上代码,根据具体情况进行修改。
public class WebFilterAttribute : Attribute, IAuthorizationFilter, IActionFilter, IExceptionFilter
{
static private log4net.ILog log = log4net.LogManager.GetLogger(typeof(WebFilterAttribute));
/// <summary>
/// 身份验证过滤
/// </summary>
/// <param name="context"></param>
public void OnAuthorization(AuthorizationFilterContext context)
{
var actionDesc = context.ActionDescriptor;
var routeData = new RouteData(context);
//if (UserDataHelper.User == null)
//{//开发阶段自动登录
// UserDataHelper.User = new LoginUser
// {
// user_name = "admin",
// company_uuid = "9ba95e6e-6dc1-46db-9055-944a9eabe428",
// tel_phone = "131"
// };
//}
if (actionDesc.FilterDescriptors.Any(s => s.Filter.ToString() == typeof(NoLoginAttribute).ToString()))
{//如果不用验证登录 直接返回
return;
}
if (UserDataHelper.CheckLogin() == false)
{//登录验证 : 没有登录
var result = new ResultBase { Code = ResultCode.NoLogin, Message = "没有登录" };
context.Result = new JsonResult(result);
log.Info("[" + routeData.ApiPath + "] 提示:" + result.Message);
return;
}
if (actionDesc.FilterDescriptors.Any(s => s.Filter.ToString() == typeof(NoPermissAttribute).ToString()))
{//如果不用验证权限 直接返回
return;
}
if (UserDataHelper.CheckPermissions(routeData.ActionName, routeData.ControllerName) == false)
{//验证 权限
var result = new ResultBase { Code = ResultCode.NoPermission, Message = "没有授权" };
context.Result = new JsonResult(result);
log.Info("[" + routeData.ApiPath + "] 提示:" + result.Message);
return;
}
}
/// <summary>
/// 异常返回
/// 程序发生异常后 返回统一格式
/// </summary>
/// <param name="actionContext"></param>
public void OnException(ExceptionContext context)
{
var routeData = new RouteData(context);
var ex = context.Exception;
if (ex.InnerException != null)
{
ex = ex.GetBaseException();
}
var exceptionResult = new ResultBase();
exceptionResult.Code = ResultCode.Failed;
exceptionResult.Message = ex.Message;
context.Result = new JsonResult(exceptionResult);
log.Info("[" + routeData.ApiPath + "] 返回:" + JsonConvert.SerializeObject(exceptionResult));
log.Error("[" + routeData.ApiPath + "] 异常:" + ex.ToString());
}
/// <summary>
/// api调用后执行
/// </summary>
/// <param name="context"></param>
public void OnActionExecuted(ActionExecutedContext context)
{
if (context.Result != null)
{
var routeData = new RouteData(context);
if (context.Result is ObjectResult)
{
log.Info("[" + routeData.ApiPath + "] 返回:" + JsonConvert.SerializeObject(((ObjectResult)context.Result).Value));
}
if (context.Result is JsonResult)
{
log.Info("[" + routeData.ApiPath + "] 返回:" + JsonConvert.SerializeObject(((JsonResult)context.Result).Value));
}
}
}
/// <summary>
/// api 调用前执行 用来验证参数
/// </summary>
/// <param name="context"></param>
public void OnActionExecuting(ActionExecutingContext context)
{
var routeData = new RouteData(context);
string log_str = "";//打印接收参数
foreach (var item in context.ActionArguments)
{
log_str += item.Key + " = " + JsonConvert.SerializeObject(item.Value) + " | ";
}
log_str = (log_str == "" ? "无参数" : log_str);
log.Info("[" + routeData.ApiPath + "] 接收:" + log_str);
if (!context.ModelState.IsValid)
{//传入参数验证
string erro = "";
foreach (var modelState in context.ModelState.Values)
{
foreach (var error in modelState.Errors)
{
erro = error.ErrorMessage;
if (erro == "") erro = error.Exception == null ? "" : error.Exception.Message;
// LogHelper.Warn(actionContext.Request.RequestUri.LocalPath + " 传参错误:" + (error.Exception == null ? erro : error.Exception.ToString()));
break;
}
}
var ret = new ResultBase { Code = ResultCode.ParameterError };
ret.Message = (!string.IsNullOrWhiteSpace(erro)) ? erro : "参数错误";
if (ret.Message != "")
{
context.Result = new JsonResult(ret);
}
}
}
/// <summary>
/// 内部类 路由信息
/// </summary>
private class RouteData
{
/// <summary>
/// action名称
/// </summary>
