/// <summary>
/// 根据用户名获取token
/// </summary>
/// <param name="appkey"></param>
/// <returns></returns>
public HttpResponseMessage GetToken(string appkey, string appsecret)
{
ResultMsg resultMsg = null;
//判断参数是否合法
if (string.IsNullOrEmpty(appkey))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Message = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
return(HttpResponseExtension.ToJson(resultMsg));
}
//插入缓存
Token token = (Token)HttpRuntime.Cache.Get(appkey);
if (token == null)
{
token = new Token();
token.AppKey = appkey;
token.SignToken = Guid.NewGuid();
token.ExpireTime = DateTime.Now.AddDays(1);
HttpRuntime.Cache.Insert(token.AppKey.ToString(), token, null, token.ExpireTime, TimeSpan.Zero);
}
//返回token信息
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Success;
resultMsg.Message = StatusCodeEnum.Success.GetEnumText();
resultMsg.Data = token;
return(HttpResponseExtension.ToJson(resultMsg));
}
public HttpResponseMessage AddProudct(Product product)
{
var resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.Success,
Info = StatusCodeEnum.Success.GetEnumText(),
Data = product
};
return(HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg)));
}
public HttpResponseMessage GetProduct(string id)
{
var product = new Product {
Id = 1, Name = "哇哈哈", Count = 10, Price = 38.8
};
var resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.Success,
Info = StatusCodeEnum.Success.GetEnumText(),
Data = product
};
return(HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg)));
}
/// <summary>
/// 根据用户名获取token
/// </summary>
/// <param name="staffId"></param>
/// <returns></returns>
public HttpResponseMessage GetToken(string staffId)
{
HttpResponseMsg resultMsg;
int id;
//判断参数是否合法
if (string.IsNullOrEmpty(staffId) || (!int.TryParse(staffId, out id)))
{
resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.ParameterError,
Info = StatusCodeEnum.ParameterError.GetEnumText(),
Data = ""
};
return(HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg)));
}
//插入缓存
TokenInfo token = (TokenInfo)HttpRuntime.Cache.Get(id.ToString());
if (HttpRuntime.Cache.Get(id.ToString()) == null)
{
token = new TokenInfo
{
StaffId = id,
SignToken = Guid.NewGuid(),
ExpireTime = DateTime.Now.AddDays(1)
};
HttpRuntime.Cache.Insert(token.StaffId.ToString(), token, null, token.ExpireTime, TimeSpan.Zero);
}
//返回token信息
resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.Success,
Info = "",
Data = token
};
return(HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg)));
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext filterContext)
{
ResultMsg result = null;
string signKey = string.Empty, timespan = string.Empty, nonce = string.Empty, signature = string.Empty;
//判断请求的消息中是否包括判断参数
var request = filterContext.Request;
if (request.Headers.Contains("signKey"))
{
signKey = request.Headers.GetValues("signKey").FirstOrDefault();
}
if (request.Headers.Contains("timespan"))
{
timespan = request.Headers.GetValues("timespan").FirstOrDefault();
}
if (request.Headers.Contains("nonce"))
{
nonce = request.Headers.GetValues("nonce").FirstOrDefault();
}
if (request.Headers.Contains("signature"))
{
signature = request.Headers.GetValues("signature").FirstOrDefault();
}
//如果方法是GetToken,则不需要验证
if (filterContext.ActionDescriptor.ActionName.ToLower() == "gettoken")
{
if (string.IsNullOrEmpty(signKey) || string.IsNullOrEmpty(timespan) || string.IsNullOrEmpty(nonce))
{
result = new ResultMsg((int)ExceptionStatus.ParameterError, EnumExtension.GetEnumText(ExceptionStatus.ParameterError), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
return;
}
else
{
base.OnActionExecuting(filterContext);
return;
}
}
DbLogger.LogWriteMessage("测试参数");
string signtoken = string.Empty;
//判断是否包含以下参数
if (string.IsNullOrEmpty(signKey) || string.IsNullOrEmpty(timespan) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature))
{
result = new ResultMsg((int)ExceptionStatus.ParameterError, EnumExtension.GetEnumText(ExceptionStatus.ParameterError), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
return;
}
DbLogger.LogWriteMessage("测试是否在有效时间内");
//判断是否在有效时间内
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalMilliseconds;
bool timespanValidate = double.TryParse(timespan, out ts1);
double ts = ts2 - ts1;
bool falg = ts > int.Parse(WebConfig.UrlExpireTime) * 1000;
if (!timespanValidate || falg)
{
