private bool CheckIconOutputLock(ApiMethodAttribute apiMethodAttribute, Dictionary <string, object> dicParas, out string errMsg)
{
TokenType tokenType = TokenType.Mobile;
string mobile = string.Empty;
errMsg = string.Empty;
if (apiMethodAttribute.IconOutputLock == false)
{
return(true);
}
if (apiMethodAttribute.SignKeyEnum == SignKeyEnum.XCGameMemberToken || apiMethodAttribute.SignKeyEnum == SignKeyEnum.MobileToken || apiMethodAttribute.SignKeyEnum == SignKeyEnum.XCGameMemberOrMobileToken)
{
if (!MeberAndMobileTokenBusiness.GetTokenData(dicParas, out tokenType, out mobile, out errMsg))
{
return(false);
}
if (IconOutLockBusiness.Exist(mobile))
{
errMsg = "正在出币中,请稍后再进行操作。";
return(false);
}
return(true);
}
else
{
return(true);
}
}
/// <summary>
/// 获取请求的方法对象
/// </summary>
/// <param name="obj"></param>
/// <param name="action"></param>
/// <param name="requestMethodInfo"></param>
/// <param name="signKeyEnum"></param>
private void GetMethodInfo(object obj, string action, ref MethodInfo requestMethodInfo, ref ApiMethodAttribute apiMethodAttribute, ref AuthorizeAttribute authorizeAttribute)
{
Type type = obj.GetType();
requestMethodInfo = type.GetMethod(action);
if (requestMethodInfo == null)
{
return;
}
Attribute attribute = requestMethodInfo.GetCustomAttribute(typeof(ApiMethodAttribute));
if (attribute != null)
{
ApiMethodAttribute apiMethodAttr = (ApiMethodAttribute)attribute;
apiMethodAttribute.SignKeyEnum = apiMethodAttr.SignKeyEnum;
apiMethodAttribute.RespDataTypeEnum = apiMethodAttr.RespDataTypeEnum;
apiMethodAttribute.SysIdAndVersionNo = apiMethodAttr.SysIdAndVersionNo;
apiMethodAttribute.IconOutputLock = apiMethodAttr.IconOutputLock;
}
else
{
apiMethodAttribute.SignKeyEnum = SignKeyEnum.DogNoToken;
apiMethodAttribute.RespDataTypeEnum = RespDataTypeEnum.Json;
apiMethodAttribute.SysIdAndVersionNo = true;
apiMethodAttribute.IconOutputLock = false;
}
//类对象授权验证
attribute = type.GetCustomAttribute(typeof(AuthorizeAttribute));
if (attribute != null)
{
AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute;
authorizeAttribute.Roles = authorizeAttr.Roles;
authorizeAttribute.Users = authorizeAttr.Users;
authorizeAttribute.Merches = authorizeAttr.Merches;
}
//方法授权验证
attribute = requestMethodInfo.GetCustomAttribute(typeof(AuthorizeAttribute));
if (attribute != null)
{
AuthorizeAttribute authorizeAttr = (AuthorizeAttribute)attribute;
authorizeAttribute.Roles = (authorizeAttribute.Roles + "," + authorizeAttr.Roles).Trim(',');
authorizeAttribute.Users = (authorizeAttribute.Users + "," + authorizeAttr.Users).Trim(',');
authorizeAttribute.Merches = (authorizeAttribute.Merches + "," + authorizeAttr.Merches).Trim(',');
}
//匿名授权验证
attribute = requestMethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
if (attribute != null)
{
authorizeAttribute.Roles = string.Empty;
authorizeAttribute.Users = string.Empty;
authorizeAttribute.Merches = string.Empty;
}
}
/// <summary>
/// 成功响应
/// </summary>
/// <param name="context"></param>
/// <param name="apiMethodAttribute"></param>
/// <param name="resObj"></param>
/// <param name="signKeyToken"></param>
private void SuccessResponseOutput(HttpContext context, ApiMethodAttribute apiMethodAttribute, object resObj, string signKeyToken)
{
if (apiMethodAttribute.RespDataTypeEnum == RespDataTypeEnum.Json)
{
ResponseJsonOutput(context, resObj, signKeyToken);
}
else if (apiMethodAttribute.RespDataTypeEnum == RespDataTypeEnum.ImgStream)
{
ResponseImgStreamOutput(context, (byte[])resObj, signKeyToken);
}
}
/// <summary>
/// 失败响应
/// </summary>
/// <param name="context"></param>
/// <param name="apiMethodAttribute"></param>
/// <param name="errMsg"></param>
private void FailResponseOutput(HttpContext context, ApiMethodAttribute apiMethodAttribute, string errMsg, string signKeyToken)
{
if (apiMethodAttribute.RespDataTypeEnum == RespDataTypeEnum.Json)
{
object resModel = ResponseModelFactory.CreateReturnModel(isSignKeyReturn, Return_Code.F, errMsg);
ResponseJsonOutput(context, resModel, signKeyToken);
}
else if (apiMethodAttribute.RespDataTypeEnum == RespDataTypeEnum.ImgStream)
{
}
}
/// <summary>
/// 处理请求,完成安全验证,调用接口方法
/// </summary>
/// <param name="context"></param>
public void ProcessRequest(HttpContext context)
{
ApiRequestLog ar = new ApiRequestLog();
