public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
//_logger.Info("executing LoginFilter");
// 对使用AllowAnonymous特性标记的Action不执行验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
// 从url中获取app_token
var token = string.Empty;
var query = actionContext.Request.RequestUri.Query;
if (!string.IsNullOrEmpty(query))
{
var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*");
token = match.Groups[1].Value;
}
if (string.IsNullOrEmpty(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden());
}
CallContext.SetData(Literals.AppTokenName, token);
if (!LoginStatus.HasLogin(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
ApiReturns.TokenExpired());
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
if (actionContext.Request.Method.Method.ToUpper() == "GET")
{
return;
}
// 从url中获取app_token
var token = string.Empty;
var query = actionContext.Request.RequestUri.Query;
if (!string.IsNullOrEmpty(query))
{
var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*");
token = match.Groups[1].Value;
}
if (string.IsNullOrEmpty(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden());
}
var repos = new Repository <SystemUser>();
var leagal = LoginHelper.IsTokenLeagal(token, userId => repos.QuerySingle(u => u.Id == userId)?.Password);
if (leagal)
{
CallContext.SetData(Literals.AppTokenName, token);
return;
}
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
ApiReturns.TokenExpired());
}
