public HttpResponseMessage DeleteArticle(string Id)
{
ApiResultViewModel result = new ApiResultViewModel();
//取得使用者ID
string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);
ArticleViewModel ArticleViewModel = articleRepository.GetArticle(Id, UserID);
if (ArticleViewModel == null)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "查無此文章資料!!!";
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
bool IsSuccess = articleRepository.DeleteArticle(Id, UserID);
if (IsSuccess)
{
result.Result = true;
result.Status = ResponseCode.Success.ToString();
result.Message = "刪除成功!!!";
}
else
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "刪除文章資料發生錯誤!!!";
}
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public HttpResponseMessage AddArticle([FromBody] ArticleModel articleModel)
{
ApiResultViewModel result = new ApiResultViewModel();
//驗證欄位資訊
if (!ModelState.IsValid)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = AllShared.GetModelStateError(ModelState);
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
//取得使用者ID
string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);
articleModel.UID = UserID;
bool IsSuccess = articleRepository.AddArticle(articleModel);
if (IsSuccess)
{
result.Result = true;
result.Status = ResponseCode.Success.ToString();
result.Message = "新增成功!!!";
}
else
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "新增資料時發生錯誤!!!";
}
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public HttpResponseMessage UpdateArticle(string Id, [FromBody] ArticleUpdateModel UpdateInfo)
{
ApiResultViewModel result = new ApiResultViewModel();
if (!ModelState.IsValid)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = AllShared.GetModelStateError(ModelState);
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
if (UpdateInfo == null)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "無修改資料相關參數";
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
//取得使用者ID
string UserID = JWTShared.GetUserID(Request.Headers.Authorization.Parameter);
ArticleViewModel ArticleViewModel = articleRepository.GetArticle(Id, UserID);
if (UpdateInfo.Title == null)
{
UpdateInfo.Title = ArticleViewModel.Title;
}
if (UpdateInfo.Content == null)
{
UpdateInfo.Content = ArticleViewModel.Content;
}
if (ArticleViewModel == null)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "查無此文章資料!!!";
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
bool IsSuccess = articleRepository.UpdateArticle(Id, UserID, UpdateInfo);
if (IsSuccess)
{
result.Result = true;
result.Status = ResponseCode.Success.ToString();
result.Message = "修改成功!!!";
}
else
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "修改文章資料發生錯誤!!!";
}
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public HttpResponseMessage Login([FromBody] LoginModel loginModel)
{
ApiResultViewModel result = new ApiResultViewModel();
UserModel userModel = userRepository.GetUser(loginModel.UID, loginModel.Pwd.GetMD5());
if (userModel == null)
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "查無帳號資訊!!!";
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
string token = JWTShared.CreateToken(userModel);
result.Result = true;
result.Status = ResponseCode.Success.ToString();
result.Message = "登入成功!!!";
result.ObjectData = new { token = token };
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
#region IgnoreValidateAttribute判斷
//有掛上這個Attribute的,直接就return掉
if (actionContext.ActionDescriptor.GetCustomAttributes <IgnoreValidateAttribute>(false).Any())
{
return;
}
#endregion
ApiResultViewModel result = new ApiResultViewModel();
#region 判斷有沒有JWT的驗證
//判斷有沒有Header和判斷是不是JWT的Scheme(Bearer)
if (actionContext.Request.Headers.Authorization == null || actionContext.Request.Headers.Authorization.Scheme != "Bearer")
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "驗證Token失敗!!!請確認驗證資料是否正確";
//回傳Response的一種寫法
setErrorResponse(actionContext, result);
return;
}
#endregion
//取得Token 這裡主要取得Header的Authorization屬性
var token = actionContext.Request.Headers.Authorization.Parameter;
result = JWTShared.TokenVerification(token);
#region 驗證Token是否正確
//驗證Token
if (!result.Result)
{
//回傳Response另一種寫法
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, result);
return;
}
#endregion
//取出Token資料
JObject jObject = JObject.Parse(result.ObjectData.ToString());
string UID = jObject["Id"].ToString();
string Role = jObject["role"].ToString();
#region 驗證是否為管理者
//有掛上這個Attribute的,要驗證是否為管理者
if (actionContext.ActionDescriptor.GetCustomAttributes <ManagerOnlyAttribute>(false).FirstOrDefault() != null)
{
if (!Role.Equals("Manager"))
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "此功能需要管理者權限!!!";
result.ObjectData = null;
setErrorResponse(actionContext, result);
return;
}
}
#endregion
#region 驗證是否是同一個人
if (actionContext.ActionDescriptor.GetCustomAttributes <PersonalOnlyAttribute>(false).FirstOrDefault() != null)
{
//取得參數中的Id
string Id = actionContext.ActionArguments["Id"].ToString();
if (!Role.Equals("Manager"))
{
if (!Id.Equals(UID))
{
result.Result = false;
result.Status = ResponseCode.Fail.ToString();
result.Message = "您沒有權限變更他人資料!!!";
result.ObjectData = null;
setErrorResponse(actionContext, result);
return;
}
}
}
#endregion
//if (actionContext.ModelState.IsValid == false)
//{
// actionContext.Response = actionContext.Request.CreateErrorResponse(
// HttpStatusCode.BadRequest, actionContext.ModelState);
//}
base.OnActionExecuting(actionContext);
}