#region
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Data.SqlClient;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;
using System.Web.Caching;
using System.Web.Http;
using System.Web.Http.Controllers;
using Newtonsoft.Json;
using Rattan.Basic.Utility;
using Rattan.BasicInfo.Data;
using Rattan.BasicInfo.DomainModel;
using Rattan.Core.DomainModel;
using Rattan.Sys.Data;
#endregion
namespace iWareSda_QQJF.WEBAPI.TestPost
{
///
/// 权限验证
///
public class ApiCheckAuthAttribute : AuthorizeAttribute
{
#region
///
/// 身份验证特性类
///
///
public override void OnAuthorization(HttpActionContext actionContext)
{
var request = actionContext.Request;
var apitype = "api";
if (request.Headers.Contains("apiType"))
{
apitype = request.Headers.GetValues("apiType").FirstOrDefault();
}
if (apitype.ToLower() == "app")
{
AppAuth(actionContext);
}
else if (apitype.ToLower() == "consignor")
{
ConsignorAuth(actionContext);
}
else
{
ApiAuth(actionContext);
}
}
#endregion
#region ApiAuth
///
/// 内部API接口
///
///
private void ApiAuth(HttpActionContext actionContext)
{
//GetToken方法不需要进行签名验证
if ("GetValidateCode,GetToken,Login,LoginUser".SplitEx().Contains(actionContext.ActionDescriptor.ActionName))
{
return;
}
var actionName = actionContext.ActionDescriptor.ActionName;
var type = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType;
var m = type.GetMethod(actionName);
var attrs = m.GetCustomAttributes(false);
var noCheckAuth = false;
attrs.All(obj =>
{
Attribute attr = (System.Attribute)obj;
string name = attr.GetType().Name;
if (name == "NoCheckAuthAttribute")
{
noCheckAuth = true;
}
return true;
});
if (noCheckAuth) return;
ResultMsg resultMsg = null;
var request = actionContext.Request;
string guid = String.Empty, timestamp = string.Empty, nonce = string.Empty,
signature = string.Empty, AccessToken = string.Empty;
string method = request.Method.Method;
if (request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
return;
}
if (request.Headers.Contains("guid"))
{
guid = HttpUtility.UrlDecode(request.Headers.GetValues("guid").FirstOrDefault());
}
var accessTokenKey = "AccessToken_" + guid;
var signTokenKey = "Token_" + guid;
if (request.Headers.Contains("AccessToken"))
{
//客户端授权Token
AccessToken = HttpUtility.UrlDecode(request.Headers.GetValues("AccessToken").FirstOrDefault());
if (AccessToken.IsNullOrEmpty())
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端未获取到授权";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
var _AccessTokenServer = RedisHelper.Cache.Read(accessTokenKey, 2);// HttpRuntime.Cache[accessTokenKey];
//如果缓存没有,在去访问日志里获取
if (_AccessTokenServer == null)
{
var where = "GUID=@GUID";
var paramList = new List();
paramList.Add(new SqlParameter("@GUID", guid));
var log = Sys_User_LogRepository.Instance.Get(where, "Log_Id DESC", paramList.ToArray());
if (log != null && log.LoginInfo.IsNotNullOrEmpty())
{
if (log.LoginInfo.IsNotNullOrEmpty())
{
_AccessTokenServer = JsonHelper.ConvertJson(log.LoginInfo);
RedisHelper.Cache.Write(accessTokenKey, _AccessTokenServer, DateTime.Now.AddDays(30), 2);
// HttpRuntime.Cache.Insert(accessTokenKey, _AccessTokenServer, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(20));
}
if (log.SignTokenInfo.IsNotNullOrEmpty())
{
var signTokenInfo = JsonHelper.ConvertJson(log.SignTokenInfo);
RedisHelper.Cache.Write(signTokenKey, signTokenInfo, DateTime.Now.AddDays(30), 2);
//HttpRuntime.Cache.Insert(signTokenKey, signTokenInfo, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(20));
}
}
}
if (_AccessTokenServer != null)
{
var platUserInfo = _AccessTokenServer as LoginInfo;
if (platUserInfo == null || platUserInfo.AccessToken != AccessToken)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端授权不正确";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
actionContext.Response.StatusCode = HttpStatusCode.Unauthorized;
base.OnAuthorization(actionContext);
return;
}
}
else
