/// <summary>
/// 时间签名校验
/// </summary>
/// <param name="signTime"></param>
/// <returns></returns>
protected bool CheckSignTime(string signTime)
{
try
{
if (!string.IsNullOrEmpty(signTime))
{
//获取请求签名时间
var strTime = APIAESTool.AesDecrypt(signTime);
//时间转换
var time = strTime.ToDateTimeReq();
//得到客户端发起请求时间与当前时间差
var ts = DateTime.Now - time;
//时间范围内
if (ts.TotalSeconds <= 2 * 60)
{
return(true);
}
}
}
catch (Exception)
{
return(false);
}
return(false);
}
public object GetList(string signTime = "2018-05-21 08:55:00")
{
signTime = APIAESTool.AesEncrypt(signTime);
if (!string.IsNullOrEmpty(signTime))
{
var isSign = CheckSignTime(signTime);
if (!isSign)
{
return(Json(APIResult.GetErrorResult(MsgCode.SignTimeError)));
}
}
return(APIResult.GetSuccessResult("token验证通过,已取得数据!"));
}
public object UpdatePwd(UserPwd model)
{
if (model == null)
{
return(Json(APIResult.GetErrorResult("请输入旧密码!")));
}
string oldpwd = model.oldpwd;
string pwd = model.pwd;
if (string.IsNullOrWhiteSpace(oldpwd))
{
return(Json(APIResult.GetErrorResult("请输入旧密码!")));
}
if (string.IsNullOrWhiteSpace(pwd))
{
return(Json(APIResult.GetErrorResult("请输入新密码!")));
}
if (pwd.Equals(oldpwd))
{
return(Json(APIResult.GetErrorResult("新密码不能和旧密码相同!")));
}
oldpwd = APIAESTool.AesDecrypt(oldpwd);
oldpwd = DesTool.DesEncrypt(oldpwd);
pwd = APIAESTool.AesDecrypt(pwd);
pwd = DesTool.DesEncrypt(pwd);
var user = CurrentUserView;
if (user != null)
{
using (ClientSiteClientProxy proxy = new ClientSiteClientProxy(ProxyEx(user)))
{
var result = proxy.UpdatePassword(user.UserId, oldpwd, pwd);
if (result.Flag == EResultFlag.Success)
{
return(Json(APIResult.GetSuccessResult("密码修改成功!")));
}
return(Json(APIResult.GetErrorResult(MsgCode.CommonError, result.Exception.Decription)));
}
}
return(Json(APIResult.GetErrorResult(MsgCode.InvalidToken)));
}
/// <summary>
/// 执行登录
/// </summary>
/// <param name="user"></param>
/// <param name="pwd">OCeSdjE6K7zhDnoxh07rqg==,是111111的aes加密结果,DF57306D30FED672是平台111111加密结果</param>
/// <param name="type"></param>
/// <param name="token">登录成功输出token</param>
/// <returns></returns>
private bool login(string user, string pwd, int sys, out string token)
{
//移动端过来的密码先通过通用解密,再通过c#加密
pwd = APIAESTool.AesDecrypt(pwd);
pwd = DesTool.DesEncrypt(pwd);
token = "";
#region 调用基础平台验证用户账号密码
if (IsOpenHbLogin == "1")
{
string url = LoginUrl + "?RequestParam={%22Param%22:{%22envRoot%22:{%22Product%22:%22BIM%22},%22paramRoot%22:{%22UserName%22:%22" + user + "%22,%22UserPass%22:%22" + pwd + "%22}}}";
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
request.Method = "GET";
request.ContentType = "multipart/form-data";
string responseStr = string.Empty;
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.GetEncoding("UTF-8"));
responseStr = reader.ReadToEnd().ToString();
reader.Close();
LoginResult result = null;
if (!string.IsNullOrEmpty(responseStr))
{
result = JsonConvert.DeserializeObject <LoginResult>(responseStr);//将文件信息json字符
}
if (result == null || result.errorCode != "0")
{
return(false);
}
}
}
#endregion
//获取数据库用户信息
Result <UserView> login = new Result <UserView>();
using (ClientSiteClientProxy proxy = new ClientSiteClientProxy(ProxyEx("")))
{
login = proxy.Login(user, pwd, IsOpenHbLogin);
}
if (login.Flag == 0 && login.Data != null)
{
string tempToken = sys == 1 ? login.Data.AndroidToken : login.Data.IosToken;//模拟用户数据库中的token
//先去数据库查询该用户是否有token,没有则生成token
if (!string.IsNullOrEmpty(tempToken))
{
DateTime expiryTime = sys == 1 ? login.Data.AndroidTokenTime.Value : login.Data.IosTokenTime.Value;//模拟用户数据库中的token过期时间
//如果用户有token,检查是否在有效期
if (DateTime.Now <= expiryTime)
{
token = tempToken;
}
}
//无token或不在有效期则生成新token
if (string.IsNullOrEmpty(token))
{
token = CreateToken(sys);
}
using (ClientSiteClientProxy proxy = new ClientSiteClientProxy(ProxyEx(login.Data)))
{
Result <Base_User> baseUser = proxy.GetUserModel(login.Data.UserId);
Base_User u = baseUser.Data;
if (sys == 1)
{
u.AndroidToken = token;
u.AndroidTokenTime = DateTime.Now.AddDays(7);
}
else
{
u.IosToken = token;
u.IosTokenTime = DateTime.Now.AddDays(7);
}
var xxx = proxy.UpdateUser(u);
}
//TODO:因目前的token只是一个验证凭据,本身不附带业务信息,所以加密需求不强,但一定要使用https连接;如后期有扩展token需求,需要做加密或签名操作
return(true);
}
else
{
return(false);
}
}
