/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext"></param> public void OnActionExecuting(ActionExecutingContext filterContext) { //若为本地测试,则不需要校验 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } //判断是否需要签名 bool needSign = !filterContext.ContainsAttribute <IgnoreSignAttribute>(); //不需要签名 if (!needSign) { return; } //需要签名 var checkSignRes = _checkSignBusiness.IsSecurity(filterContext.HttpContext.ApplicationInstance.Context); if (!checkSignRes.Success) { filterContext.Result = new ContentResult() { Content = checkSignRes.ToJson() }; } }
/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext">过滤器上下文</param> public void OnActionExecuting(ActionExecutingContext filterContext) { var request = filterContext.RequestContext.HttpContext.Request; try { //若为本地测试,则不需要登录 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } //判断是否需要登录 bool needLogin = filterContext.ContainsAttribute <CheckLoginAttribute>() && !filterContext.ContainsAttribute <IgnoreLoginAttribute>(); //转到登录 if (needLogin && !Operator.Logged()) { RedirectToLogin(); } else { return; } } catch (Exception ex) { BusHelper.HandleException(ex); RedirectToLogin(); } void RedirectToLogin() { if (request.IsAjaxRequest()) { filterContext.Result = new ContentResult { Content = new AjaxResult { Success = false, ErrorCode = 1, Msg = "未登录" }.ToJson(), ContentEncoding = Encoding.UTF8, ContentType = "application/json" }; } else { UrlHelper urlHelper = new UrlHelper(filterContext.RequestContext); string loginUrl = urlHelper.Content("~/Home/Login"); string script = $@" <html> <script> top.location.href = '{loginUrl}'; </script> </html> "; filterContext.Result = new ContentResult { Content = script, ContentType = "text/html", ContentEncoding = Encoding.UTF8 }; } } }
/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext">过滤器上下文</param> public void OnActionExecuting(ActionExecutingContext filterContext) { //若为本地测试,则不需要登录 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } //判断是否需要登录 bool needLogin = filterContext.ContainsAttribute <CheckLoginAttribute>() && !filterContext.ContainsAttribute <IgnoreLoginAttribute>(); //转到登录 if (needLogin && !Operator.Logged()) { UrlHelper urlHelper = new UrlHelper(filterContext.RequestContext); string loginUrl = urlHelper.Content("~/Home/Login"); string script = $@" <html> <script> top.location.href = '{loginUrl}'; </script> </html> "; filterContext.Result = new ContentResult { Content = script }; } else { return; } }
/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext">过滤器上下文</param> public void OnActionExecuting(ActionExecutingContext filterContext) { //若为本地测试,则不需要校验 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } AjaxResult res = new AjaxResult(); //判断是否需要校验 bool needCheck = filterContext.ContainsAttribute <CheckAppIdPermissionAttribute>() && !filterContext.ContainsAttribute <IgnoreAppIdPermissionAttribute>(); if (!needCheck) { return; } var allRequestParams = HttpHelper.GetAllRequestParams(filterContext.HttpContext.ApplicationInstance.Context); if (!allRequestParams.ContainsKey("appId")) { res.Success = false; res.Msg = "缺少appId参数!"; filterContext.Result = new ContentResult { Content = res.ToJson(), ContentEncoding = Encoding.UTF8 }; } string appId = allRequestParams["appId"]?.ToString(); var allUrlPermissions = UrlPermissionManage.GetAllUrlPermissions(); string requestUrl = filterContext.HttpContext.Request.Url.ToString().ToLower(); var thePermission = allUrlPermissions.Where(x => requestUrl.Contains(x.Url.ToLower())).FirstOrDefault(); if (thePermission == null) { return; } string needPermission = thePermission.PermissionValue; bool hasPermission = PermissionManage.GetAppIdPermissionValues(appId).Any(x => x.ToLower() == needPermission.ToLower()); if (hasPermission) { return; } else { res.Success = false; res.Msg = "权限不足!访问失败!"; filterContext.Result = new ContentResult { Content = res.ToJson(), ContentEncoding = Encoding.UTF8 }; } }
/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext">过滤器上下文</param> public void OnActionExecuting(ActionExecutingContext filterContext) { //若为本地测试,则不需要校验 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } //判断是否需要校验 bool needCheck = !filterContext.ContainsAttribute <IgnoreUrlPermissionAttribute>(); if (!needCheck) { return; } var allUrlPermissions = _urlPermissionManage.GetAllUrlPermissions(); string requestUrl = filterContext.HttpContext.Request.Url.ToString().ToLower(); var thePermission = allUrlPermissions.Where(x => requestUrl.Contains(x.Url.ToLower())).FirstOrDefault(); if (thePermission == null) { return; } string needPermission = thePermission.PermissionValue; bool hasPermission = _permissionManage.GetOperatorPermissionValues().Any(x => x.ToLower() == needPermission.ToLower()); if (hasPermission) { return; } else { AjaxResult res = new AjaxResult { Success = false, Msg = "权限不足!无法访问!" }; filterContext.Result = new ContentResult { Content = res.ToJson(), ContentEncoding = Encoding.UTF8 }; } }
/// <summary> /// Action执行之前执行 /// </summary> /// <param name="filterContext"></param> public void OnActionExecuting(ActionExecutingContext filterContext) { //若为本地测试,则不需要校验 if (GlobalSwitch.RunModel == RunModel.LocalTest) { return; } //判断是否需要签名 if (filterContext.ContainsAttribute <IgnoreSignAttribute>()) { return; } var request = filterContext.HttpContext.Request; string appId = request.Headers["appId"]?.ToString(); if (appId.IsNullOrEmpty()) { ReturnError("缺少header:appId"); return; } string time = request.Headers["time"]?.ToString(); if (time.IsNullOrEmpty()) { ReturnError("缺少header:time"); return; } if (time.ToDateTime() < DateTime.Now.AddMinutes(-5) || time.ToDateTime() > DateTime.Now.AddMinutes(5)) { ReturnError("time过期"); return; } string guid = request.Headers["guid"]?.ToString(); if (guid.IsNullOrEmpty()) { ReturnError("缺少header:guid"); return; } string guidKey = $"{GlobalSwitch.ProjectName}_apiGuid_{guid}"; if (CacheHelper.Cache.GetCache(guidKey).IsNullOrEmpty()) { CacheHelper.Cache.SetCache(guidKey, "1", new TimeSpan(0, 10, 0)); } else { ReturnError("禁止重复调用!"); return; } string body = request.InputStream.ReadToString(); string sign = request.Headers["sign"]?.ToString(); if (sign.IsNullOrEmpty()) { ReturnError("缺少header:sign"); return; } string appSecret = appSecretBus.GetAppSecret(appId); if (appSecret.IsNullOrEmpty()) { ReturnError("header:appId无效"); return; } string newSign = HttpHelper.BuildApiSign(appId, appSecret, guid, time.ToDateTime(), body); if (sign != newSign) { ReturnError("header:sign签名错误"); return; } void ReturnError(string msg) { AjaxResult res = new AjaxResult { Success = false, Msg = msg }; filterContext.Result = new ContentResult { Content = res.ToJson(), ContentType = "application/json;charset=utf-8" }; } }