/// <summary> /// 验证是否满足特性的限定 /// </summary> /// <param name="httpmethod">http请求方法,即谓词</param> /// <param name="method">执行的方法</param> /// <returns></returns> public static HttpAttribute Verify(string httpmethod, MemberInfo method) { if ("cache".Equals(httpmethod, StringComparison.CurrentCultureIgnoreCase)) { return(null); } //如果方法没有设置任何HTTP限制,则不验证 List <HttpAttribute> https = WeishaAttr.GetAttrs <HttpAttribute>(method); if (https.Count < 1) { return(null); } //如果是第一次运行,获取所有特性 Type[] attrs = Initialization(); //通过http请求的谓词,获取需要验证的特性 string httpattrname = string.Format("http{0}Attribute", httpmethod); Type type = null; foreach (Type att in attrs) { if (att.Name.Equals(httpattrname, StringComparison.CurrentCultureIgnoreCase)) { type = att; break; } } //验证特性 HttpAttribute attr = null; //先验证对象,如果对象需验证,则下面方法全部需要验证登录,除非方法设置了[(Ignore = true)] object[] attrsObj = method.DeclaringType.GetCustomAttributes(type, true); if (attrsObj.Length > 0) { attr = attrsObj[0] as HttpAttribute; } //再验证方法 object[] attrsMethod = method.GetCustomAttributes(type, true); if (attrsMethod.Length > 0) { HttpAttribute admin = attrsMethod[0] as HttpAttribute; if (attr == null) { attr = admin; } if (attr != null && admin.Ignore) { attr.Ignore = admin.Ignore; } } if (attr == null || attr.Ignore) { throw new Exception(string.Format("当前接口方法 {0}.{1} 禁止 HTTP {2} 请求", method.DeclaringType.Name, method.Name, httpmethod.ToUpper())); } return(attr); }
/// <summary> /// 验证是否满足特性的限定 /// </summary> /// <param name="letter">请求</param> /// <param name="method">执行的方法</param> /// <returns></returns> public static bool Verify(Letter letter, MemberInfo method) { List <RangeAttribute> ranges = WeishaAttr.GetAttrs <RangeAttribute>(method); if (ranges.Count < 1) { return(true); } //任意范围,有此特性则直接跳过 AnywhereAttribute any = WeishaAttr.GetAttr <AnywhereAttribute>(method); if (any != null && !any.Ignore) { return(true); } //局域网内访问 if (letter.Sever.IsIntranetIP) { IntranetAttribute intranet = WeishaAttr.GetAttr <IntranetAttribute>(method); if (any != null && !any.Ignore) { return(true); } } //本机访问 if (letter.Sever.IsLocalIP) { LocalhostAttribute local = WeishaAttr.GetAttr <LocalhostAttribute>(method); if (local != null && !local.Ignore) { return(true); } } //限制同域 DomainAttribute domainAttr = WeishaAttr.GetAttr <DomainAttribute>(method); if (domainAttr != null && !domainAttr.Ignore) { string host = letter.Sever.Domain.ToLower(); if (letter.HTTP_REFERER.ToLower().StartsWith("http://" + host)) { return(true); } if (letter.HTTP_REFERER.ToLower().StartsWith("https://" + host)) { return(true); } } //没有通过,则返回异常 string msg = string.Empty; for (int i = 0; i < ranges.Count; i++) { if (ranges[i] is LocalhostAttribute) { msg += "本机"; } if (ranges[i] is IntranetAttribute) { msg += "局域网"; } if (ranges[i] is DomainAttribute) { msg += "同域"; } if (i < ranges.Count - 1) { msg += ","; } } throw new Exception(string.Format("当前方法访问受限,仅限{0}访问", msg)); return(false); }