/// <summary> /// 参数检查 /// </summary> /// <param name="context">当前请求上下文</param> /// <param name="userInfo">用户信息</param> /// <param name="checkLocalIp">检查内网</param> /// <param name="permissionCode">权限菜单的Code</param> /// <returns></returns> public static BaseResult ValidateParameter(HttpContext context, ref BaseUserInfo userInfo, bool checkLocalIp = true, string permissionCode = null) { var result = new BaseResult(); // 1:是否是有效的系统编号? if (context.Request["systemCode"] == null) { result.Status = false; result.StatusCode = Status.ParameterError.ToString(); result.StatusMessage = "systemCode " + Status.ParameterError.ToDescription(); return(result); } var systemCode = context.Request["systemCode"]; if (!BaseSystemManager.CheckSystemCode(systemCode)) { result.Status = false; result.StatusCode = Status.ParameterError.ToString(); result.StatusMessage = "systemCode 不是有效的系统编号"; return(result); } var ipAddress = Utils.GetIp(); // 2016-08-22 已经正常登录的用户,也可以调用验证码函数,这样接口程序更灵活一些,更方便被调用 if (context.Request["userInfo"] != null) { // 从当前使用的用户确定当前使用者 userInfo = BaseUserInfo.Deserialize(context.Request["userInfo"]); if (userInfo == null) { result.Status = false; result.StatusCode = Status.Error.ToString(); result.StatusMessage = "userInfo " + Status.Error.ToDescription(); return(result); } // 防止伪造、判断用户的有效性 if (!ServiceUtil.VerifySignature(userInfo)) { // LogUtil.WriteLine("userInfo.Signature:" + userInfo.Signature + " GetSignature(userInfo):" + ServiceUtil.GetSignature(userInfo)); result.Status = false; result.StatusCode = Status.SignatureError.ToString(); result.StatusMessage = "userInfo " + Status.SignatureError.ToDescription(); return(result); } // 这里需要是已经登录的用户,不是已经被踢掉的用户 if (!ValidateOpenId(userInfo.Id, userInfo.OpenId)) { result.Status = false; result.StatusCode = Status.ParameterError.ToString(); result.StatusMessage = "OpenId " + Status.ParameterError.ToDescription(); return(result); } } else { // 2016-08-09 吉日嘎拉,必须保证是服务器调用的,外部不允许直接调用,方式被短信轰炸,有安全漏洞。 // 检查是否为内部ip地址发送出去的手机短信 // 2016-08-09 宋彪 不仅仅针对短信发送,用户中心接口也要考虑 if (checkLocalIp) { if (!IpUtil.IsLocalIp(ipAddress)) { // 不是内网发出的, 也不是信任的ip列表里的,直接给拒绝发送出去 result.Status = false; result.StatusCode = Status.ErrorIpAddress.ToString(); result.StatusMessage = ipAddress + " " + Status.ErrorIpAddress.ToDescription(); return(result); } } // 应用唯一标识 string appKey; if (context.Request["appKey"] == null) { result.Status = false; result.StatusCode = Status.ParameterError.ToString(); result.StatusMessage = "appKey " + Status.ParameterError.ToDescription(); return(result); } else { appKey = context.Request["appKey"]; } // 应用的签名密钥 string appSecret; if (context.Request["appSecret"] == null) { result.Status = false; result.StatusCode = Status.ParameterError.ToString(); result.StatusMessage = "appSecret " + Status.ParameterError.ToDescription(); return(result); } else { appSecret = context.Request["appSecret"]; } // 检查服务的有效性,是否调用限制到了?是否有相应的权限 //result = BaseServicesLicenseManager.CheckService(appKey, appSecret, false, 0, 0, systemCode, permissionCode); //if (!result.Status) //{ // return result; //} // 从接口确定当前调用者 var userEntity = BaseUserManager.GetEntityByCodeByCache(appKey); if (userEntity != null) { userInfo = new BaseUserInfo { Id = userEntity.Id.ToString(), UserId = userEntity.Id, Code = userEntity.Code, UserName = userEntity.UserName, NickName = userEntity.NickName, RealName = userEntity.RealName, CompanyId = userEntity.CompanyId.ToString(), CompanyCode = userEntity.CompanyCode, CompanyName = userEntity.CompanyName, IpAddress = ipAddress }; } } result.Status = true; return(result); }