public string ActionName { get; set; }
/// <summary>
/// 控制器名称
/// </summary>
public string ControllerName { get; set; }
/// <summary>
/// Api路径
/// </summary>
public string ApiPath { get; set; }
public RouteData(ActionContext context)
{
var desc = context.ActionDescriptor;
ActionName = desc.RouteValues["action"].ToLower();
ControllerName = desc.RouteValues["controller"].ToLower();
ApiPath = ControllerName + "/" + ActionName;
}
}
}
用户登录信息类:
public class UserDataHelper
{
static RoleBLL roleBLL = new RoleBLL();
/// <summary>
/// 保存当前登录用户信息
/// </summary>
public static LoginUser User
{
get
{
StringValues SessionKey = "";
if (HttpContext.Current.Request.Headers.TryGetValue("SessionKey", out SessionKey) == false)
{
SessionKey = HttpContext.Current.Request.Cookies["SessionKey"];
}
if (!string.IsNullOrEmpty(SessionKey))
{
int expireAt = int.Parse(ConfigurationManager.AppSettings["expire_entry_at"]);
var ret = CacheManage.GetUser(SessionKey, expireAt);
string testSessionKey = "88888888";
if (ret == null && SessionKey == testSessionKey)
{
AccountBLL accountBLL = new AccountBLL();
var user = accountBLL.Login("admin");
user.SessionKey = testSessionKey;
CacheManage.SaveUser(testSessionKey, user, expireAt);
ret = CacheManage.GetUser(testSessionKey, expireAt);
}
return ret;
}
return null;
}
set
{
int expireAt = int.Parse(ConfigurationManager.AppSettings["expire_entry_at"]);
CacheManage.SaveUser(value.SessionKey, value, expireAt);
}
}
public static LoginUser GetLoginUser(string SessionKey)
{
int expireAt = int.Parse(ConfigurationManager.AppSettings["expire_entry_at"]);
return CacheManage.GetUser(SessionKey, expireAt);
}
/// <summary>
/// 检测是否有登录
/// </summary>
/// <returns>是否登录</returns>
public static bool CheckLogin()
{
if (UserDataHelper.User == null)
{
return false;
}
return true;
}
/// <summary>
///
/// </summary>
/// <param name="action">action名称</param>
/// <param name="control">控制器名称</param>
/// <returns>是否有权限</returns>
public static bool CheckPermissions(string actionName, string controlName)
{
string apiStr = roleBLL.GetAPIRoleByRole(UserDataHelper.User.role_uuid).ToLower();//实现原理为 存储对应的API路径到数据库 这里不做具体实现
if (apiStr.Contains("/" + controlName.Trim() + "/" + actionName.Trim()))
{
return true;
}
else if (controlName.Trim() == "areaticketcountandticket"|| controlName.Trim() == "servicecountbymonthweek" || controlName.Trim() == "taskcountbyweekmonth") { return true; }
else return false;
//TODO 暂未开发
//return true;
}
/// <summary>
/// 保存数据
/// </summary>
/// <param name="key">key</param>
/// <param name="obj">数据</param>
public static void SaveValue(string key, object obj)
{
string str = JsonConvert.SerializeObject(obj);
var value = System.Text.Encoding.UTF8.GetBytes(str);
// CacheManage.SaveCache<LoginUser>(key, obj);
HttpContext.Current.Session.Set(key, value);
}
/// <summary>
/// 获取数据
/// </summary>
/// <typeparam name="T">数据格式</typeparam>
/// <param name="key">key</param>
/// <returns>保存的数据</returns>
public static T GetValue<T>(string key)
{
byte[] b;
var d = HttpContext.Current.Session.TryGetValue(key, out b);
if (d == false) return default(T);
try
{
string str = System.Text.Encoding.UTF8.GetString(b);
return JsonConvert.DeserializeObject<T>(str);
}
catch// (Exception ex)
{
// LogHelper.Error(ex);
return default(T);
}
}
// public const string DateTimeFormat = "yyyy-MM-dd HH:mm:ss";
// public const string DateTimeFormat2 = "yyyy-MM-dd";
}
//全局拦截
services.AddMvc(options =>
{
options.Filters.Add(typeof(ActionAttribute));
})
部分控制器不进行拦截
/// <summary>
/// 不需要登陆的地方加个这个空的拦截器
/// </summary>
public class NoSignAttribute : ActionFilterAttribute { }
/// <summary>
/// 不需要登录使用这个[NoSign] 拦截器
/// </summary>
/// <returns></returns>
[NoSign]
public IActionResult Privacy()
{
return View();
}