public override void OnActionExecuting(HttpActionContext actionContext)
{
ResultMsg resultMsg = null;
string appId = string.Empty;
string sign = string.Empty;
if (actionContext.Request.Headers.Contains("appid"))
{
appId = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("appid").FirstOrDefault());
}
if (actionContext.Request.Headers.Contains("sign"))
{
sign = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("sign").FirstOrDefault());
}
//判断操作的controller名称是否是图片上传
if (actionContext.ActionDescriptor.ActionName == "SaveFileToSql")
{
base.OnActionExecuting(actionContext);
return;
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(appId) || string.IsNullOrEmpty(sign))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证签名算法
bool result = SignExtension.Validate(appId, sign);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
}
public string GetToken(string userName, string timestamp, bool remeberMe)
{
Token getToken = (Token)HttpRuntime.Cache.Get(userName);
var signToken = Guid.NewGuid().ToString();
if (getToken != null)
{
getToken.SignToken = SignExtension.GetSignToken(userName, signToken, timestamp);
getToken.ExpireTime = remeberMe ? DateTime.Now.AddYears(1) : DateTime.Now.AddDays(1);
HttpRuntime.Cache.Remove(userName);
HttpRuntime.Cache.Insert(userName, getToken);
return(signToken);
}
Token token = new Token();
token.SignToken = SignExtension.GetSignToken(userName, signToken, timestamp);
token.StaffId = userName;
token.ExpireTime = remeberMe ? DateTime.Now.AddYears(1) : DateTime.Now.AddDays(1);
HttpRuntime.Cache.Insert(userName, token);
return(signToken);
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ResultMsg resultMsg = null;
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//GetToken方法不需要进行签名验证
if (actionContext.ActionDescriptor.ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断token是否有效
Token token = (Token)HttpRuntime.Cache.Get(id.ToString());
string signtoken = string.Empty;
if (HttpRuntime.Cache.Get(id.ToString()) == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
//根据请求类型拼接参数
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
bool result = SignExtension.Validate(timestamp, nonce, id, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ServerLog.Log("新的请求");
ResultMsg resultMsg = null;
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = string.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
ServerLog.Log("StaffId:" + staffid);
ServerLog.Log("TimeStamp:" + timestamp);
ServerLog.Log("nonce:" + nonce);
if (string.IsNullOrWhiteSpace(staffid) || string.IsNullOrWhiteSpace(timestamp) || string.IsNullOrWhiteSpace(nonce))
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.ParameterError,
Info = StatusCodeEnum.ParameterError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
if (actionContext.ActionDescriptor.ActionName.Equals("GetToken"))
{
base.OnActionExecuting(actionContext);
return;
}
//double ts1 = 0;
//double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
//bool timespanvalidate = double.TryParse(timestamp, out ts1);
//double ts = ts2 - ts1;
//bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
//if (falg || (!timespanvalidate))
//{
// resultMsg = new ResultMsg() {
// StatusCode = (int)StatusCodeEnum.URLExpireError,
// Info = StatusCodeEnum.URLExpireError.GetEnumText(),
// Data=""
// };
// actionContext.Response = HttpResponseExtension.toJson(resultMsg);
// base.OnActionExecuting(actionContext);
// return;
//}
Token token = (Token)HttpRuntime.Cache.Get(staffid);
string signtoken = string.Empty;
if (null == HttpRuntime.Cache.Get(staffid))
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.TokenInvalid,
Info = StatusCodeEnum.TokenInvalid.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
signtoken = token.SignToken.ToString();
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrWhiteSpace(value))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.HttpMethodError,
Info = StatusCodeEnum.HttpMethodError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
bool result = SignExtension.Validate(timestamp, nonce, staffid, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.HttpRequestError,
Info = StatusCodeEnum.HttpRequestError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
base.OnActionExecuting(actionContext);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
ResultMsg resultMsg = null;
var request = context.HttpContext.Request;
string method = request.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.ContainsKey("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers["staffid"].FirstOrDefault());
}
if (request.Headers.ContainsKey("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers["timestamp"].FirstOrDefault());
}
if (request.Headers.ContainsKey("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers["nonce"].FirstOrDefault());
}
if (request.Headers.ContainsKey("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers["signature"].FirstOrDefault());
}
//GetToken方法不需要进行签名验证
if (((ControllerActionDescriptor)context.ActionDescriptor).ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
base.OnActionExecuting(context);
return;
}
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > 120 * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//判断token是否有效
Token token = (Token)CacheHelper.CacheValue(id.ToString());
string signtoken = string.Empty;
if (CacheHelper.CacheValue(id.ToString()) == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
//根据请求类型拼接参数
IQueryCollection form = context.HttpContext.Request.Query;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = context.HttpContext.Request.Body;
