();
User user = (User)session[Constants.SESSION_USER];
// continuing...
}
}
public string AjaxGetEncryptStr([FromBody] AjaxAppParam ajaxApp)
{
string result = "";
string ajaxAppId = ajaxApp.ajaxAppId;
try
{
string appId = apiAuthorize.Appid;
string appSecret = apiAuthorize.AppSecret;
if (ajaxAppId.ToUpper() == appId.ToUpper())
{
var key = appId + appSecret;
string md5str = HttpContextUtils.Md5Encrypt(key).ToUpper();
_Log4Net.Info(string.Format("api获取的签名参数:{0},加密后{1}------>", key, md5str));
result = md5str;
}
else
{
result = "appid不合法";
_Log4Net.Info("appid不合法");
}
}
catch (Exception ex)
{
//用log4net记录日志
_Log4Net.Error("AjaxGetEncryptStr", ex);
result = "校验没通过";
}
return(result);
}
public HttpInfo()
{
Url = HttpContextUtils.GetCurrentUrl();
UrlHash = getUrlHash();
HttpContextCurrentId = HttpContextUtils.GetHttpContextCurrentId();
IsStaticFile = HttpContextUtils.IsStaticFile();
}
/// <summary>
/// 白名单验证
/// </summary>
/// <param name="context"></param>
private void VerifyWhiteList(ActionExecutingContext context)
{
var whiteList = WhiteListDomainService.GetSysWhiteListAll();
var ipAddress = HttpContextUtils.GetClientIP(context.HttpContext);
if (whiteList.All(p => p.Ip != ipAddress))
{
LogInfo("VerifyWhiteList:", ipAddress + "访问IP不在白名单中");
ReturnError(context, ipAddress + "访问IP不在白名单中");
}
}
private static bool isTempFile(string path)
{
if (string.IsNullOrWhiteSpace(path))
{
return(false);
}
var aspnetTemporaryFilesFolder = HttpContextUtils.GetAspnetTemporaryFilesFolder();
return(!string.IsNullOrWhiteSpace(aspnetTemporaryFilesFolder) &&
path.StartsWith(aspnetTemporaryFilesFolder, StringComparison.OrdinalIgnoreCase));
}
public int Run(string[] args)
{
new WebHostBuilder()
.UseKestrel()
.UseUrls(DependencyContainer.Resolve <IApplicationConfiguration>()?.Urls ?? new string[] { "http://localhost:5000" })
.ConfigureServices(x => x.AddSingleton <IHttpContextAccessor, HttpContextAccessor>())
.Configure(x =>
{
HttpContextUtils.Configure(x.ApplicationServices.GetRequiredService <IHttpContextAccessor>());
x.UseMiddleware <AspNetCoreAppInstance>();
})
.Build()
.Run();
return(0);
}
/// <summary>
/// 头部参数和sign加密验证
/// </summary>
/// <param name="context"></param>
private void VerifyHeaderParametersAndSign(ActionExecutingContext context)
{
var heads = context.HttpContext.Request.Headers;
string appId = "", transactionId = "", token = "", timestamp = "", sign = "", version = "";
foreach (var item in heads)
{
switch (item.Key.ToUpper())
{
case "APPID":
appId = item.Value;
break;
case "TRANSACTIONID":
transactionId = item.Value;
break;
case "TOKEN":
token = item.Value;
break;
case "TIMESTAMP":
timestamp = item.Value;
break;
case "SIGN":
sign = item.Value;
break;
case "VERSION":
version = item.Value;
break;
default:
break;
}
}
if (string.IsNullOrEmpty(appId))
{
ReturnError(context, "APPID不能为空");
}
if (string.IsNullOrEmpty(token))
{
ReturnError(context, "TOKEN不能为空");
}
if (string.IsNullOrEmpty(sign))
{
ReturnError(context, "SIGN不能为空");
}
if (string.IsNullOrEmpty(version))
{
ReturnError(context, "VERSION不能为空");
}
if (string.IsNullOrEmpty(transactionId))
{
ReturnError(context, "TransactionID不能为空");
}
else
{
try
{
if (transactionId.Length != 21)
{
ReturnError(context, "TransactionID为21位数字");
}
string datePart = transactionId.Substring(0, 17);
IFormatProvider ifp = new CultureInfo("zh-CN", true);
DateTime time;
bool isDate = DateTime.TryParseExact(datePart, "yyyyMMddHHmmssfff", ifp, DateTimeStyles.None, out time);
if (!isDate)
{
ReturnError(context, "TransactionID必须包含时间部分");
}
string serialNo = transactionId.Substring(17);
int number;
bool isNumber = int.TryParse(serialNo, out number);
if (!isNumber)
{
ReturnError(context, "TransactionID后4位必须为随机数字");
}
}
catch (Exception)
{
ReturnError(context, "TransactionID校验异常");
}
}
if (string.IsNullOrEmpty(timestamp))
