public Task OnExceptionAsync(HttpActionExecutedContext actionExecutedContext, CancellationToken cancellationToken)
{
var response = new HttpResponseMessage();
response.StatusCode = HttpStatusCode.OK;
var responseContent = new ResponseBaseModel();
if (actionExecutedContext.Exception is LogicErrorException)
{
responseContent.SetResponse(ResStatusCode.LogicError, actionExecutedContext.Exception.Message);
}
else if (actionExecutedContext.Exception is UnAuthorizeException)
{
responseContent.SetResponse(ResStatusCode.UnAuthorize, actionExecutedContext.Exception.Message);
}
else if (actionExecutedContext.Exception is UnAuthenticateException)
{
responseContent.SetResponse(ResStatusCode.UnAuthenticate, actionExecutedContext.Exception.Message);
}
else if(actionExecutedContext.Exception is FrontInputValidateErrorException)
{
responseContent.SetResponse(ResStatusCode.FrontInputValidateError, actionExecutedContext.Exception.Message);
}
else if (actionExecutedContext.Exception is UserInputValidateErrorException)
{
responseContent.SetResponse(ResStatusCode.UserInputValidateError, actionExecutedContext.Exception.Message);
}
else
{
responseContent.SetResponse(ResStatusCode.InternalServerError, "服务器内部错误");
_logger.Error(JsonConvert.SerializeObject(new { uri = actionExecutedContext.Request.RequestUri, head = actionExecutedContext.Request.Headers, content = actionExecutedContext.Request.Content }), actionExecutedContext.Exception);
}
response.Content = new StringContent(JsonConvert.SerializeObject(responseContent));
actionExecutedContext.Response = response;
actionExecutedContext.Response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return Task.FromResult(0);
}
public Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
if (!actionContext.ModelState.IsValid)
{
IDictionary <string, IEnumerable <string> > errors = new Dictionary <string, IEnumerable <string> >();
ResponseBaseModel responseContent = new ResponseBaseModel();
responseContent.code = ResStatusCode.UserInputValidateError;
foreach (var keyModelStatePair in actionContext.ModelState)
{
if (keyModelStatePair.Value.Errors != null && keyModelStatePair.Value.Errors.Count > 0)
{
IEnumerable <string> errorMessages = keyModelStatePair.Value.Errors
.Where(s => !string.IsNullOrEmpty(s.ErrorMessage))
.Select(s => s.ErrorMessage).ToList();
string key = keyModelStatePair.Key;
if (keyModelStatePair.Key.Split('.').Count() > 0)
{
key = string.Join(".", keyModelStatePair.Key.Split('.').Skip(1));
}
errors.Add(key, errorMessages);
}
}
//暂时性先显示第一个错误
//if (errors.Count > 0)
//{
// responseContent.message = errors.First().Value.First();
//}
responseContent.message = Newtonsoft.Json.JsonConvert.SerializeObject(errors);
actionContext.Response = new System.Net.Http.HttpResponseMessage();
actionContext.Response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(responseContent));
actionContext.Response.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/json");
actionContext.Response.Content.Headers.ContentEncoding.Add("utf-8");
}
return(Task.FromResult(0));
}
public Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
var actionAttrs = actionContext.ActionDescriptor.GetCustomAttributes <CustomAuthorizeAttribute>();
if (actionAttrs.Count > 0)
{
var responseBaseModel = new ResponseBaseModel();
ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
if (principal != null && principal.Identity.IsAuthenticated)
{
//认证成功
if (actionAttrs.Any(s => null != s.Roles && s.Roles.Count() > 0))
{
//需要验证权限的情况
List <Role> needRoles = actionAttrs
.Select(s => s.Roles.Select(m => new Role()
{
roleType = s.RoleType, roleCode = m
}).ToList())
.Aggregate((result, next) =>
{
result.AddRange(next.Where(s => !result.Exists(m => m.roleType.Equals(s.roleType) && m.roleCode.Equals(s.roleCode))));
return(result);
});
//当前用户具有的权限
//var oAuthRoles = principal.Claims.Where(s => s.Type.Equals(ClaimTypes.Role)).Select(s => s.Value).ToList();
//List<Role> localRoles = identityService.TransformOAuthRoleToLocalRole(oAuthRoles);
var userMail = ((ClaimsIdentity)principal.Identity).FindFirst(ClaimTypes.Email).Value;
var userRepoModel = this.userRepository.GetUser(userMail);
List <Role> localRoles = userRepoModel.roleList;
var reqParams = actionContext.ActionArguments.Values.FirstOrDefault() as RequestBaseModel;
if (needRoles.Count(s => s.roleType.Equals(RoleType.Team)).Equals(needRoles.Count()) && (null == reqParams || reqParams.teamID == 0))
{
//为了可读性,因此不采用!needRoles.Exists(s=>!s.roleType.Equals(RoleType.Team))
//全部是团队的角色
responseBaseModel.SetResponse(ResStatusCode.FrontInputValidateError, "团队ID不能为空");
SetOAuthErrorResponse(actionContext, responseBaseModel);
}
else if (needRoles.Count(s => s.roleType.Equals(RoleType.Project)).Equals(needRoles.Count()) && (null == reqParams || reqParams.projectID == 0))
{
//全部是项目的角色
responseBaseModel.SetResponse(ResStatusCode.FrontInputValidateError, "项目ID不能为空");
SetOAuthErrorResponse(actionContext, responseBaseModel);
}
else if (null == reqParams || (reqParams.teamID == 0 && reqParams.projectID == 0))
{
//混合项目和团队的角色(一般不可能发生)
responseBaseModel.SetResponse(ResStatusCode.FrontInputValidateError, "团队ID和项目ID不能同时为空");
SetOAuthErrorResponse(actionContext, responseBaseModel);
}
else if (!CheckAuthorize(localRoles, needRoles, reqParams))
{
//无角色匹配
responseBaseModel.SetResponse(ResStatusCode.UnAuthorize, "未授权用户");
SetOAuthErrorResponse(actionContext, responseBaseModel);
}
}
}
else
{
//认证失败
responseBaseModel.SetResponse(ResStatusCode.UnAuthenticate, "未认证用户");
SetOAuthErrorResponse(actionContext, responseBaseModel);
}
#region 废弃代码
//var response = new HttpResponseMessage();
//var responseContent = new ResponseBaseModel();
//var resMsg = new List<string>();
//var reqParams = (RequestBaseModel)actionContext.ActionArguments.Values.FirstOrDefault();
//reqParams = reqParams == null ? new RequestBaseModel() : reqParams;
//if (string.IsNullOrEmpty(reqParams.createUser))
//{
// resMsg.Add("创建人未填");
//}
//if (string.IsNullOrEmpty(reqParams.createUserName))
//{
// resMsg.Add("创建人姓名未填");
//}
//if (reqParams.createTime < 0)
//{
// resMsg.Add("创建时间未填");
//}
//if (string.IsNullOrEmpty(reqParams.token))
//{
// resMsg.Add("token未填");
//}
//if (resMsg.Count > 0)
//{
// responseContent.SetResponse(ResStatusCode.UnAuthenticate, String.Join(",", resMsg));
// response.Content = new StringContent(JsonConvert.SerializeObject(responseContent));
// actionContext.Response = response;
// actionContext.Response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
//}
#endregion
}
return(Task.FromResult(0));
}
public void SetOAuthErrorResponse(HttpActionContext actionContext, ResponseBaseModel content)
{
actionContext.Response = new HttpResponseMessage();
actionContext.Response.Content = new StringContent(JsonConvert.SerializeObject(content));
actionContext.Response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
}