private void HandleUnauthorizedRequest( AuthorizationContext filterContext, AuthorizeResult authorizeResult )
{
filterContext.Result = new HttpStatusCodeResult( authorizeResult.StatusCodeAsInt );
}
/// <summary>
/// Stop processing the action and return HttpUnauthorizedResult
/// </summary>
/// <param name="filterContext">The filter context</param>
/// <param name="authorizeResult">The authorize result</param>
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext, AuthorizeResult authorizeResult)
{
// let the application handle itself
//if (authorizeResult == AuthorizeResult.FailedNotLoggedIn)
//{
// filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
// return;
//}
// handle the unauthorized request
if (ActiveRoleEngine.ProcessUnauthorizedRequest != null)
{
ActiveRoleEngine.ProcessUnauthorizedRequest(filterContext, authorizeResult);
}
else
{
// if the ProcessUnauthorizedRequest is not defined, return 403 forbidden code
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
}
/// <inheritdoc />
/// <summary>
/// Called when authorization is required.
/// </summary>
/// <param name="filterContext">The filter context</param>
/// <exception cref="T:System.ArgumentNullException">filterContext</exception>
/// <exception cref="T:System.InvalidOperationException">ActivePermissionAttribute: Cannot Use Within Child Action Cache</exception>
public void OnAuthorization(AuthorizationContext filterContext)
{
//filterContext.Controller.ControllerContext.
if (filterContext == null)
{
throw new ArgumentNullException(nameof(filterContext));
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
// If a child action cache block is active, we need to fail immediately, even if authorization
// would have succeeded. The reason is that there's no way to hook a callback to rerun
// authorization before the fragment is served from the cache, so we can't guarantee that this
// filter will be re-run on subsequent requests.
// MvcResources.AuthorizeAttribute_CannotUseWithinChildActionCache
throw new InvalidOperationException("ActivePermissionAttribute: Cannot Use Within Child Action Cache");
}
#region Skip Authorization
/*
* Skip the authorization if
* - Controller / Action has AllowAnonymousAttribute
* - Action is NonAction
* - Action is child action
*
* */
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true) ||
filterContext.ActionDescriptor.IsDefined(typeof(NonActionAttribute), inherit: true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true))
{
return;
}
// Authorization must be done at Root action
if (filterContext.IsChildAction)
{
return;
}
#endregion Skip Authorization
AuthorizeResult authorizeResult = AuthorizeUser(filterContext);
if (authorizeResult == AuthorizeResult.Success)
{
// ** IMPORTANT **
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
// add the authorization handler for cache
// data is filterContext
cachePolicy.AddValidationCallback(CacheAuthorizationHandler, filterContext);
}
else
{
HandleUnauthorizedRequest(filterContext, authorizeResult);
// Always set the filterContext.Result to stop processing the action
if (filterContext.Result == null)
{
filterContext.Result = new EmptyResult();
}
}
}
public CafeAuthResult EndLogin(IAsyncResult asyncResult)
{
LoginResponse loginResponse = this.connection.EndLogin(asyncResult);
if (loginResponse == null)
{
Log <CafeAuthService> .Logger.Warn("Failed to connect to Session server while processing AsyncResult.");
return(null);
}
Log <CafeAuthService> .Logger.InfoFormat("Initial response received from Session server: [{0}]", loginResponse);
if (loginResponse.Option == Option.NoOption && (loginResponse.Result == AuthorizeResult.Allowed || loginResponse.Result == AuthorizeResult.Terminate))
