新建一个类
[AttributeUsage(AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class ApiAuthFilter : ActionFilterAttribute
重写两个方法
public override void OnActionExecuted(ActionExecutedContext context)
{
//操作执行后做的事情
}
public override void OnActionExecuting(ActionExecutingContext context)
{
//TODO
}
/// <summary>
/// 校验请求头信息
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private bool CheckRequestHeader(ActionExecutingContext context)
{
var headers = context.HttpContext.Request.Headers;
var keys = headers.Keys;
var user = headers[_accountKey].ToString();
string token = headers[_tokenKey].ToString();
if (keys.Contains(_accountKey)&&keys.Contains(_tokenKey))
{
if (string.IsNullOrWhiteSpace(user) || string.IsNullOrWhiteSpace(token))
{
return false;
}
else
{
return true;
}
}
else
{
return false;
}
}
/// <summary>
/// 根据上报用户账号获取上报用户接口授权
/// </summary>
/// <param name="accountId"></param>
/// <returns></returns>
private Tuple<bool,List<ReportApiDto>> UserApiAuth(string accountId)
{
var list= _reportAccountServices.GetUserApiAuthByAccountId(accountId);
var flag = list!=null&&list.Count>0;
return Tuple.Create(flag, list);
}
/// <summary>
/// 操作执行前做的事情
/// </summary>
/// <param name="context"></param>
public override void OnActionExecuting(ActionExecutingContext context)
{
bool validationResult = false;
//TODO错误信息需要用通用的消息提示
OnActionExecuting(context);
try
{
//验证请求头
validationResult=CheckRequestHeader(context);
if (!validationResult)
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
var request = context.HttpContext.Request;
var accountId = request.Headers[_accountKey].ToString();
//用户接口权限列表
var authResult = UserApiAuth(accountId);
validationResult=authResult.Item1;
var apiauthList = authResult.Item2;
if (!validationResult)
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
//用户的密钥
var secretKey = apiauthList[0].AccountKey;
var token = request.Headers[_tokenKey].ToString();
if (string.IsNullOrEmpty(secretKey))
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
//SM4解密
var jsonStr = SM4.Decrypt_ECB(token, secretKey, false);
if (string.IsNullOrEmpty(jsonStr))
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
request.EnableBuffering();
var requestReader = new StreamReader(request.Body);
var sha = Utils.ComputedHashCode(requestReader.BaseStream);
//计算hash值并比对
if (string.IsNullOrWhiteSpace(sha)||sha!=jsonStr)
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
//获取路由
var routes = context.RouteData.Values;
var auths = apiauthList.Select(x => x.ApiName).ToList();
if (!auths.Any())
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
foreach (var route in routes)
{
if (!auths.Contains(route.Key))
{
context.Result=(IActionResult)ResponseResult.Fail();
return;
}
}
}
catch (Exception ex)
{
context.Result=(IActionResult)ResponseResult.Fail();
Log4NetHelper.WriteError(typeof(ApiAuthFilter),ex.Message+ex.StackTrace);
return;
}
}
最终实现目的
[HttpPost("submit")]
[ApiAuthFilter]
public IActionResult Submit(Req_Dto req)
{
//TODO
}