public override void OnActionExecuting(HttpActionContext actionContext)
{
ResultMsg resultMsg = null;
string appId = string.Empty;
string sign = string.Empty;
if (actionContext.Request.Headers.Contains("appid"))
{
appId = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("appid").FirstOrDefault());
}
if (actionContext.Request.Headers.Contains("sign"))
{
sign = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("sign").FirstOrDefault());
}
//判断操作的controller名称是否是图片上传
if (actionContext.ActionDescriptor.ActionName == "SaveFileToSql")
{
base.OnActionExecuting(actionContext);
return;
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(appId) || string.IsNullOrEmpty(sign))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证签名算法
bool result = SignExtension.Validate(appId, sign);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ResultMsg resultMsg = null;
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//GetToken方法不需要进行签名验证
if (actionContext.ActionDescriptor.ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断token是否有效
Token token = (Token)HttpRuntime.Cache.Get(id.ToString());
string signtoken = string.Empty;
if (HttpRuntime.Cache.Get(id.ToString()) == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
//根据请求类型拼接参数
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
bool result = SignExtension.Validate(timestamp, nonce, id, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
ServerLog.Log("新的请求");
ResultMsg resultMsg = null;
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = string.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
ServerLog.Log("StaffId:" + staffid);
ServerLog.Log("TimeStamp:" + timestamp);
ServerLog.Log("nonce:" + nonce);
if (string.IsNullOrWhiteSpace(staffid) || string.IsNullOrWhiteSpace(timestamp) || string.IsNullOrWhiteSpace(nonce))
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.ParameterError,
Info = StatusCodeEnum.ParameterError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
if (actionContext.ActionDescriptor.ActionName.Equals("GetToken"))
{
base.OnActionExecuting(actionContext);
return;
}
//double ts1 = 0;
//double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
//bool timespanvalidate = double.TryParse(timestamp, out ts1);
//double ts = ts2 - ts1;
//bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
//if (falg || (!timespanvalidate))
//{
// resultMsg = new ResultMsg() {
// StatusCode = (int)StatusCodeEnum.URLExpireError,
// Info = StatusCodeEnum.URLExpireError.GetEnumText(),
// Data=""
// };
// actionContext.Response = HttpResponseExtension.toJson(resultMsg);
// base.OnActionExecuting(actionContext);
// return;
//}
Token token = (Token)HttpRuntime.Cache.Get(staffid);
string signtoken = string.Empty;
if (null == HttpRuntime.Cache.Get(staffid))
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.TokenInvalid,
Info = StatusCodeEnum.TokenInvalid.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
signtoken = token.SignToken.ToString();
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrWhiteSpace(value))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.HttpMethodError,
Info = StatusCodeEnum.HttpMethodError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
bool result = SignExtension.Validate(timestamp, nonce, staffid, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg()
{
StatusCode = (int)StatusCodeEnum.HttpRequestError,
Info = StatusCodeEnum.HttpRequestError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.toJson(resultMsg);
base.OnActionExecuting(actionContext);
return;
}
base.OnActionExecuting(actionContext);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
ResultMsg resultMsg = null;
var request = context.HttpContext.Request;
string method = request.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.ContainsKey("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers["staffid"].FirstOrDefault());
}
if (request.Headers.ContainsKey("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers["timestamp"].FirstOrDefault());
}
if (request.Headers.ContainsKey("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers["nonce"].FirstOrDefault());
}
if (request.Headers.ContainsKey("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers["signature"].FirstOrDefault());
}
//GetToken方法不需要进行签名验证
if (((ControllerActionDescriptor)context.ActionDescriptor).ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
base.OnActionExecuting(context);
return;
}
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature)))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > 120 * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//判断token是否有效
Token token = (Token)CacheHelper.CacheValue(id.ToString());
string signtoken = string.Empty;
if (CacheHelper.CacheValue(id.ToString()) == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
//根据请求类型拼接参数
IQueryCollection form = context.HttpContext.Request.Query;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = context.HttpContext.Request.Body;
string responseJson = string.Empty;
if (stream != null)
{
stream.Seek(0, SeekOrigin.Begin);
using (var reader = new StreamReader(stream, Encoding.UTF8, true, 1024, true))
{
data = reader.ReadToEnd();
}
stream.Seek(0, SeekOrigin.Begin);
}
break;
case "GET":
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
foreach (string item in form.Keys)
{
parameters.Add(item, form[item]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
// 校验签名是否正确
bool result = SignExtension.Validate(timestamp, nonce, id, signtoken, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
//模型验证
if (!context.ModelState.IsValid)
{
resultMsg = new ResultMsg();
//throw new ApplicationException(context.ModelState.Values.First(p => p.Errors.Count > 0).Errors[0].ErrorMessage);
resultMsg.Info = context.ModelState.Values.First(p => p.Errors.Count > 0).Errors[0].ErrorMessage;
context.Result = new JsonResult(resultMsg);
base.OnActionExecuting(context);
return;
}
else
{
base.OnActionExecuting(context);
}
}
/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
ResultMessage retMsg = null;
var request = actionContext.Request;
string method = request.Method.Method.ToUpper();
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id = 0;
if (request.Headers.Contains(StringResource.StaffId))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.StaffId).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.TimeStamp))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.TimeStamp).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.Nonce))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.Nonce).FirstOrDefault());
}
if (request.Headers.Contains(StringResource.Signature))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues(StringResource.Signature).FirstOrDefault());
}
//验证参数合法性
if (actionContext.ActionDescriptor.ActionName == StringResource.GetToken)
{
if (ValidateParameters(out id))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
retMsg.Data = string.Empty;
retMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
}
else
{
base.OnActionExecuting(actionContext);
return;
}
if (ValidateParameters(out id))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
retMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证时间戳是否过期
double ts1 = 0;
double ts2 = 0;
ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
double ts = ts2 - ts1;
bool timespanValidate = double.TryParse(timestamp, out ts1);
bool flag = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (flag || (!timespanValidate))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
retMsg.Info = StatusCodeEnum.URLExpireError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
//验证Token有效性
Token token = (Token)HttpRuntime.Cache.Get(id.ToString());
string signToken = string.Empty;
if (null == HttpRuntime.Cache.Get(id.ToString()))
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
retMsg.Info = StatusCodeEnum.TokenInvalid.GetEnumText();
retMsg.Data = string.Empty;
}
else
{
signToken = token.SignToken.ToString();
}
//根据请求类型(POST/GET)拼接参数
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case StringResource.Post:
string resp = string.Empty;
Stream stream = HttpContext.Current.Request.InputStream;
StreamReader reader = new StreamReader(stream);
resp = reader.ReadToEnd();
data = resp;
break;
case StringResource.Get:
IDictionary <string, string> dic = new Dictionary <string, string>();
for (int i = 0; i < form.Count; i++)
{
string key = form.Keys[i];
dic.Add(key, form[key]);
}
//排序
IDictionary <string, string> sortDic = new SortedDictionary <string, string>(dic);
IEnumerator <KeyValuePair <string, string> > kvp = sortDic.GetEnumerator();
StringBuilder queryUrl = new StringBuilder();
StringBuilder query = new StringBuilder();
while (kvp.MoveNext())
{
var item = kvp.Current;
query.Append(item.Key);
query.Append(item.Value);
}
data = query.ToString();
break;
default:
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
retMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
bool signSuccess = SignExtension.Validate(timestamp, nonce, id, signToken, data, signature);
if (signSuccess)
{
retMsg = new ResultMessage();
retMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
retMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
retMsg.Data = string.Empty;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(retMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
}
base.OnActionExecuting(actionContext);
}