{
Log <CafeAuthService> .Logger.ErrorFormat("Unexpected response from Session server: [{0}]", loginResponse);
}
AuthorizeResult result = loginResponse.Result;
Option option = loginResponse.Option;
bool reloginRequired = false;
bool isShutDownEnabled = false;
int pcroomNo = 0;
if (loginResponse.ExtendInfos != null)
{
if (loginResponse.ExtendInfos.IsShutDownEnabled)
{
result = AuthorizeResult.Terminate;
option = Option.AccountShutdowned;
}
if (loginResponse.ExtendInfos.IsNeedShutDown)
{
if (loginResponse.ExtendInfos.ShutDownErrorCode == PolicyInfoErrorCode.CannotAutholizing || loginResponse.ExtendInfos.ShutDownErrorCode == PolicyInfoErrorCode.CannotFindAgeInfo)
{
reloginRequired = true;
}
else if (loginResponse.ExtendInfos.ShutDownErrorCode != PolicyInfoErrorCode.Success)
{
isShutDownEnabled = true;
}
}
else if (loginResponse.ExtendInfos.ShutDownTime != DateTime.MinValue)
{
double totalMinutes = (loginResponse.ExtendInfos.ShutDownTime - DateTime.Now).TotalMinutes;
int num;
if (totalMinutes <= 30.0)
{
num = 0;
}
else
{
num = (int)(totalMinutes - 30.0);
}
if (!this.ScheduleShutdownMessageNexonID.Contains(loginResponse.NexonID))
{
this.ScheduleShutdownMessageNexonID.Add(loginResponse.NexonID);
Scheduler.Schedule(base.Thread, Job.Create <Option, ExtendInformation, int, string>(new Action <Option, ExtendInformation, int, string>(this.NotifyMessage), Option.NoOption, loginResponse.ExtendInfos, 0, loginResponse.NexonID), num * 60 * 1000);
}
Scheduler.Schedule(base.Thread, Job.Create <string>(new Action <string>(this.Kick_User), loginResponse.NexonID), (int)totalMinutes * 60 * 1000 + 300000);
}
if (loginResponse.ExtendInfos.PCRoomNo > 0)
{
pcroomNo = loginResponse.ExtendInfos.PCRoomNo;
}
}
return(new CafeAuthResult
{
Result = result,
Option = option,
SessionNo = loginResponse.SessionNo,
IsShutDownEnabled = isShutDownEnabled,
CafeLevel = 1,
ReloginRequired = reloginRequired,
PCRoomNo = pcroomNo
});
}
/// <summary>
/// 执行中间件拦截逻辑
/// </summary>
/// <param name="context">Http上下文</param>
public async Task Invoke(HttpContext context)
{
// 如果是匿名访问路径,则直接跳过
if (_anonymousPathList.Contains(context.Request.Path.Value))
{
await _next(context);
return;
}
var result = context.Request.Headers.TryGetValue("Authorization", out var authStr);
if (!result || string.IsNullOrWhiteSpace(authStr.ToString()))
{
throw new UnauthorizedAccessException("未授权,请传递Header头的Authorization参数");
}
// 校验以及自定义校验
var codeResult = _tokenValidator.Validate(authStr.ToString().Substring("Bearer ".Length).Trim(), _options,
_validatePayload);
if (codeResult == Code.Ok)
{
await _next(context);
}
else
{
var content = new AuthorizeResult(codeResult, codeResult.Description());
switch (codeResult)
{
case Code.Ok:
break;
case Code.Unauthorized:
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.TokenInvalid:
context.Response.StatusCode = (int)HttpStatusCode.OK;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.Forbidden:
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.NoFound:
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.MethodNotAllowed:
context.Response.StatusCode = (int)HttpStatusCode.MethodNotAllowed;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.HttpRequestError:
context.Response.StatusCode = (int)HttpStatusCode.NotAcceptable;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.Locked:
context.Response.StatusCode = (int)HttpStatusCode.Locked;
await context.Response.WriteAsync(content.ToJson());
break;
case Code.Error:
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
await context.Response.WriteAsync(content.ToJson());
break;
default:
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await context.Response.WriteAsync(content.ToJson());
