public IActionResult getAccountLogin([FromBody] AccountReq req)
{
var res = new SingleRsp();
res = _svc.Login(req.Email, req.Password);
return(Ok(res));
}
public override async Task <VoidRsp> SaveAsync(AccountReq req)
{
VoidRsp rsp = new VoidRsp();
//数据校验
try
{
using (var scope = _accountRep.GetTransScope())
{
await this._accountRep.UpdateUserInfoAsync(req);
req.Saving.Account = req.Name;
await this._accountRep.UpdateAccountSavingAsync(req.Saving);
await this._accountRep.DeleteIncomesAsync(req.Name);
await this._accountRep.DeleteExpensesAsync(req.Name);
await this._accountRep.AddIncomesAsync(req.Name, req.Incomes);
await this._accountRep.AddExpensesAsync(req.Name, req.Expenses);
Logger.Debug("SaveAsync Receieve Data:{0}", req.ToString());
//调用远端服务
var statClient = ClientProxy.GetClient <StatisticServiceClient>();
var statRsp = await statClient.UpdateStatisticsAsync(req);
if (statRsp.Status != 0)
{
rsp.Status = statRsp.Status;
rsp.Message = statRsp.Message;
return(rsp);
}
scope.Complete();
}
Logger.Debug("add account stat success");
}
catch (Exception ex) {
rsp.Status = -1;
rsp.Message = ex.Message + ex.StackTrace;
Logger.Error(ex, "save error:" + ex.Message + ex.StackTrace);
}
return(new VoidRsp());
}
public SingleRsp CreateAccount(AccountReq acc)
{
var res = new SingleRsp();
var accNew = new Accounts()
{
RoleId = acc.RoleId,
UserName = acc.UserName,
UserPassword = acc.UserPassword,
Notes = acc.Notes
};
res = _rep.CreateAccount(accNew);
return(res);
}
public SingleRsp UpdateAccount(AccountReq acc)
{
var res = new SingleRsp();
var accUpdate = new Accounts()
{
AccountId = acc.AccountId,
RoleId = acc.RoleId,
UserName = acc.UserName,
UserPassword = acc.UserPassword,
Notes = acc.Notes
};
res = _rep.UpdateAccount(accUpdate);
return(res);
}
public SingleRsp CreateAccount(AccountReq acc)
{
var res = new SingleRsp();
var accNew = new Accounts()
{
Email = acc.Email,
Password = acc.Password,
DisplayName = acc.DisplayName,
AvatarURL = acc.AvatarURL,
Gender = acc.Gender,
YearOfBirth = acc.YearOfBirth
};
res = _rep.CreateAccount(accNew);
return(res);
}
public SingleResponse UpdateAccount(AccountReq req)
{
//Khởi tạo
var result = new SingleResponse();
CusAccount account = new CusAccount();
//Gán
account.PhoneNumber = req.PhoneNumber;
account.Password = req.Password;
account.AccountType = req.AccountType;
account.AccountCreatedDate = req.AccountCreatedDate;
account.AccountStatus = req.AccountStatus;
account.Note = req.Note;
//Trả về
result = base.Update(account);
result.Data = account;
return(result);
}
public SingleResponse CreateAccount(AccountReq req)
{
//Khởi tạo
var result = new SingleResponse();
EmpAccount account = new EmpAccount();
//Gán
account.PhoneNumber = req.PhoneNumber;
account.Password = PasswordHasher.HashPassword(req.Password);
account.AccountType = req.AccountType;
account.AccountCreatedDate = req.AccountCreatedDate;
account.AccountStatus = req.AccountStatus;
account.Note = req.Note;
//Trả về
result = base.Create(account); //base gọi lớp cha
result.Data = account;
return(result);
}
//Bị SQL Injection
//123456789' OR 1=1 --
//123456789' DROP TABLE Test --
public object LoginByADO(AccountReq req)
{
List <object> list = new List <object>();
var connectString = (SqlConnection)_context.Database.GetDbConnection();
if (connectString.State == System.Data.ConnectionState.Closed)
{
connectString.Open();
}
try
{
string strsql = "SELECT * FROM Personal_Information WHERE Account = '" + req.Account + "' AND Pass = '******';";
SqlCommand cmd = new SqlCommand(strsql, connectString);
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
SqlCommand command = new SqlCommand(strsql, connectString);
try
{
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
var data = new
{
Account = reader[0],
Pass = reader[1],
LastName = reader[2],
FristName = reader[3]
};
list.Add(data);
}
reader.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
catch (Exception ex)
{
}
return(list);
}
public object CheckLogin(AccountReq req)
{
//Tìm theo account
var search = _context.Personal_Information.FirstOrDefault(value => value.Account == req.Account);