string responseJson = string.Empty;
if (stream != null)
{
stream.Seek(0, SeekOrigin.Begin);
using (var reader = new StreamReader(stream, Encoding.UTF8, true, 1024, true))
{
data = reader.ReadToEnd();
}
stream.Seek(0, SeekOrigin.Begin);
}
break;
case "GET":
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
foreach (string item in form.Keys)
{
parameters.Add(item, form[item]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
// 校验签名是否正确
bool result = SignExtension.Validate(timestamp, nonce, id, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//模型验证
if (!context.ModelState.IsValid)
{
resultMsg = new ResultMsg();
//throw new ApplicationException(context.ModelState.Values.First(p => p.Errors.Count > 0).Errors[0].ErrorMessage);
resultMsg.Info = context.ModelState.Values.First(p => p.Errors.Count > 0).Errors[0].ErrorMessage;
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
base.OnActionExecuting(context);
}
}
/// <summary>
/// 正在请求时
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
string isInterfaceSignature = ConfigHelper.GetValue("IsInterfaceSignature");
if (isInterfaceSignature.ToLower() == "false")
{
base.OnActionExecuting(actionContext);
return;
}
BaseJsonResult <string> resultMsg = null;
//操作上下文请求信息
HttpRequestMessage request = actionContext.Request;
//请求方法
//string method = request.Method.Method;
string appkey = string.Empty, timestamp = string.Empty, nonce = string.Empty, access_token = string.Empty;
//string authority = request.RequestUri.Authority;
//string host = request.RequestUri.Host;
//string port = request.RequestUri.Port.ToString();
//if (request.IsLocal())
//{
//}
//参数列表
//Dictionary<string, object> dictionary = actionContext.ActionArguments;
//if (dictionary.ContainsKey("arg"))
//{
//}
//用户编号
if (request.Headers.Contains("AppKey"))
{
appkey = HttpUtility.UrlDecode(request.Headers.GetValues("AppKey").FirstOrDefault());
}
//时间戳
if (request.Headers.Contains("TimeStamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("TimeStamp").FirstOrDefault());
}
//随机数
if (request.Headers.Contains("Nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("Nonce").FirstOrDefault());
}
//数字签名数据
if (request.Headers.Contains("Authorization"))
{
access_token = HttpUtility.UrlDecode(request.Headers.GetValues("Authorization").FirstOrDefault());
}
//接受客户端预请求
if (actionContext.Request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
base.OnActionExecuting(actionContext);
return;
}
//GetToken和Login方法不需要进行签名验证
string[] exceptRequest = GlobalConstCode.NOT_NEED_DIGITAL_SIGNATURE;
if (exceptRequest.Contains(actionContext.ActionDescriptor.ActionName))
{
if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce))
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = JsonObjectStatus.ParameterError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
//base.OnActionExecuting(actionContext);
//return;
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(access_token))
//if (string.IsNullOrEmpty(access_token) || string.IsNullOrEmpty(appkey))
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.ParameterError,
Message = JsonObjectStatus.ParameterError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
//判断当前时间戳是否有效
long now = (DateTime.Now.ToUniversalTime().Ticks - 621355968000000000) / 10000000;
//客户端传入得时间戳
long qeruest = 0;
bool timespanvalidate = long.TryParse(timestamp, out qeruest);
//当前时间必与请求时间差应在1分钟以内才算有效时间戳,防止伪造时间戳
bool falg = (now - qeruest) < 1 * 60;
//如果时间差大于1分钟或者时间戳转换失败则视为无效时间戳
if (!falg || !timespanvalidate)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.UrlExpireError,
Message = JsonObjectStatus.UrlExpireError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
//判断token是否有效
TokenViewModel token = CacheFactory.GetCache().Get <TokenViewModel>(appkey);
string serveraccesstoken = "AccessToken ";
if (token == null)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.TokenInvalid,
Message = JsonObjectStatus.TokenInvalid.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
return;
}
else
{
serveraccesstoken += token.AccessToken;
}
#region 请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串
//请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串
//string data;
//switch (method)//根据请求类型拼接参数
//{
// case "POST":
// Stream stream = HttpContext.Current.Request.InputStream;
// StreamReader streamReader = new StreamReader(stream);
// data = streamReader.ReadToEnd();
// break;
// case "GET":
// NameValueCollection form = HttpContext.Current.Request.QueryString;
// //第一步:取出所有get参数
// IDictionary<string, string> parameters = new Dictionary<string, string>();
// for (int f = 0; f < form.Count; f++)
// {
// string key = form.Keys[f];
// parameters.Add(key, form[key]);
// }
// // 第二步:把字典按Key的字母顺序排序
// IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters);
// // ReSharper disable once GenericEnumeratorNotDisposed
// IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator();
// // 第三步:把所有参数名和参数值串在一起
// StringBuilder query = new StringBuilder();
// while (dem.MoveNext())
// {
// string key = dem.Current.Key;
// string value = dem.Current.Value;
// if (!string.IsNullOrEmpty(key))
// {
// query.Append(key).Append(value);
// }
// }
// data = query.ToString();
// break;
// default:
// resultMsg = new BaseJson<string>
// {
// Status = (int)JsonObjectStatus.HttpMehtodError,
// Message = JsonObjectStatus.HttpMehtodError.GetEnumDescription(),
// Data = ""
// };
// actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage();
// base.OnActionExecuting(actionContext);
// return;
//}
#endregion
//校验签名信息
