public ApiMethod(MethodInfo p_method, ApiCallMode p_callMode, AuthAttribute p_auth, bool p_isTransactional)
{
Method = p_method;
CallMode = p_callMode;
Auth = p_auth;
IsTransactional = p_isTransactional;
}
private List <ActionParameter> GetSystemAllActions()
{
List <ActionParameter> result = new List <ActionParameter>();
Assembly asm = Assembly.GetExecutingAssembly();
var controllerTypes = from t in asm.GetExportedTypes()
where typeof(IController).IsAssignableFrom(t)
select t;
foreach (var c in controllerTypes)
{
if (c.IsDefined(typeof(AllowAnonymousAttribute)))
{
continue;
}
var Controller = c.Name.Replace("Controller", "");
var controllerFullName = c.ToString();
var Area = string.Empty;
int n = controllerFullName.IndexOf(".Areas.", System.StringComparison.Ordinal);
if (n >= 0)
{
n += ".Areas.".Length;
int len = controllerFullName.IndexOf(".", n, System.StringComparison.Ordinal) - n;
Area = controllerFullName.Substring(n, len);
}
var q = asm.GetTypes()
.Where(type => c.IsAssignableFrom(type))//filter controllers
.SelectMany(type => type.GetMethods())
.Where(method => method.IsPublic &&
!method.IsDefined(typeof(NonActionAttribute)) &&
!method.IsDefined(typeof(AllowAnonymousAttribute)));
foreach (var m in q)
{
AuthAttribute Auth = (AuthAttribute)(m.GetCustomAttributes(false).FirstOrDefault(x => x is AuthAttribute));
//if (Auth == null) continue;
if (m.ReturnType != typeof(ActionResult))
{
continue;
}
var Action = m.Name;
var Name = (Auth == null) ? string.Empty : Auth.Name;
var Description = (Auth == null) ? string.Empty : Auth.Description;
var Default = (Auth == null) ? false : Auth.IsDefault;
int Type = (Auth == null) ? 0 : (int)Auth.Type;
result.Add(new ActionParameter()
{
Name = Name,
Description = Description,
Default = (Default) ? 1 : 0,
Area = Area,
Controller = Controller,
Action = Action,
Type = Type,
Disable = 0
});
}
}
return(result);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
filterContext.HttpContext.User = AuthenticatorProvider.GetUser();
var aa = typeof(AllowAnonymousAttribute);
var ad = filterContext.ActionDescriptor;
var skipAuthorization = ad.GetCustomAttributes(aa, true).Any() || ad.ControllerDescriptor.IsDefined(aa, true);
AuthAttribute Auth = null;
if (ad.GetCustomAttributes(typeof(AuthAttribute), true).Any())
{
var list = ad.GetCustomAttributes(typeof(AuthAttribute), true);
Auth = (AuthAttribute)list[0];
}
string clientIp = filterContext.HttpContext.Request.UserHostAddress;
if (Auth != null && Auth.AllowIpList != null && Auth.AllowIpList.Contains(clientIp))
{
return;
}
if (!skipAuthorization)
{
base.OnAuthorization(filterContext);
if (AuthenticatorProvider.GetUser() == null)
{
return;
}
User user = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
var TokensForArea = filterContext.RouteData.DataTokens["area"];
string area = (TokensForArea == null) ? null : TokensForArea.ToString();
var controller = ad.ControllerDescriptor.ControllerName;
var action = ad.ActionName;
string path = (area == null) ? string.Format("/{0}/{1}", controller, action) : string.Format("/{0}/{1}/{2}", area, controller, action);
//log.DebugFormat("{0} {1} {2}", Section.Get.Web.MasterAdmin, user.Account, Section.Get.Web.MasterAdmin.Contains(user.Account));
if (Section.Get.Web.MasterAdmin.Contains(user.Account) && Section.Get.Web.MasterAdminIp.Contains(clientIp))
{
return;
}
if (!user.AuthPath.Contains(path) && (Auth != null && !Auth.IsDefault))
{
object obj;
if (Auth != null)
{
obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)Auth.Type };
}
else
{
obj = new { area = "", controller = "User", action = "AccessDenied", rt = (int)ResponseType.HTML };
}
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(obj));
return;
}
}
}
private string FindControllerAction(HttpListenerContext context)
{
HttpListenerRequest request = context.Request;
string[] urlparts = request.Url.LocalPath.Split(new char[] { '/', '\\', '?' }, StringSplitOptions.RemoveEmptyEntries);
if (urlparts.Length < 2)
{
return(null);
}
string controller = urlparts[0];
string action = urlparts[1];
Assembly curAssembly = Assembly.GetExecutingAssembly();
Type controllerType = curAssembly.GetType($"WebServerProject.Controllers.{controller}Controller", false, true);
if (controllerType == null)
{
return(null);
}
MethodInfo actionMethod = controllerType.GetMethod(action, BindingFlags.Instance | BindingFlags.Public | BindingFlags.IgnoreCase);
if (actionMethod == null)
{
return(null);
}
HttpMethodAttribute attrHttpMethod = actionMethod.GetCustomAttribute <HttpMethodAttribute>();
if (attrHttpMethod == null)
{
attrHttpMethod = new HttpMethodAttribute("get");
}
if (attrHttpMethod.Method.ToLower() != request.HttpMethod.ToLower())
{
return(null);
}
AuthAttribute attrAuth = methodType.GetCustomAttribute <AuthAttribute>();
if (attrAuth != null)
{
if (!data.ContainsKey("user"))
{
throw new UnauthorizedAccessException();
}
}
List <object> paramsToMethod = new List <object>();
NameValueCollection coll = null;
if (request.HttpMethod == "GET")
{
if (urlparts.Length == 2 && actionMethod.GetParameters().Length != 0)
{
return(null);
}
if (urlparts.Length > 2)
{
coll = System.Web.HttpUtility.ParseQueryString(urlparts[2]);
}
}
else if (request.HttpMethod == "POST")
{
string body;
using (StreamReader reader = new StreamReader(request.InputStream))
{
body = reader.ReadToEnd();
}
coll = System.Web.HttpUtility.ParseQueryString(body);
}
else
{
return(null);
}
ParameterInfo[] parameters = actionMethod.GetParameters();
foreach (ParameterInfo pi in parameters)
{
paramsToMethod.Add(Convert.ChangeType(coll[pi.Name], pi.ParameterType));
}
if (paramsToMethod.Count != actionMethod.GetParameters().Length)
{
return(null);
}
BaseController controllerObject = (BaseController)MyWebServer.Services.Resolve(controllerType);
controllerObject.Request = context.Request;
controllerObject.Response = context.Response;
string resp = (string)actionMethod.Invoke(controllerObject, paramsToMethod.ToArray());
return(resp);
}
