/// <summary> /// 验证请求token是否合法 /// </summary> /// <param name="token">用户登录token</param> /// <param name="errCode">错误码</param> /// <returns>true:非法</returns> protected bool IsTokenInvalid(string token, out ErrCode errCode) { if (string.IsNullOrEmpty(token)) { errCode = ErrCode.TokenIsNotAllowedEmpty; return(true); } if (!TokenSrv.IsTokenExist(token)) { errCode = ErrCode.TokenPastDue; return(true); } if (TokenSrv.IsOtherWhereLogin(token)) { errCode = ErrCode.OtherWhereLogin; return(true); } if (string.IsNullOrEmpty(TokenSrv.GetCustomerIDByToken(token))) { errCode = ErrCode.TokenPastDue; return(true); } errCode = 0; return(false); }
/// <summary> /// 验证请求token是否合法 /// </summary> /// <param name="token">用户登录token</param> /// <param name="response">response对象</param> /// <param name="customer">返回当前登录的用户信息</param> /// <returns>true:非法</returns> protected bool IsTokenInvalid(string token, out ResponseContext response, out CustomerDetail customer) { response = new ResponseContext(); customer = null; if (string.IsNullOrEmpty(token)) { response.Head.Ret = -1; response.Head.Code = ErrCode.TokenIsNotAllowedEmpty; return(true); } bool isOtherWhereLogin = false; if (!TokenSrv.GetUserByToken(token, out customer, out isOtherWhereLogin)) { response.Head.Ret = -1; response.Head.Code = isOtherWhereLogin ? ErrCode.OtherWhereLogin : ErrCode.TokenPastDue; return(true); } if (customer == null) { response.Head.Ret = -1; response.Head.Code = ErrCode.TokenPastDue; return(true); } return(false); }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); var httpRequest = actionContext.Request; if (httpRequest != null) { string requestID = Guid.NewGuid().ToString(); httpRequest.SetRequestID(requestID); var requestHead = httpRequest.GetRequestHead(actionContext); string token = requestHead?.Token; if (!string.IsNullOrEmpty(token)) { UserInfo user; //if (TokenSrv.GetUserByToken(token, out customer, out isOtherWhereLogin)) //{ // actionContext.Request.SetLoginCustomer(customer); //} if (TokenSrv.WXGetUserByToken(token, out user)) { actionContext.Request.WXSetLoginUser(user); } } } }
public ResponseContext <LoginResponseInfo> Register(RequestContext <RegisterInfo> req) { ResponseContext <LoginResponseInfo> responseContext = new ResponseContext <LoginResponseInfo>(); if (IsReqParaInvalid(out responseContext, req)) { return(responseContext); } var customer = req.Content; if (IsReqParaInvalid(out responseContext, customer, customer.CustomerName, customer.PassWord, customer.Email)) { return(responseContext); } LoginResponseInfo responseInfo; var customerInfo = new CustomerSrv().Register(out responseInfo, customer, AppType, false); var tokenRes = TokenSrv.GetNewToken(customerInfo); responseContext.Head.Token = tokenRes.token; responseContext.Content = responseInfo; return(responseContext); }
public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext == null || actionContext.Request == null || actionContext.Request.RequestUri == null) { return; } //如果header中没有密钥则返回错误 if (isCheckSecret) { string secret = ConfigurationManager.AppSettings["AppVisitSecret"]; if (!string.IsNullOrEmpty(secret)) { IEnumerable <string> headers; if (!actionContext.Request.Headers.TryGetValues("secret", out headers)) { actionContext.Response = GernalUnauthorizedResponse(actionContext, ErrCode.Unauthorized); return; } if (headers.Count() == 0 || headers.FirstOrDefault() != secret) { actionContext.Response = GernalUnauthorizedResponse(actionContext, ErrCode.Unauthorized); return; } } } var requestHead = actionContext.Request.GetRequestHead(actionContext); //IEnumerable<string> tokens; //var tokensExist=actionContext.Request.Headers.TryGetValues("token", out tokens); //if (tokensExist) //{ // token = tokens.FirstOrDefault(); //} string token = requestHead?.Token; bool isTokenEmpty = string.IsNullOrEmpty(token); if (isTokenEmpty && isDoCheck) { ResponseContext result = new ResponseContext(); result.Head.Ret = -1; result.Head.Code = ErrCode.TokenIsNotAllowedEmpty; actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, result); return; } if (!isTokenEmpty) { bool isExist = TokenSrv.IsTokenExist(token); if (!isExist) { if (isDoCheck) { ResponseContext result = new ResponseContext(); result.Head.Ret = -1; result.Head.Code = ErrCode.TokenPastDue; //if (TokenSrv.IsOtherWhereLogin(token)) //{ // result.Head.Msg = "您的帐号已在其他地方登录,请重新登录!"; //} actionContext.Response = GernalUnauthorizedResponse(actionContext, result); base.OnActionExecuting(actionContext); return; } } } base.OnActionExecuting(actionContext); }