result = new ResultMsg((int)ExceptionStatus.URLExpireError, EnumExtension.GetEnumText(ExceptionStatus.URLExpireError), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
return;
}
DbLogger.LogWriteMessage("测试token是否有效");
//判断token是否有效
Token token = HttpRuntime.Cache.Get(string.Format("{0}{1}", WebConfig.signKey, signKey)) as Token;
if (token == null)
{
result = new ResultMsg((int)ExceptionStatus.TokenInvalid, EnumExtension.GetEnumText(ExceptionStatus.TokenInvalid), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
return;
}
else
{
signtoken = token.signToken;
}
DbLogger.LogWriteMessage("判断http调用方式");
string data = string.Empty;
//判断http调用方式
string method = request.Method.Method.ToUpper();
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
NameValueCollection form = HttpContext.Current.Request.QueryString;
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
result = new ResultMsg((int)ExceptionStatus.HttpMehtodError, EnumExtension.GetEnumText(ExceptionStatus.HttpMehtodError), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
break;
}
DbLogger.LogWriteMessage("验证签名信息是否符合");
//验证签名信息是否符合
bool valida = ValidateSign.Validate(signKey, timespan, nonce, signtoken, data, signature);
if (!valida)
{
result = new ResultMsg((int)ExceptionStatus.HttpRequestError, EnumExtension.GetEnumText(ExceptionStatus.HttpRequestError), null);
filterContext.Response = HttpResponseExtension.ToJson(result);
base.OnActionExecuting(filterContext);
return;
}
else
{
base.OnActionExecuting(filterContext);
}
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
HttpResponseMsg resultMsg;
var request = actionContext.Request;
string method = request.Method.Method;
string staffid = String.Empty, timestamp = string.Empty, nonce = string.Empty, signature = string.Empty;
int id;
if (request.Headers.Contains("staffid"))
{
staffid = HttpUtility.UrlDecode(request.Headers.GetValues("staffid").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//GetToken方法不需要进行签名验证
if (actionContext.ActionDescriptor.ActionName == "GetToken")
{
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce)))
{
resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.ParameterError,
Info = StatusCodeEnum.ParameterError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
else
{
base.OnActionExecuting(actionContext);
return;
}
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(staffid) || (!int.TryParse(staffid, out id) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature)))
{
resultMsg = new HttpResponseMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Info = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断timespan是否有效
double ts1;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > int.Parse(WebSettingsConfig.UrlExpireTime) * 1000;
if (falg || (!timespanvalidate))
{
resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.URLExpireError,
Info = StatusCodeEnum.URLExpireError.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
//判断token是否有效
TokenInfo token = (TokenInfo)HttpRuntime.Cache.Get(id.ToString());
if (HttpRuntime.Cache.Get(id.ToString()) == null)
{
resultMsg = new HttpResponseMsg
{
StatusCode = (int)StatusCodeEnum.TokenInvalid,
Info = StatusCodeEnum.TokenInvalid.GetEnumText(),
Data = ""
};
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
var signtoken = token.SignToken.ToString();
//根据请求类型拼接参数
NameValueCollection form = HttpContext.Current.Request.QueryString;
string data;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary <string, string> parameters = new Dictionary <string, string>();
for (int f = 0; f < form.Count; f++)
{
string key = form.Keys[f];
parameters.Add(key, form[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary <string, string> sortedParams = new SortedDictionary <string, string>(parameters);
IEnumerator <KeyValuePair <string, string> > dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new HttpResponseMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Info = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
return;
}
bool result = SignExtension.Validate(timestamp, nonce, id, signtoken, data, signature);
if (!result)
{
resultMsg = new HttpResponseMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Info = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.ToJson(JsonConvert.SerializeObject(resultMsg));
base.OnActionExecuting(actionContext);
}
else
{
base.OnActionExecuting(actionContext);
}
}