{
ReturnError(context, "Timestamp不能为空");
}
else
{
try
{
if (timestamp.Length != 14)
{
ReturnError(context, "Timestamp为14位数字");
}
IFormatProvider ifp = new CultureInfo("zh-CN", true);
DateTime time;
bool isSuccess = DateTime.TryParseExact(timestamp, "yyyyMMddHHmmss", ifp, DateTimeStyles.None, out time);
if (!isSuccess)
{
ReturnError(context, "Timestamp必须为有效时间");
}
}
catch (Exception)
{
ReturnError(context, "Timestamp校验异常");
}
}
//验证Token
string secrectKey = "";
string parameter = string.Format("appId:{0}token:{1}timestamp:{2}sign:{3}", appId, token, timestamp, sign);
var resultInfo = TokenVerify(token);
var convertResultInfo = JsonConvert.DeserializeObject <dynamic>(resultInfo);
if ((string)convertResultInfo.Code == "0")
{
//secrectKey = convertResultInfo.resultinfo.secrect_key;
secrectKey = convertResultInfo.Data.secrect_key;
}
if (string.IsNullOrEmpty(secrectKey))
{
_Log4Net.Info(string.Format("token验证失败:{0}", parameter));
ReturnError(context, "token验证失败");
}
var key = appId + timestamp + secrectKey;
string md5str = HttpContextUtils.Md5Encrypt(key).ToUpper();
_Log4Net.Info(string.Format("api获取的签名参数:{0},加密后{1}------>", key, md5str));
_Log4Net.Info(string.Format("前端加密sign:{0}", sign));
if (sign != md5str)
{
_Log4Net.Info(string.Format("sign加密验证失败 前端:{0}api:{1}------>", sign, md5str));
ReturnError(context, "sign加密验证失败");
}
}
public BaseResponse GetSsoUserInfo(UserInfoRequest request)
{
try
{
var loginId = request.LoginId;
if (!string.IsNullOrWhiteSpace(request.LoginId))
{
var md5Data = HttpContextUtils.Md5Encrypt($"{loginId}-{ConfigVal.RelyingName}-{ConfigVal.Signing}");
var jsonData = JsonConvert.SerializeObject(new { LoginId = loginId, ConfigVal.RelyingName, Sign = md5Data.ToUpper() });
var result = HttpUtils.PostHttps(ConfigVal.TokenUrl + "/AccountToken/Token", jsonData);
#region 获取用户信息
_Log4Net.InfoFormat("Sso获取信息result:{0};AESKey: {1};AESIv: {2}", result, ConfigVal.AESKey, ConfigVal.AESIv);
string ssoUserInfoJson = AESEncryption.DecryptString(result, ConfigVal.AESKey, ConfigVal.AESIv);
if (ssoUserInfoJson.Contains("LoginId"))
{
_Log4Net.InfoFormat("Sso获取信息解密后数据:{0}", ssoUserInfoJson);
var ssoUserInfo = JsonConvert.DeserializeObject <SsoUserInfo>(ssoUserInfoJson);
var userInfoResponse = new UserInfoResponse
{
UserGuid = ssoUserInfo.UserDictionary.OnlyUserGuid,
Name = ssoUserInfo.UserDictionary.OnlyDisplayName,
Sex = ssoUserInfo.UserDictionary.OnlySex,
LevelOneOrgName = ssoUserInfo.UserDictionary.OnlyLevelOneUserOrgName,
OrganizationId = ssoUserInfo.UserDictionary.OnlyOrganizationId,
Organization = ssoUserInfo.UserDictionary.OnlyOrganization,
phone = ssoUserInfo.UserDictionary.OnlyMobile,
Email = ssoUserInfo.UserDictionary.OnlyPersonalEmail,
};
#endregion
#region 获取 api access_token
var tokenJsonData = JsonConvert.SerializeObject(new
{
client_id = ConfigVal.Appid,
secret = ConfigVal.Secret,
grant_type = ConfigVal.GrantType,
scope = ConfigVal.Scope,
refresh_token = ""
});
var gwResult = HttpUtils.PostHttps(ConfigVal.GwUrl + "api/OAuth2Token/token", tokenJsonData);
var gwResponse = JsonConvert.DeserializeObject <GatewayResponse>(gwResult);
if (gwResponse.resultinfo != null)
{
userInfoResponse.AccessToken = gwResponse.resultinfo.access_token;
userInfoResponse.Secrectkey = gwResponse.resultinfo.secrect_key;
}
else
{
return(ApiFailResult("获取token失败,请重新登录"));
}
#endregion
#region 获取用户权限点
if (userInfoResponse != null)
{
userInfoResponse.PermissionPoints = permissionDomainService.GetByUserId(userInfoResponse.UserGuid).Select(p => p.PermissionsAttributes).ToList();
}
#endregion
return(ApiSuccessResult(userInfoResponse));
}
else
{
return(ApiFailResult("登录超时,请重新登录"));
}
}
else
{
return(ApiFailResult("登录超时,请重新登录"));
}
}
catch (Exception ex)
{
_Log4Net.ErrorFormat("GetSsoUserInfo异常:{0}", ex.Message);
return(ApiErrorResult(ex.Message));
}
}
