private static APICryptoResult ValidToken(Func <string, string> hash, Func <string, string, string> decrypt, string securityKey, string token) { var result = APICrypto.Decrypt(hash, decrypt, securityKey, token); if (result.Success) { var clientTime = new DateTime(result.Timestamp); //防止重放请求,防止服务器时间不一致 if (DateTime.Now.Subtract(clientTime) > timeOut) { result.Success = false; result.Message = "该请求已过期"; return(result); } else { if (Memcached.AddCacheExplicit(result.Id, DateTime.Now.ToString("G"), (int)timeOut.TotalMinutes)) { return(result); } else { if (Memcached.GetCache(result.Id) != null) { //如果已存在KEY,则为重放请求 result.Success = false; result.Message = "token已过期"; return(result); } else { logger.Info("缓存服务异常,身份验证已放行"); //缓存服务异常 return(result); } } } } else //签名不合法 { result.Success = false; result.Message = "无效的token"; return(result); } }
/// <summary> /// 生成token /// </summary> /// <param name="securityKey">密钥</param> /// <param name="authInfo">附加信息</param> public static APICryptoResult Generate(string securityKey, string authInfo) { return(APICrypto.Encrypt(securityKey, authInfo)); }