public async Task <HttpResponseMessage> GetToken(string staffId) { return(await Task.Run(() => { ResultMsg resultMsg = new ResultMsg(); int id = 0; //判断参数是否合法 if (string.IsNullOrEmpty(staffId) || (!int.TryParse(staffId, out id))) { resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError); resultMsg.Data = ""; } else { //插入缓存 Token token = RedisHelper.Get <Token>(id.ToString()); if (token == null) { token = new Token(); token.StaffId = id; token.SignToken = Guid.NewGuid(); token.ExpireTime = DateTime.Now.AddDays(1); RedisHelper.Set(token.StaffId.ToString(), token, token.ExpireTime); } //返回token信息 resultMsg.Data = token; } return resultMsg.ToJson().ResponseMessage(); })); }
public async Task Invoke(DownstreamContext context) { await _next.Invoke(context); if (context.IsError) { var errmsg = context.Errors[0].Message; int httpstatus = _codeMapper.Map(context.Errors); var errResult = new ResultMsg() { Success = false, Code = httpstatus, Msg = errmsg }; var message = errResult.ToJson().ToLower(); context.HttpContext.Response.ContentType = "application/json;charset=utf-8"; context.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK; await context.HttpContext.Response.WriteAsync(message); return; } else if (context.DownstreamResponse == null)//如果管道强制终止,不做任何处理,修复未将对象实例化错误 { } else // 继续请求下游地址返回 { Logger.LogDebug("no pipeline errors, setting and returning completed response"); await _responder.SetResponseOnHttpContext(context.HttpContext, context.DownstreamResponse); } }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { ResultMsg resultMsg = new ResultMsg(); var request = actionContext.Request; string method = request.Method.Method; string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty; int id = 0; //httpclient预热会发送HEAD请求 if (method.ToUpper().Equals("HEAD")) { return; } if (request.Headers.Contains("staffid")) { staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault()); } if (request.Headers.Contains("staffkey")) { staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault()); } if (request.Headers.Contains("timestamp")) { timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault()); } if (request.Headers.Contains("nonce")) { nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault()); } if (request.Headers.Contains("signature")) { signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault()); } #region 判断请求头是否包含以下参数 if ( string.IsNullOrEmpty(staffid) || !int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(staffkey) )//|| string.IsNullOrEmpty(signature) { resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion #region 得到管理员后台 staffId 与 staffKey string staffidforApi = ConfigurationManager.AppSettings["StaffId_1001"]; string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_1001"]; string staffidforSceneicApi = ConfigurationManager.AppSettings["StaffId_1006"]; string staffkeyforSceneicApi = ConfigurationManager.AppSettings["StaffKey_1006"]; if ( !(staffidforApi.Equals(staffid) && staffkeyforApi.Equals(staffkey)) && !(staffidforSceneicApi.Equals(staffid) && staffkeyforSceneicApi.Equals(staffkey)) ) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized); resultMsg.Data = ""; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion base.OnActionExecuting(actionContext); }
public virtual Task <System.Net.Http.HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <System.Net.Http.HttpResponseMessage> > continuation) { ResultMsg resultMsg = new ResultMsg(); var task = actionContext.Request.Content.ReadAsStreamAsync(); string content = string.Empty; //加密内容 using (System.IO.Stream sm = task.Result) { if (sm != null) { sm.Seek(0, SeekOrigin.Begin); int len = (int)sm.Length; byte[] inputByts = new byte[len]; sm.Read(inputByts, 0, len); sm.Close(); content = Encoding.UTF8.GetString(inputByts); } } string method = actionContext.Request.Method.Method; if (method.ToLower() != "post") { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); return(continuation()); } TuLvRequest resquest = Json.ToObject <TuLvRequest>(content); string body = resquest.RequestBody; string userId = resquest._RequestHead.UserId; string userKey = resquest._RequestHead.UserKey; string sign = resquest._RequestHead.Sign; string signsafe = GetMD5Str(resquest._RequestHead.UserId + resquest._RequestHead.TimeStamp + resquest._RequestHead.Version + resquest.RequestBody + resquest._RequestHead.UserKey); if (sign != signsafe) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); return(continuation()); } //判断用户名(user_id)和密码在数据中是否是有效状态 bool isError = false; string errorInfo = isError ? "该用户不存在" : ""; if (!isError) { errorInfo = isError ? "该用户已被删除" : ""; } if (!isError) { errorInfo = isError ? "该用户已被禁用" : ""; } if (!isError) { errorInfo = isError ? "该用户密码错误" : ""; } if (isError) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized; resultMsg.Info = errorInfo; resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); return(continuation()); } //填充参数json string jsonHeadStr = resquest._RequestHead.ToJson(); string jsonBodyStr = Decrypt(body, EncryptKey); actionContext.Request.Properties["jsonHeadStr"] = jsonHeadStr; //actionContext.Request.Properties["jsonBodyStr"] = jsonBodyStr; if (actionContext.Request.Method == HttpMethod.Post) { actionContext.Request.Content = new StringContent(jsonBodyStr, Encoding.UTF8, "application/json"); } return(continuation()); }