context.Response.AddHeader("Access-Control-Allow-Origin", "*");
//验证请求参数
string errMsg = string.Empty; //异常错误
string signKeyToken = string.Empty; //
string postJson = string.Empty; //json
int apiType = 0; //0-XCloud项目,1-XCGame项目,2-xcgamemana项目
ApiMethodAttribute apiMethodAttribute = new ApiMethodAttribute();
AuthorizeAttribute authorizeAttribute = new AuthorizeAttribute();
MethodInfo requestMethodInfo = null;
Dictionary <string, object> dicParas = null;
string requestUrl = string.Empty;
string action = RequestHelper.GetString("action");
try
{
//获取请求的方法信息
GetMethodInfo(this, action, ref requestMethodInfo, ref apiMethodAttribute, ref authorizeAttribute);
if (requestMethodInfo == null)
{
isSignKeyReturn = IsSignKeyReturn(apiMethodAttribute.SignKeyEnum);
errMsg = "请求方法无效";
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
return;
}
//验证请求参数
if (!CheckRequestParam(context, apiMethodAttribute, ref dicParas, out errMsg, out postJson, out apiType, out requestUrl, out sysId, out versionNo))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证参数签名
if (!CheckSignKey(apiMethodAttribute.SignKeyEnum, dicParas, out signKeyToken, out errMsg))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证访问权限
if (!CheckAuthorize(authorizeAttribute, apiMethodAttribute.SignKeyEnum, dicParas, out errMsg))
{
FailResponseOutput(context, apiMethodAttribute, errMsg, signKeyToken);
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
return;
}
//验证是否锁定接口
//if(!CheckIconOutputLock(apiMethodAttribute,dicParas,out errMsg))
//{
// ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, errMsg, sysId);
// var obj = ResponseModelFactory.CreateModel(isSignKeyReturn, Return_Code.T, "", Result_Code.F, errMsg);
// SuccessResponseOutput(context, apiMethodAttribute, obj, signKeyToken);
// return;
//}
//调用请求方法
object[] paras = null;
if (requestMethodInfo.GetParameters().Count <object>() > 0)
{
paras = new object[1] {
dicParas
};
}
object resObj = requestMethodInfo.Invoke(this, paras);
SuccessResponseOutput(context, apiMethodAttribute, resObj, signKeyToken);
string return_code;
string return_msg;
string result_code;
string result_msg;
GetResObjInfo(resObj, out return_code, out return_msg, out result_code, out result_msg);
ar.show(apiType, requestUrl + "?action=" + action, postJson, return_code, return_msg, sysId, result_msg);
}
catch (Exception ex)
{
FailResponseOutput(context, apiMethodAttribute, ex.Message, signKeyToken);
LogHelper.SaveLog(TxtLogType.Api, TxtLogContentType.Exception, TxtLogFileType.Day, Utils.GetException(ex));
ar.show(apiType, requestUrl + "?action=" + action, postJson, Return_Code.F, Utils.GetException(ex), sysId);
}
}
/// <summary>
/// 验证请求参数
/// </summary>
/// <param name="context">上下文信息</param>
/// <param name="errMsg">错误信息</param>
/// <returns></returns>
private bool CheckRequestParam(HttpContext context, ApiMethodAttribute apiMethodAttribute, ref Dictionary <string, object> dicParas, out string errMsg, out string postJson, out int apiType, out string requestUrl, out string sysId, out string versionNo)
{
errMsg = string.Empty;
postJson = string.Empty;
requestUrl = context.Request.Url.AbsolutePath;
sysId = string.Empty;
versionNo = string.Empty;
apiType = GetSysType(requestUrl);
//接收的Post请求参数集合不存在
if (context.Request.HttpMethod == "GET")
{
postJson = Utils.GetNameValueCollection(context.Request.QueryString);
}
else if (context.Request.HttpMethod == "POST")
{
if (context.Request.Form.Count == 0 && context.Request.InputStream.Length == 0)
{
errMsg = "没有业务请求参数";
return(false);
}
else if (context.Request.InputStream.Length > 0)
{
postJson = GetJsonByRequestStream(context);
}
else if (context.Request.Form.Count > 0)
{
postJson = Utils.GetNameValueCollection(context.Request.Form);
}
}
//接收的Post请求参数集合的第一参数为空
if (string.IsNullOrEmpty(postJson))
{
errMsg = "没有业务请求参数";
return(false);
}
//Post请求的Json字符串格式的参数,转换为数据字典
dicParas = GetJsonObject(postJson);
//if (dicParas == null || dicParas.Count == 0)
//{
// errMsg = "请求参数无效";
// return false;
//}
if (apiMethodAttribute.SysIdAndVersionNo)
{
if (!dicParas.ContainsKey("sysId"))
{
errMsg = "系统Id参数无效";
return(false);
}
if (!dicParas.ContainsKey("versionNo"))
{
errMsg = "系统版本号参数无效";
return(false);
}
sysId = dicParas["sysId"].ToString();
versionNo = dicParas["versionNo"].ToString();
}
return(true);
}
