public HttpResponseMessage GetToken(string appkey, string appsecret) { BaseJson <Token_Preview> resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.Error, Message = "服务器未知错误。", Data = null }; Logger(typeof(OAuthController), "", "根据AppKey获取Token-GetToken", () => { //判断参数是否合法 if (string.IsNullOrEmpty(appkey) && string.IsNullOrEmpty(appsecret)) { resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.ParameterError, Message = JsonObjectStatus.ParameterError.GetEnumText(), Data = null }; } else { string exp = GlobalStaticConstant.REGRXP_APP_KEY; bool validate = StringHelper.QuickValidate(exp, appkey); if (!validate) { resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.ParameterError, Data = null, Message = JsonObjectStatus.ParameterError.GetEnumText(), BackUrl = "" }; } else { //TODO 核对是否存在appkey以及校验appsecret是否正确 AppKeyEntity appKeyEntity = _appKeyBll.GetEntity(a => a.AppKey.Equals(appkey)); if (appKeyEntity != null) { //比对密钥 if (appKeyEntity.AppSecret.Equals(appsecret)) { //获取缓存Token信息 Token_Preview token = CacheFactory.Cache().GetCache <Token_Preview>(appkey); if (token == null) { //过期时间 DateTime time = DateTimeHelper.Now.AddHours(GlobalStaticConstant.TOKEN_EXPIRE_TIME); string accessToken = GetSignToken(appkey); token = new Token_Preview { AppKey = appkey, AccessToken = accessToken, ExpireTime = time.ToString("yyyy-MM-dd HH:mm:ss") }; //插入缓存 CacheFactory.Cache().WriteCache(token, token.AppKey, time); } //返回token信息 resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.Success, Message = JsonObjectStatus.Success.GetEnumText(), Data = token }; } else { resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.Fail, Message = "AppSecret无效。", Data = null }; } } else { resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.Fail, Message = "AppKey不存在。", Data = null }; } } } }, e => { resultMsg = new BaseJson <Token_Preview> { Status = (int)JsonObjectStatus.Exception, Message = JsonObjectStatus.Exception.GetEnumText() + ",异常信息:" + e.Message, Data = null }; }, null, ErrorHandel.Continue); return(resultMsg.ToJson().ToHttpResponseMessage()); }
/// <summary> /// 正在请求时 /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { string isInterfaceSignature = ConfigHelper.GetValue("IsInterfaceSignature"); if (isInterfaceSignature == "false") { base.OnActionExecuting(actionContext); return; } BaseJson <string> resultMsg = null; //操作上下文请求信息 HttpRequestMessage request = actionContext.Request; //请求方法 //string method = request.Method.Method; string appkey = string.Empty, timestamp = string.Empty, nonce = string.Empty, access_token = string.Empty; //string authority = request.RequestUri.Authority; //string host = request.RequestUri.Host; //string port = request.RequestUri.Port.ToString(); //if (request.IsLocal()) //{ //} //参数列表 //Dictionary<string, object> dictionary = actionContext.ActionArguments; //if (dictionary.ContainsKey("arg")) //{ //} //用户编号 if (request.Headers.Contains("AppKey")) { appkey = HttpUtility.UrlDecode(request.Headers.GetValues("AppKey").FirstOrDefault()); } //时间戳 if (request.Headers.Contains("TimeStamp")) { timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("TimeStamp").FirstOrDefault()); } //随机数 if (request.Headers.Contains("Nonce")) { nonce = HttpUtility.UrlDecode(request.Headers.GetValues("Nonce").FirstOrDefault()); } //数字签名数据 if (request.Headers.Contains("Authorization")) { access_token = HttpUtility.UrlDecode(request.Headers.GetValues("Authorization").FirstOrDefault()); } //接受客户端预请求 if (actionContext.Request.Method == HttpMethod.Options) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted); base.OnActionExecuting(actionContext); return; } //GetToken和Login方法不需要进行签名验证 string[] exceptRequest = GlobalStaticConstant.NOT_NEED_DIGITAL_SIGNATURE; if (exceptRequest.Contains(actionContext.ActionDescriptor.ActionName)) { if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)) { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.ParameterError, Message = JsonObjectStatus.ParameterError.GetEnumText(), Data = "" }; actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); base.OnActionExecuting(actionContext); return; } else { base.OnActionExecuting(actionContext); return; } //base.OnActionExecuting(actionContext); //return; } //判断请求头是否包含以下参数 if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(access_token)) //if (string.IsNullOrEmpty(access_token) || string.IsNullOrEmpty(appkey)) { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.ParameterError, Message = JsonObjectStatus.ParameterError.GetEnumText(), Data = "" }; actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); base.OnActionExecuting(actionContext); return; } //判断当前时间戳是否有效 long now = (DateTime.Now.ToUniversalTime().Ticks - 621355968000000000) / 10000000; //客户端传入得时间戳 bool timespanvalidate = long.TryParse(timestamp, out long qeruest); //当前时间必与请求时间差应在1分钟以内才算有效时间戳,防止伪造时间戳 bool falg = (now - qeruest) < 1 * 60; //如果时间差大于1分钟或者时间戳转换失败则视为无效时间戳 if (!falg || !timespanvalidate) { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.UrlExpireError, Message = JsonObjectStatus.UrlExpireError.GetEnumText(), Data = "" }; actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); base.OnActionExecuting(actionContext); return; } //判断token是否有效 Token_Preview token = CacheFactory.Cache().GetCache <Token_Preview>(appkey); string serveraccesstoken = "AccessToken "; if (token == null) { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.TokenInvalid, Message = JsonObjectStatus.TokenInvalid.GetEnumText(), Data = "" }; actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); base.OnActionExecuting(actionContext); return; } else { serveraccesstoken += token.AccessToken; } #region 请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串 //请求参数签名,GET请求即参数不带?、&、=符号,如id1nametest;POST请求将数据序列化成Json字符串 //string data; //switch (method)//根据请求类型拼接参数 //{ // case "POST": // Stream stream = HttpContext.Current.Request.InputStream; // StreamReader streamReader = new StreamReader(stream); // data = streamReader.ReadToEnd(); // break; // case "GET": // NameValueCollection form = HttpContext.Current.Request.QueryString; // //第一步:取出所有get参数 // IDictionary<string, string> parameters = new Dictionary<string, string>(); // for (int f = 0; f < form.Count; f++) // { // string key = form.Keys[f]; // parameters.Add(key, form[key]); // } // // 第二步:把字典按Key的字母顺序排序 // IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters); // // ReSharper disable once GenericEnumeratorNotDisposed // IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator(); // // 第三步:把所有参数名和参数值串在一起 // StringBuilder query = new StringBuilder(); // while (dem.MoveNext()) // { // string key = dem.Current.Key; // string value = dem.Current.Value; // if (!string.IsNullOrEmpty(key)) // { // query.Append(key).Append(value); // } // } // data = query.ToString(); // break; // default: // resultMsg = new BaseJson<string> // { // Status = (int)JsonObjectStatus.HttpMehtodError, // Message = JsonObjectStatus.HttpMehtodError.GetEnumText(), // Data = "" // }; // actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); // base.OnActionExecuting(actionContext); // return; //} #endregion //校验签名信息 bool result = SignExtension.ValidateSign(appkey, nonce, timestamp, serveraccesstoken, access_token); if (!result) { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.HttpRequestError, Message = JsonObjectStatus.HttpRequestError.GetEnumText(), Data = "" }; actionContext.Response = resultMsg.ToJson().ToHttpResponseMessage(); base.OnActionExecuting(actionContext); } else { base.OnActionExecuting(actionContext); } }
public HttpResponseMessage SaveAdvertisement(SaveAdvertisementArgEntity arg) { BaseJson <string> resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.Error, Message = "服务器未知错误。", Data = null }; Logger(typeof(AdvertisementController), arg.TryToJson(), "保存广告-SaveAdvertisement", () => { if (!string.IsNullOrEmpty(arg.t) && !string.IsNullOrEmpty(arg.Appkey) && !string.IsNullOrEmpty(arg.AccessToken)) { if (arg.t.CheckTimeStamp()) { //获取缓存Token信息 Token_Preview token = CacheFactory.Cache().GetCache <Token_Preview>(arg.Appkey); if (token != null) { //校验授权码 string tokenStr = token.AccessToken; if (!string.IsNullOrEmpty(tokenStr) && tokenStr.Equals(arg.AccessToken)) { AdvertisementEntity entity = new AdvertisementEntity { Title = arg.Title, Category = arg.Which == "0" ? "主站" : arg.Which == "1" ? "开奖网" : arg.Which == "2" ? "手机站" : "", CategoryId = arg.Which, Position = arg.Position, Href = arg.Href, TermOfValidity = arg.OverTime }; if (!string.IsNullOrEmpty(arg.Id)) { entity.IsEnable = true; advertisementBll.SaveForm(arg.Id, entity); } else { AdvertisementEntity temp = advertisementBll.GetEntity(a => a.CategoryId.Equals(arg.Which) && a.Position == arg.Position); if (temp != null) { entity.IsEnable = true; advertisementBll.SaveForm(temp.ID, entity); } } //清理缓存 Cache.Factory.CacheFactory.Cache().RemoveCache("Advertisement_Html_" + arg.Which); resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.Success, Data = null, Message = JsonObjectStatus.Success.GetEnumText(), BackUrl = null }; } else { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.TokenInvalid, Data = null, Message = JsonObjectStatus.TokenInvalid.GetEnumText(), BackUrl = null }; } } else { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.TokenInvalid, Data = null, Message = JsonObjectStatus.TokenInvalid.GetEnumText(), BackUrl = null }; } } else { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.Fail, Data = null, Message = JsonObjectStatus.Fail.GetEnumText() + ",无效参数。", BackUrl = null }; } } else { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.Fail, Data = null, Message = JsonObjectStatus.Fail.GetEnumText() + ",请求参数为空。", BackUrl = null }; } }, e => { resultMsg = new BaseJson <string> { Status = (int)JsonObjectStatus.Exception, Data = null, Message = JsonObjectStatus.Exception.GetEnumText() + ",异常信息:" + e.Message, BackUrl = null }; }); return(resultMsg.TryToJson().ToHttpResponseMessage()); }