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0) // 允许匿名访问 { base.OnActionExecuting(actionContext); return; } ResultMsg resultMsg = new ResultMsg(); var request = actionContext.Request; string method = request.Method.Method; string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty, staffkey = string.Empty; int id = 0; //httpclient预热会发送HEAD请求 if (method.ToUpper().Equals("HEAD")) { return; } if (request.Headers.Contains("staffid")) { staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault()); } if (request.Headers.Contains("staffkey")) { staffkey = HttpUtility.UrlDecode(request.Headers.GetValues("staffkey").FirstOrDefault()); } if (request.Headers.Contains("timestamp")) { timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault()); } if (request.Headers.Contains("nonce")) { nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault()); } if (request.Headers.Contains("signature")) { signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault()); } #region 对请求进行验证 if (!method.ToUpper().Equals("POST") && !method.ToUpper().Equals("DELETE") && !method.ToUpper().Equals("GET") && !method.ToUpper().Equals("PUT") ) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpMehtodError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpMehtodError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); } #endregion #region 判断请求头是否包含以下参数 if ( string.IsNullOrEmpty(staffid) || !int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(staffkey) || string.IsNullOrEmpty(signature) ) { resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion #region 校验客户端 与服务端 staffId 与 staffKey string staffidforApi = ConfigurationManager.AppSettings["StaffId_" + staffid]; string staffkeyforApi = ConfigurationManager.AppSettings["StaffKey_" + staffid]; if (string.IsNullOrEmpty(staffidforApi) || string.IsNullOrEmpty(staffkeyforApi)) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized); resultMsg.Data = ""; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } if (!staffidforApi.Equals(staffid) || !staffkeyforApi.Equals(staffkey)) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.Unauthorized; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.Unauthorized); resultMsg.Data = ""; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion #region 判断timespan是否有效 double ts1 = 0; double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds; bool timespanvalidate = double.TryParse(timestamp, out ts1); double ts = ts2 - ts1; bool falg = ts > ConfigurationManager.AppSettings["UrlExpireTime"].ToInt() * 1000; if (falg || (!timespanvalidate)) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.URLExpireError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.URLExpireError); resultMsg.Data = ""; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion #region GetToken方法不需要进行签名验证 if (actionContext.ActionDescriptor.ActionName == "GetToken") { if (string.IsNullOrEmpty(staffid) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)) { resultMsg.StatusCode = (int)E_StatusCodeForApi.ParameterError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.ParameterError); resultMsg.IsSuccess = false; resultMsg.Data = ""; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } else { base.OnActionExecuting(actionContext); return; } } #endregion #region 判断token是否有效 Token token = RedisHelper.Get <Token>(id.ToString()); string signtoken = string.Empty; if (token == null) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.TokenInvalid; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.TokenInvalid); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } else { signtoken = token.SignToken.ToString(); } #endregion #region 判断签名是否有效 bool result = Validate(timestamp, nonce, id, token.SignToken.ToString(), signature); if (!result) { resultMsg = new ResultMsg(); resultMsg.StatusCode = (int)E_StatusCodeForApi.HttpRequestError; resultMsg.Info = EnumDisplayNameAttribute.GetEnumDescription(E_StatusCodeForApi.HttpRequestError); resultMsg.Data = ""; resultMsg.IsSuccess = false; actionContext.Response = resultMsg.ToJson().ResponseMessage(); base.OnActionExecuting(actionContext); return; } #endregion base.OnActionExecuting(actionContext); }