/// <summary>
/// 验证请求token是否合法
/// </summary>
/// <param name="token">用户登录token</param>
/// <param name="errCode">错误码</param>
/// <returns>true:非法</returns>
protected bool IsTokenInvalid(string token, out ErrCode errCode)
{
if (string.IsNullOrEmpty(token))
{
errCode = ErrCode.TokenIsNotAllowedEmpty;
return(true);
}
if (!TokenSrv.IsTokenExist(token))
{
errCode = ErrCode.TokenPastDue;
return(true);
}
if (TokenSrv.IsOtherWhereLogin(token))
{
errCode = ErrCode.OtherWhereLogin;
return(true);
}
if (string.IsNullOrEmpty(TokenSrv.GetCustomerIDByToken(token)))
{
errCode = ErrCode.TokenPastDue;
return(true);
}
errCode = 0;
return(false);
}
/// <summary>
/// 验证请求token是否合法
/// </summary>
/// <param name="token">用户登录token</param>
/// <param name="response">response对象</param>
/// <param name="customer">返回当前登录的用户信息</param>
/// <returns>true:非法</returns>
protected bool IsTokenInvalid(string token, out ResponseContext response, out CustomerDetail customer)
{
response = new ResponseContext();
customer = null;
if (string.IsNullOrEmpty(token))
{
response.Head.Ret = -1;
response.Head.Code = ErrCode.TokenIsNotAllowedEmpty;
return(true);
}
bool isOtherWhereLogin = false;
if (!TokenSrv.GetUserByToken(token, out customer, out isOtherWhereLogin))
{
response.Head.Ret = -1;
response.Head.Code = isOtherWhereLogin ? ErrCode.OtherWhereLogin : ErrCode.TokenPastDue;
return(true);
}
if (customer == null)
{
response.Head.Ret = -1;
response.Head.Code = ErrCode.TokenPastDue;
return(true);
}
return(false);
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
var httpRequest = actionContext.Request;
if (httpRequest != null)
{
string requestID = Guid.NewGuid().ToString();
httpRequest.SetRequestID(requestID);
var requestHead = httpRequest.GetRequestHead(actionContext);
string token = requestHead?.Token;
if (!string.IsNullOrEmpty(token))
{
UserInfo user;
//if (TokenSrv.GetUserByToken(token, out customer, out isOtherWhereLogin))
//{
// actionContext.Request.SetLoginCustomer(customer);
//}
if (TokenSrv.WXGetUserByToken(token, out user))
{
actionContext.Request.WXSetLoginUser(user);
}
}
}
}
public ResponseContext <LoginResponseInfo> Register(RequestContext <RegisterInfo> req)
{
ResponseContext <LoginResponseInfo> responseContext = new ResponseContext <LoginResponseInfo>();
if (IsReqParaInvalid(out responseContext, req))
{
return(responseContext);
}
var customer = req.Content;
if (IsReqParaInvalid(out responseContext, customer, customer.CustomerName, customer.PassWord, customer.Email))
{
return(responseContext);
}
LoginResponseInfo responseInfo;
var customerInfo = new CustomerSrv().Register(out responseInfo, customer, AppType, false);
var tokenRes = TokenSrv.GetNewToken(customerInfo);
responseContext.Head.Token = tokenRes.token;
responseContext.Content = responseInfo;
return(responseContext);
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext == null || actionContext.Request == null || actionContext.Request.RequestUri == null)
{
return;
}
//如果header中没有密钥则返回错误
if (isCheckSecret)
{
string secret = ConfigurationManager.AppSettings["AppVisitSecret"];
if (!string.IsNullOrEmpty(secret))
{
IEnumerable <string> headers;
if (!actionContext.Request.Headers.TryGetValues("secret", out headers))
{
actionContext.Response = GernalUnauthorizedResponse(actionContext, ErrCode.Unauthorized);
return;
}
if (headers.Count() == 0 || headers.FirstOrDefault() != secret)
{
actionContext.Response = GernalUnauthorizedResponse(actionContext, ErrCode.Unauthorized);
return;
}
}
}
var requestHead = actionContext.Request.GetRequestHead(actionContext);
//IEnumerable<string> tokens;
//var tokensExist=actionContext.Request.Headers.TryGetValues("token", out tokens);
//if (tokensExist)
//{
// token = tokens.FirstOrDefault();
//}
string token = requestHead?.Token;
bool isTokenEmpty = string.IsNullOrEmpty(token);
if (isTokenEmpty && isDoCheck)
{
ResponseContext result = new ResponseContext();
result.Head.Ret = -1;
result.Head.Code = ErrCode.TokenIsNotAllowedEmpty;
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, result);
return;
}
if (!isTokenEmpty)
{
bool isExist = TokenSrv.IsTokenExist(token);
if (!isExist)
{
if (isDoCheck)
{
ResponseContext result = new ResponseContext();
result.Head.Ret = -1;
result.Head.Code = ErrCode.TokenPastDue;
//if (TokenSrv.IsOtherWhereLogin(token))
//{
// result.Head.Msg = "您的帐号已在其他地方登录,请重新登录!";
//}
actionContext.Response = GernalUnauthorizedResponse(actionContext, result);
base.OnActionExecuting(actionContext);
return;
}
}
}
base.OnActionExecuting(actionContext);
}