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-服务器授权不存在";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
actionContext.Response.StatusCode = HttpStatusCode.Unauthorized;
base.OnAuthorization(actionContext);
return;
}
}
else
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端未获取到授权";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(guid) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Msg = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > 8 * 60 * 1000; //2小时有效
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Msg = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//判断token是否有效
string cacheKey = "Token_" + guid;
Token token = RedisHelper.Cache.Read(cacheKey, 2); // (Token)HttpRuntime.Cache.Get(cacheKey);
string signtoken = string.Empty;
if (token == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.TokenInvalid;
resultMsg.Msg = StatusCodeEnum.TokenInvalid.GetEnumText();
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
actionContext.Response.StatusCode = HttpStatusCode.Forbidden;
base.OnAuthorization(actionContext);
return;
}
else
{
signtoken = token.SignToken.ToString();
}
//根据请求类型拼接参数
NameValueCollection queryString = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary parameters = new Dictionary();
for (int f = 0; f < queryString.Count; f++)
{
string key = queryString.Keys[f];
parameters.Add(key, queryString[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary sortedParams = new SortedDictionary(parameters);
IEnumerator> dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Msg = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//转义常规字符
//data = HttpContext.Current.Server.UrlDecode(data);
var dataJson = JsonHelper.ConvertJson(data);
var _data = data;
// 数据不参数签名计算
if (dataJson.noDataSign==true)
{
_data = "";
}
bool result = SignExtension.Validate(timestamp, nonce, guid, signtoken, _data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Msg = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
}
#endregion
#region AppAuth
///
/// 外部API接口
///
///
private void AppAuth(HttpActionContext actionContext)
{
//GetToken方法不需要进行签名验证
if ("GetValidateCode,GetToken,Login,LoginUser".SplitEx().Contains(actionContext.ActionDescriptor.ActionName))
{
return;
}
var actionName = actionContext.ActionDescriptor.ActionName;
var type = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType;
var m = type.GetMethod(actionName);
var attrs = m.GetCustomAttributes(false);
var noCheckAuth = false;
attrs.All(obj =>
{
Attribute attr = (System.Attribute)obj;
string name = attr.GetType().Name;
if (name == "NoCheckAuthAttribute")
{
noCheckAuth = true;
}
return true;
});
if (noCheckAuth) return;
ResultMsg resultMsg = null;
var request = actionContext.Request;
string guid = String.Empty, timestamp = string.Empty, nonce = string.Empty,
signature = string.Empty, accessToken = string.Empty, appSecret = string.Empty, appKey = string.Empty;
string method = request.Method.Method;
if (request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
return;
}
if (request.Headers.Contains("guid"))
{
guid = HttpUtility.UrlDecode(request.Headers.GetValues("guid").FirstOrDefault());
}
var accessTokenKey = "AccessToken_" + guid;
var signTokenKey = "Token_" + guid;
if (request.Headers.Contains("AccessToken"))
{
//客户端授权Token
accessToken = HttpUtility.UrlDecode(request.Headers.GetValues("AccessToken").FirstOrDefault());
if (accessToken.IsNullOrEmpty())
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端未获取到授权";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
var _AccessTokenServer = RedisHelper.Cache.Read(accessTokenKey, 2);// HttpRuntime.Cache[accessTokenKey];
//如果缓存没有,在去访问日志里获取
if (_AccessTokenServer == null)
{
var where = "GUID=@GUID";
var paramList = new List();
paramList.Add(new SqlParameter("@GUID", guid));
var log = Sys_User_LogRepository.Instance.Get(where, "Log_Id DESC", paramList.ToArray());
if (log != null && log.LoginInfo.IsNotNullOrEmpty())
{
if (log.LoginInfo.IsNotNullOrEmpty())
