/// <summary>授权事件</summary>
public void DoAuth(HttpContext context, MethodInfo method, HttpApiAttribute attr, string securityCode)
{
if (this.OnAuth != null)
{
this.OnAuth(context, method, attr, securityCode);
}
}
//--------------------------------------------
// 包裹方法
//--------------------------------------------
public void DoVisit(HttpContext context, MethodInfo method, HttpApiAttribute attr, Dictionary <string, object> inputs)
{
if (this.OnVisit != null)
{
this.OnVisit(context, method, attr, inputs);
}
}
/// <summary>取得HttpApiAttribute</summary>
public static HttpApiAttribute GetHttpApiAttribute(this MethodInfo info)
{
if (info == null)
{
return(null);
}
HttpApiAttribute attr = GetAttribute <HttpApiAttribute>(info);
return(attr);
}
//-----------------------------------------------------------
// 获取接口清单
//-----------------------------------------------------------
// 获取接口清单
static TypeAPI GetTypeApi(Type type)
{
// 获取接口列表
var rootUrl = GetApiRootUrl(type);
var typeapi = new TypeAPI();
var apis = new List <API>();
var methods = type.GetMethods(BindingFlags.Public | BindingFlags.Instance | BindingFlags.Static | BindingFlags.DeclaredOnly);
foreach (MethodInfo method in methods)
{
HttpApiAttribute attr = ReflectHelper.GetHttpApiAttribute(method);
if (attr != null)
{
var api = new API()
{
Name = method.Name,
Description = attr.Description,
ReturnType = ParseDataType(attr.Type, method.ReturnType).ToString(),
CacheDuration = attr.CacheSeconds,
AuthIP = attr.AuthIP,
AuthToken = attr.AuthToken,
AuthLogin = attr.AuthLogin,
AuthUsers = attr.AuthUsers,
AuthRoles = attr.AuthRoles,
AuthVerbs = attr.AuthVerbs.IsEmpty() ? "" : attr.AuthVerbs.ToUpper(),
Status = attr.Status,
Log = attr.Log,
Remark = attr.Remark,
Example = attr.Example,
Url = GetMethodDisplayUrl(rootUrl, method),
UrlTest = GetMethodTestUrl(rootUrl, method, attr.AuthToken),
Params = GetMethodParams(method, attr.AuthToken),
Method = method,
RType = attr.Type
};
apis.Add(api);
}
}
//
typeapi.Apis = apis.OrderBy(t => t.Name).ToList();
typeapi.Description = ReflectHelper.GetDescription(type);
typeapi.Histories = ReflectHelper.GetHistories(type);
return(typeapi);
}
// 检测方法的可用性
static void CheckMethodEnable(HttpContext context, MethodInfo method, HttpApiAttribute attr)
{
// 校验访问方式
if (!attr.AuthVerbs.IsEmpty())
{
var verbs = attr.VerbList;
if (verbs.Count == 0)
{
return;
}
if (!verbs.Contains(context.Request.HttpMethod.ToLower()))
{
throw new HttpApiException(400, "Auth verbs fail: " + attr.AuthVerbs);
}
}
// 校验登录与否
if (attr.AuthLogin)
{
if (!Asp.IsLogin())
{
throw new HttpApiException(401, "Auth login fail");
}
}
// 校验用户
if (!string.IsNullOrEmpty(attr.AuthUsers))
{
if (!Asp.IsInUsers(attr.AuthUsers.Split(',', ';')))
{
throw new HttpApiException(401, "Auth user fail");
}
}
// 校验角色
if (!string.IsNullOrEmpty(attr.AuthRoles))
{
if (!Asp.IsInRoles(attr.AuthRoles.Split(',', ';')))
{
throw new HttpApiException(401, "Auth role fail");
}
}
}
/// <summary>方法可访问性校验</summary>
private static void CheckMethod(HttpContext context, MethodInfo method, HttpApiAttribute attr, Dictionary <string, object> inputs)
{
// 方法未找到或未公开
if (method == null || attr == null)
{
throw new HttpApiException(404, "Not Found.");
}
// 访问事件
var instance = HttpApiConfig.Instance;
instance.DoVisit(context, method, attr, inputs);
// 校验方法可用性
AuthHelper.LoadPrincipalFromCookie(); // 获取身份验票
CheckMethodEnable(context, method, attr);
// 自定义鉴权
string token = inputs.Keys.Contains("token") ? inputs["token"].ToString() : "";
instance.DoAuth(context, method, attr, token);
}
/// <summary>方法可访问性校验</summary>
private static void CheckMethod(HttpContext context, MethodInfo method, HttpApiAttribute attr, Dictionary <string, object> inputs)
{
// 方法未找到或未公开
if (method == null || attr == null)
{
throw new HttpApiException(404, "API " + method.Name + " not found. Please check the [HttpApi] attribute.");
}
// 访问事件
var instance = HttpApiConfig.Instance;
instance.DoVisit(context, method, attr, inputs);
// 校验方法可用性
App.Core.AuthHelper.LoadCookiePrincipal(); // 获取身份验票
CheckMethodEnable(context, method, attr);
// 自定义鉴权
string securityCode = context.Request.Params["securityCode"];
instance.DoAuth(context, method, attr, securityCode);
}
/// <summary>授权事件</summary>
public void DoAuth(HttpContext context, MethodInfo method, HttpApiAttribute attr, string token)
{
this.OnAuth?.Invoke(context, method, attr, token);
}