bool result = SignExtension.ValidateSign(appkey, nonce, timestamp, serveraccesstoken, access_token);
if (!result)
{
resultMsg = new BaseJsonResult <string>
{
Status = (int)JsonObjectStatus.HttpRequestError,
Message = JsonObjectStatus.HttpRequestError.GetEnumDescription(),
Data = ""
};
actionContext.Response = resultMsg.TryToHttpResponseMessage();
base.OnActionExecuting(actionContext);
}
else
{
base.OnActionExecuting(actionContext);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ResultMsg resultMsg = null;
var request = actionContext.Request;
string method = request.Method.Method;
string username = string.Empty;
string adminToken = string.Empty;//staffid+signToken+timestamp=admintoken
string timestamp = string.Empty;
string signToken = string.Empty;
if (request.Headers.Contains("username"))
{
username = HttpUtility.HtmlDecode(request.Headers.GetValues("username").FirstOrDefault());
}
if (request.Headers.Contains("adminToken"))
{
adminToken = HttpUtility.HtmlDecode(request.Headers.GetValues("adminToken").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.HtmlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
#region GetToken方法不需要验证
if (actionContext.ActionDescriptor.ActionName == "LoginOn")
{
//if (string.IsNullOrWhiteSpace(staffid))
//{
// resultMsg = new ResultMsg();
// resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
// resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
// resultMsg.Data = "";
// actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
// base.OnActionExecuting(actionContext);
// return;
//}
//else
//{
base.OnActionExecuting(actionContext);
return;
//}
}
#endregion
#region 头参数是否都存在
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(adminToken) ||
string.IsNullOrWhiteSpace(timestamp))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region timestamp 是否过期
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.UrlExpireError;
resultMsg.Info = StatusCodeEnum.UrlExpireError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
#endregion
#region 判断token是否有效
Token token = (Token)HttpRuntime.Cache.Get(username.ToString());
if (HttpRuntime.Cache.Get(username.ToString()) == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
}
else
{
signToken = token.SignToken.ToString();
}
#endregion
#region 验证请求参数是否正确
bool result = SignExtension.ValidateBase(username, signToken, timestamp, adminToken);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
}
#endregion
}
/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
ResultMessage retMsg = null;
var request = actionContext.Request;
string method = request.Method.Method.ToUpper();
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.Contains(StringResource.StaffId))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.StaffId).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.TimeStamp))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.TimeStamp).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.Nonce))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.Nonce).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.Signature))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.Signature).FirstOrDefault());
}
//验证参数合法性
if (actionContext.ActionDescriptor.ActionName == StringResource.GetToken)
{
if (ValidateParameters(out id))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
retMsg.Data = string.Empty;
retMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
}
else
{
base.OnActionExecuting(actionContext);
return;
}
if (ValidateParameters(out id))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
retMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证时间戳是否过期
double ts1 = 0;
double ts2 = 0;
ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
double ts = ts2 - ts1;
bool timespanValidate = double.TryParse(timestamp, out ts1);
bool flag = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (flag || (!timespanValidate))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
retMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证Token有效性
Token token = (Token)HttpRuntime.Cache.Get(id.ToString());
string signToken = string.Empty;
if (null == HttpRuntime.Cache.Get(id.ToString()))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
retMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
retMsg.Data = string.Empty;
}
else
{
signToken = token.SignToken.ToString();
}
//根据请求类型(POST/GET)拼接参数
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case StringResource.Post:
string resp = string.Empty;
Stream stream = HttpContext.Current.Request.InputStream;
StreamReader reader = new StreamReader(stream);
resp = reader.ReadToEnd();
data = resp;
break;
case StringResource.Get:
IDictionary <string, string> dic = new Dictionary <string, string>();
for (int i = 0; i < form.Count; i++)
{
string key = form.Keys[i];
dic.Add(key, form[key]);
}
//排序
IDictionary <string, string> sortDic = new SortedDictionary <string, string>(dic);
IEnumerator <KeyValuePair <string, string> > kvp = sortDic.GetEnumerator();
StringBuilder queryUrl = new StringBuilder();
StringBuilder query = new StringBuilder();
while (kvp.MoveNext())
{
var item = kvp.Current;
query.Append(item.Key);
query.Append(item.Value);
}
data = query.ToString();
break;
default:
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
retMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
bool signSuccess = SignExtension.Validate(timestamp, nonce, id, signToken, data, signature);
if (signSuccess)
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
retMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
}
base.OnActionExecuting(actionContext);
}