break;
}
return;
}
//if (!result)
//{
// //var content = new AuthorizeResult(codeResult, codeResult.Description());
// //await context.Response.WriteAsync(content.ToJson());
// ////context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
// //return;
// throw new UnauthorizedAccessException("验证失败,请查看传递的参数是否正确或是否有权限访问该地址。");
//}
//await _next(context);
}
public Message GetLogin(string email, string password, string clientId)
{
try
{
WebOperationContext current = WebOperationContext.Current;
if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(clientId))
{
return(ExtHttp.GetJsonStream(new AuthorizeResult {
Error = "Denied! Inputs wrong "
}, current));
}
using (GamePortalEntities gamePortal = new GamePortalEntities())
{
AuthorizeResult result = new AuthorizeResult();
ApiUser apiUser = gamePortal.ApiUsers.FirstOrDefault(p => p.email == email);
User gpUser;
//регистрируем пользоваеля
if (apiUser == null)
{
gpUser = new User()
{
Login = Guid.NewGuid().ToString()
};
gamePortal.Users.Add(gpUser);
apiUser = new ApiUser()
{
uid = gpUser.Login, first_name = email.Split('@')[0], last_name = "", photo = "", ClientId = clientId
};
gpUser.ApiUsers.Add(apiUser);
}
else
{
gpUser = apiUser.User;
}
//Если пароль устанавливается впервые
if (string.IsNullOrWhiteSpace(gpUser.Password))
{
if (!string.IsNullOrWhiteSpace(password))
{
gpUser.Password = password;
}
else
{
result.Error += "Error! Password is not set. Set password. ";
}
}
//Если устанавливается новый email
if (!string.IsNullOrWhiteSpace(email))
{
if (apiUser.email != email)
{
if (gpUser.Password == password)
{
apiUser.emailConfirm = false;
apiUser.email = email;
}
else
{
result.Error += "Error set email! Password wrong. ";
}
}
}
//Если email не подтвержён
if (string.IsNullOrWhiteSpace(apiUser.email))
{
result.Error += "Error! Email is empty. Set your email. ";
}
else if (!apiUser.email.Contains('@'))
{
result.Error += "Error! Email is not correct. Check your email. ";
}
else if (!apiUser.emailConfirm)
{
result.Error += "Error! Email is not confirmed. ";
DateTimeOffset dateTimeNow = DateTimeOffset.UtcNow;
if (apiUser.resetPswDate == null || (dateTimeNow - apiUser.resetPswDate.Value).TotalMinutes > 15)
{
try
{
apiUser.resetPswCode = Guid.NewGuid().ToString();
apiUser.resetPswDate = dateTimeNow;
MyLibrary.EMail.Send(apiUser.email, "AGOT: online", $"<a href='http://lantsev1981.pro:6999/WebHttpService/ChangeEmail/?code={apiUser.resetPswCode}'>Click the link to confirm the email.</a>", null, true);
result.Error += $"Attention! Confirmation link was send to address '{apiUser.email.Substring(0, 5)}...'. Click the link in your email. ";
}
catch
{
apiUser.resetPswCode = null;
apiUser.resetPswDate = dateTimeNow;
result.Error += "Error! Confirmation link not send! Try again in 15 minutes. ";
}
}
else
{
result.Error += $"Denied! Confirmation link not send! Try again in {15 - (int)(dateTimeNow - apiUser.resetPswDate.Value).TotalMinutes} minutes. ";
}
}
//Если изменился ключ доступа
if (apiUser.ClientId != clientId)
{
if (gpUser.Password == password)
{
apiUser.ClientId = clientId;
apiUser.LastConnection = DateTimeOffset.UtcNow;
gpUser.Version = Guid.NewGuid();
}
else
{
result.Error += "Error update profile! Password wrong. ";
}
}
else
{
apiUser.LastConnection = DateTimeOffset.UtcNow;
gpUser.Version = Guid.NewGuid();
}
gamePortal.SaveChanges();
if (apiUser.ClientId == clientId)
{
result.Email = apiUser.email;
}
if (string.IsNullOrWhiteSpace(result.Error))
{
result.Login = gpUser.Login;
}
return(ExtHttp.GetJsonStream(result, current));
}
}
catch (Exception exp)
{
GameService.GameException.NewGameException(null, "GetLogin", exp, false);
return(null);
}
}
