예제 #1
0
        /// <summary>
        /// 验证是否满足特性的限定
        /// </summary>
        /// <param name="httpmethod">http请求方法,即谓词</param>
        /// <param name="method">执行的方法</param>
        /// <returns></returns>
        public static HttpAttribute Verify(string httpmethod, MemberInfo method)
        {
            if ("cache".Equals(httpmethod, StringComparison.CurrentCultureIgnoreCase))
            {
                return(null);
            }
            //如果方法没有设置任何HTTP限制,则不验证
            List <HttpAttribute> https = WeishaAttr.GetAttrs <HttpAttribute>(method);

            if (https.Count < 1)
            {
                return(null);
            }

            //如果是第一次运行,获取所有特性
            Type[] attrs = Initialization();
            //通过http请求的谓词,获取需要验证的特性
            string httpattrname = string.Format("http{0}Attribute", httpmethod);
            Type   type         = null;

            foreach (Type att in attrs)
            {
                if (att.Name.Equals(httpattrname, StringComparison.CurrentCultureIgnoreCase))
                {
                    type = att;
                    break;
                }
            }
            //验证特性
            HttpAttribute attr = null;

            //先验证对象,如果对象需验证,则下面方法全部需要验证登录,除非方法设置了[(Ignore = true)]
            object[] attrsObj = method.DeclaringType.GetCustomAttributes(type, true);
            if (attrsObj.Length > 0)
            {
                attr = attrsObj[0] as HttpAttribute;
            }
            //再验证方法
            object[] attrsMethod = method.GetCustomAttributes(type, true);
            if (attrsMethod.Length > 0)
            {
                HttpAttribute admin = attrsMethod[0] as HttpAttribute;
                if (attr == null)
                {
                    attr = admin;
                }
                if (attr != null && admin.Ignore)
                {
                    attr.Ignore = admin.Ignore;
                }
            }
            if (attr == null || attr.Ignore)
            {
                throw new Exception(string.Format("当前接口方法 {0}.{1} 禁止 HTTP {2} 请求",
                                                  method.DeclaringType.Name, method.Name, httpmethod.ToUpper()));
            }
            return(attr);
        }
예제 #2
0
        /// <summary>
        /// 验证是否满足特性的限定
        /// </summary>
        /// <param name="letter">请求</param>
        /// <param name="method">执行的方法</param>
        /// <returns></returns>
        public static bool Verify(Letter letter, MemberInfo method)
        {
            List <RangeAttribute> ranges = WeishaAttr.GetAttrs <RangeAttribute>(method);

            if (ranges.Count < 1)
            {
                return(true);
            }
            //任意范围,有此特性则直接跳过
            AnywhereAttribute any = WeishaAttr.GetAttr <AnywhereAttribute>(method);

            if (any != null && !any.Ignore)
            {
                return(true);
            }
            //局域网内访问
            if (letter.Sever.IsIntranetIP)
            {
                IntranetAttribute intranet = WeishaAttr.GetAttr <IntranetAttribute>(method);
                if (any != null && !any.Ignore)
                {
                    return(true);
                }
            }
            //本机访问
            if (letter.Sever.IsLocalIP)
            {
                LocalhostAttribute local = WeishaAttr.GetAttr <LocalhostAttribute>(method);
                if (local != null && !local.Ignore)
                {
                    return(true);
                }
            }
            //限制同域
            DomainAttribute domainAttr = WeishaAttr.GetAttr <DomainAttribute>(method);

            if (domainAttr != null && !domainAttr.Ignore)
            {
                string host = letter.Sever.Domain.ToLower();
                if (letter.HTTP_REFERER.ToLower().StartsWith("http://" + host))
                {
                    return(true);
                }
                if (letter.HTTP_REFERER.ToLower().StartsWith("https://" + host))
                {
                    return(true);
                }
            }
            //没有通过,则返回异常
            string msg = string.Empty;

            for (int i = 0; i < ranges.Count; i++)
            {
                if (ranges[i] is LocalhostAttribute)
                {
                    msg += "本机";
                }
                if (ranges[i] is IntranetAttribute)
                {
                    msg += "局域网";
                }
                if (ranges[i] is DomainAttribute)
                {
                    msg += "同域";
                }
                if (i < ranges.Count - 1)
                {
                    msg += ",";
                }
            }
            throw new Exception(string.Format("当前方法访问受限,仅限{0}访问", msg));
            return(false);
        }