Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
bowintek
/
OrderSystem
14
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Atzars: master
Atzari Tagi
OrderSystem
/
Framework
/
Bowin.Common
/
ServiceToken
/
ApiIdentity
/
ApiIdentityAttribute.cs

ApiIdentityAttribute.cs 2.8 KB
Patstāvīgā saite Vēsture Neapstrādāts

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. using Bowin.Common.Cache;
    2. 

  2. using Bowin.Common.Encoder.DES;
    3. 

  3. using Bowin.Common.Utility;
    4. 

  4. using Microsoft.AspNetCore.Mvc.Filters;
    5. 

  5. using System;
    6. 

  6. using System.Collections.Generic;
    7. 

  7. using System.Linq;
    8. 

  8. using System.Text;
    9. 

  9. 

  10. namespace Bowin.Common.ServiceToken.ApiIdentity
    11. 

  11. {
    12. 

  12.     /// <summary>
    13. 

  13.     /// Header:{ auth-key: 密文(系统ID|访问时间(MMyyyyddmmHHss)), auth-system: 系统ID明文 }
    14. 

  14.     /// </summary>
    15. 

  15.     public class ApiIdentityAttribute : ActionFilterAttribute
    16. 

  16.     {
    17. 

  17.         public List<string> ScopeList { get; set; }
    18. 

  18.         public ApiIdentityAttribute(params string[] scopes)
    19. 

  19.         {
    20. 

  20.             ScopeList = scopes.ToList();
    21. 

  21.         }
    22. 

  22.         public override void OnActionExecuting(ActionExecutingContext context)
    23. 

  23.         {
    24. 

  24.             if (!ApiIdentityHelper.IsStarted)
    25. 

  25.             {
    26. 

  26.                 return;
    27. 

  27.             }
    28. 

  28. 

  29.             var systemService = (ISystemService)HttpHelper.GetService(ApiIdentityHelper.SystemServiceType);
    30. 

  30.             var systemList = systemService.GetSystemList();
    31. 

  31.             var systemID = context.HttpContext.Request.Headers["auth-system"].ToString();
    32. 

  32.             var secret = systemList.Where(x => x.SystemID == systemID).FirstOrDefault()?.Secret;
    33. 

  33.             if (string.IsNullOrEmpty(secret))
    34. 

  34.             {
    35. 

  35.                 throw new ServiceException(-1, "无效的auth-system");
    36. 

  36.             }
    37. 

  37.             var des = new DesAccessor();
    38. 

  38.             var key = Encoding.UTF8.GetBytes(secret).Take(8).ToArray();
    39. 

  39.             var iv = key;
    40. 

  40. 

  41.             var encodedText = context.HttpContext.Request.Headers["auth-key"].ToString();
    42. 

  42.             var decodedString = des.Decrypt(encodedText, key, iv);
    43. 

  43.             var spliteData = decodedString.Split('|', StringSplitOptions.RemoveEmptyEntries);
    44. 

  44.             DateTime visitTime;
    45. 

  45.             if (spliteData.Length != 2 || spliteData[0] != systemID || !DateTime.TryParseExact(spliteData[1], "MMyyyyddmmHHss", null, System.Globalization.DateTimeStyles.None, out visitTime))
    46. 

  46.             {
    47. 

  47.                 throw new ServiceException(-1, "无效auth-key");
    48. 

  48.             }
    49. 

  49.             var passTime = Math.Abs(DateTime.Now.Subtract(visitTime).TotalMinutes);
    50. 

  50.             if (passTime > 5)
    51. 

  51.             {
    52. 

  52.                 throw new ServiceException(-1, "auth-key访问超时,请重新生成auth-key");
    53. 

  53.             }
    54. 

  54. 

  55.             var scopeList = systemService.GetScopeList(systemID);
    56. 

  56. 

  57.             if (scopeList.Intersect(ScopeList).Count() == 0)
    58. 

  58.             {
    59. 

  59.                 throw new ServiceException(-2, "未授权的操作。");
    60. 

  60.             }
    61. 

  61.             ///考虑如何处理频繁访问,暂时想到是每一次调用接口时记录缓存,一分钟后缓存消失,这时候才可以再次访问,但需要考虑是不是所有将来的接口都需要有这个限制;
    62. 

  62.             ///另一个方式就是直接记录日志,访问太频繁线下找对方追责
    63. 

  63.         }
    64. 

  64.     }
    65. 

  65. }
    66.