{
_AccessTokenServer = JsonHelper.ConvertJson(log.LoginInfo);
RedisHelper.Cache.Write(accessTokenKey, _AccessTokenServer, DateTime.Now.AddDays(30), 2);
//HttpRuntime.Cache.Insert(accessTokenKey, _AccessTokenServer, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(20));
}
if (log.SignTokenInfo.IsNotNullOrEmpty())
{
var signTokenInfo = JsonHelper.ConvertJson(log.SignTokenInfo);
RedisHelper.Cache.Write(signTokenKey, signTokenInfo, DateTime.Now.AddDays(30), 2);
//HttpRuntime.Cache.Insert(signTokenKey, signTokenInfo, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(20));
}
}
}
if (_AccessTokenServer != null)
{
var platUserInfo = _AccessTokenServer as LoginInfo;
if (platUserInfo == null || platUserInfo.AccessToken != accessToken)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端授权不正确";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
actionContext.Response.StatusCode = HttpStatusCode.Unauthorized;
base.OnAuthorization(actionContext);
return;
}
}
else
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-服务器授权不存在";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
actionContext.Response.StatusCode = HttpStatusCode.Unauthorized;
base.OnAuthorization(actionContext);
return;
}
}
else
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.Unauthorized;
resultMsg.Msg = StatusCodeEnum.Unauthorized.GetEnumText() + "-客户端未获取到授权";
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("appSecret"))
{
appSecret = HttpUtility.UrlDecode(request.Headers.GetValues("appSecret").FirstOrDefault());
}
if (request.Headers.Contains("appKey"))
{
appKey = HttpUtility.UrlDecode(request.Headers.GetValues("appKey").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(guid) || string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Msg = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > 8 * 60 * 1000; //2小时有效
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Msg = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//根据请求类型拼接参数
NameValueCollection queryString = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary parameters = new Dictionary();
for (int f = 0; f < queryString.Count; f++)
{
string key = queryString.Keys[f];
parameters.Add(key, queryString[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary sortedParams = new SortedDictionary(parameters);
IEnumerator> dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Msg = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//格式化JSON,去掉空格
data = JsonHelper.ConvertJsonStringNone(data);
bool result = SignExtension.ValidateApp(timestamp, nonce, appKey, appSecret, accessToken, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Msg = StatusCodeEnum.HttpRequestError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
}
#endregion
#region ConsignorAuth
///
/// 货主调用API接口
///
///
private void ConsignorAuth(HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
var type = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType;
var m = type.GetMethod(actionName);
var attrs = m.GetCustomAttributes(false);
var noCheckAuth = false;
attrs.All(obj =>
{
Attribute attr = (System.Attribute)obj;
string name = attr.GetType().Name;
if (name == "NoCheckAuthAttribute")
{
noCheckAuth = true;
}
return true;
});
if (noCheckAuth) return;
ResultMsg resultMsg = null;
var request = actionContext.Request;
string token = string.Empty, timestamp = string.Empty, nonce = string.Empty,
signature = string.Empty, consignorCode = string.Empty;
string method = request.Method.Method;
if (request.Method == HttpMethod.Options)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
return;
}
if (request.Headers.Contains("token"))
{
token = HttpUtility.UrlDecode(request.Headers.GetValues("token").FirstOrDefault());
}
if (request.Headers.Contains("timestamp"))
{
timestamp = HttpUtility.UrlDecode(request.Headers.GetValues("timestamp").FirstOrDefault());
}
if (request.Headers.Contains("nonce"))
{
nonce = HttpUtility.UrlDecode(request.Headers.GetValues("nonce").FirstOrDefault());