//Khởi tạo giá trị trả về
Boolean resultAccount = false;
Boolean resultPassword = false;
String account = null;
String phoneNumber = null;
String email = null;
if (search != null)
{
resultAccount = true;
//Tìm thấy
if (search.Pass.Equals(req.Password)) //Kiểm tra mật khẩu
{
resultPassword = true;
account = search.Account;
phoneNumber = search.PhoneNumber;
email = search.Email;
}
}
//Giá trị
var data = new
{
ResultAccount = resultAccount,
ResultPassword = resultPassword,
Account = account,
PhoneNumber = phoneNumber,
Email = email
};
//Kết quả
var result = new
{
Data = data,
Success = true
};
//Trả về kết quả
return(result);
}
public IActionResult Login(AccountReq req)
{
IActionResult response = Unauthorized(); //Không được phép
var user = _svc.AuthenticateUser(req); //Truyền tài khoản
if (user != null)
{
var tokenStr = GenerateJSONWebToken(user);
response = Ok(new
{
token = tokenStr,
account = user.Account
}); //Response token
CreateAccessTokenCookie(tokenStr); //Create Cookie
HttpContext.Session.SetString("AccountSession", user.Account); //Create account session
HttpContext.Session.SetString("TookenSession", tokenStr); //Create tooken session
}
return(response);
}
public IActionResult DeleteAccount([FromBody] AccountReq req)
{
var res = _svc.DeleteAccount(req.AccountId);
return(Ok(res));
}
public IActionResult UpdateAccount([FromBody] AccountReq req)
{
var res = _svc.UpdateAccount(req);
return(Ok(res));
}
public IActionResult CreateAccount([FromBody] AccountReq req)
{
var result = _svc.CreateAccount(req);
return(Ok(result));
}
internal Task UpdateUserInfoAsync(AccountReq account)
{
string sql = "UPDATE `user_info` SET `last_seen_time`=now(),`note`=@Note WHERE account=@Name";
return(base.ExcuteAsync(sql, account));
}
public Personal_Information AuthenticateUser(AccountReq req)
{
var res = _rep.AuthenticateUser(req);
return(res);
}
public object CheckLogin(AccountReq req)
{
return(_rep.CheckLogin(req));
}
public IActionResult CheckLogin(AccountReq req)
{
var result = _svc.CheckLogin(req);
return(Ok(result));
}
public object LoginByADO(AccountReq req)
{
return(_svc.LoginByADO(req));
}
public override async Task <VoidRsp> UpdateStatisticsAsync(AccountReq request)
{
var rsp = new VoidRsp();
try
{
DataPoint dp = new DataPoint()
{
Account = request.Name,
Date = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")
};
double incomeAmout = 0;
double expenseAmout = 0;
foreach (var income in request.Incomes)
{
var item = new ItemMetric()
{
Title = income.Title,
Amount = ConvertToRMB(income.Currency, income.Amount)
};
dp.Incomes.Add(item);
incomeAmout += item.Amount;
}
foreach (var expense in request.Expenses)
{
var item = new ItemMetric()
{
Title = expense.Title,
Amount = ConvertToRMB(expense.Currency, expense.Amount)
};
dp.Expenses.Add(item);
expenseAmout += item.Amount;
}
var incomeDps = new DataPointStat()
{
Amount = incomeAmout,
StatMetric = StatMetric.Saving
};
var expenseDps = new DataPointStat()
{
Amount = expenseAmout,
StatMetric = StatMetric.Saving
};
var savingDps = new DataPointStat()
{
Amount = ConvertToRMB(request.Saving.Currency, request.Saving.Amount),
StatMetric = StatMetric.Saving
};
dp.Stat.Add(incomeDps);
dp.Stat.Add(expenseDps);
dp.Stat.Add(savingDps);
//操作数据库
using (var trans = _repo.GetTransScope())
{
int dpId = await _repo.SaveDataPointAsync(dp);
if (dpId <= 0)
{
throw new RpcBizException("save datapoint error");
}
_repo.SaveDataPointIncomesAsync(dpId, dp.Incomes);
_repo.SaveDataPointExpensesAsync(dpId, dp.Expenses);
_repo.SaveDataPointRateAsync(dpId, _rateService.GetRates());
_repo.SaveDataPointStatAsync(dpId, dp.Stat);
trans.Complete();
}
}
catch (Exception ex)
{
rsp.Status = -1;
rsp.Message = ex.Message;
Logger.Error(ex, "Update Statistics Erorr:" + ex.Message + ex.StackTrace);
}
return(rsp);
}
public Personal_Information AuthenticateUser(AccountReq req)
{
var res = _context.Personal_Information.FirstOrDefault(variable => variable.Account.Equals(req.Account) && variable.Pass.Equals(req.Password));
return(res);
}