}
if (request.Headers.Contains("consignorCode"))
{
consignorCode = HttpUtility.UrlDecode(request.Headers.GetValues("consignorCode").FirstOrDefault());
}
if (request.Headers.Contains("signature"))
{
signature = HttpUtility.UrlDecode(request.Headers.GetValues("signature").FirstOrDefault());
}
//判断请求头是否包含以下参数
if (string.IsNullOrEmpty(consignorCode) || string.IsNullOrEmpty(token) || string.IsNullOrEmpty(timestamp)
|| string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(signature))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ParameterError;
resultMsg.Msg = StatusCodeEnum.ParameterError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//判断timespan是否有效
double ts1 = 0;
double ts2 = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0)).TotalMilliseconds;
bool timespanvalidate = double.TryParse(timestamp, out ts1);
double ts = ts2 - ts1;
bool falg = ts > 8 * 60 * 1000; //2小时有效
if (falg || (!timespanvalidate))
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.URLExpireError;
resultMsg.Msg = StatusCodeEnum.URLExpireError.GetEnumText();
resultMsg.Data = null;
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//根据请求类型拼接参数
NameValueCollection queryString = HttpContext.Current.Request.QueryString;
string data = string.Empty;
switch (method)
{
case "POST":
Stream stream = HttpContext.Current.Request.InputStream;
string responseJson = string.Empty;
StreamReader streamReader = new StreamReader(stream);
data = streamReader.ReadToEnd();
break;
case "GET":
//第一步:取出所有get参数
IDictionary parameters = new Dictionary();
for (int f = 0; f < queryString.Count; f++)
{
string key = queryString.Keys[f];
parameters.Add(key, queryString[key]);
}
// 第二步:把字典按Key的字母顺序排序
IDictionary sortedParams = new SortedDictionary(parameters);
IEnumerator> dem = sortedParams.GetEnumerator();
// 第三步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
while (dem.MoveNext())
{
string key = dem.Current.Key;
string value = dem.Current.Value;
if (!string.IsNullOrEmpty(key))
{
query.Append(key).Append(value);
}
}
data = query.ToString();
break;
default:
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpMehtodError;
resultMsg.Msg = StatusCodeEnum.HttpMehtodError.GetEnumText();
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//格式化JSON,去掉空格
data = JsonHelper.ConvertJsonStringNone(data);
bool result = SignExtension.ValidateConsignor(timestamp, nonce, consignorCode, token, data, signature);
if (!result)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.HttpRequestError;
resultMsg.Msg = "签名不合法";
resultMsg.Data = "";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
//验证账号是否正确
var where = "ConsignorCode=@ConsignorCode And Token=@Token";
var paramList = new SqlParameter[]
{
new SqlParameter("@ConsignorCode", consignorCode),
new SqlParameter("@Token", token),
};
var signTokenKey = "ConsignorToken_" + token;
var conInfo = RedisHelper.Cache.Read(signTokenKey, 2); // (Base_Consignor)HttpRuntime.Cache[signTokenKey];
if (conInfo == null)
{
conInfo = Base_ConsignorRepository.Instance.Get(where, paramList);
if (conInfo != null)
{
RedisHelper.Cache.Write(signTokenKey, conInfo, DateTime.Now.AddDays(30), 2);
//HttpRuntime.Cache.Insert(signTokenKey, conInfo, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(20));
}
}
if (conInfo == null)
{
resultMsg = new ResultMsg();
resultMsg.StatusCode = (int)StatusCodeEnum.ConsignorError;
resultMsg.Msg = "货主账号不正确";
actionContext.Response = HttpResponseExtension.toJson(JsonConvert.SerializeObject(resultMsg));
base.OnAuthorization(actionContext);
return;
}
}
#endregion
#region HandleUnauthorizedRequest
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
var resp = actionContext.Response;
base.HandleUnauthorizedRequest(actionContext);
var response = actionContext.Response = actionContext.Response ?? new HttpResponseMessage();
response.StatusCode = resp.StatusCode;
response.Content = resp.Content;
}
#endregion
}
}