AuthorizationFilter.cs 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. using System.Text;
  2. using System.Web;
  3. using Common;
  4. using Extensions;
  5. using Infrastructure;
  6. using Infrastructure.Model;
  7. using Microsoft.AspNetCore.Mvc;
  8. using Microsoft.AspNetCore.Mvc.Filters;
  9. using Services;
  10. //本命名空间暂时先不改,改动比较大2023年9月2日
  11. namespace Filters
  12. {
  13. /// <summary>
  14. /// </summary>
  15. public class AuthorizationFilter : IAuthorizationFilter
  16. {
  17. // private readonly ISysLoginService SysLoginService;
  18. // public AuthorizationFilter(ISysLoginService sysLoginService)
  19. // {
  20. // this.SysLoginService = sysLoginService;
  21. // }
  22. public AuthorizationFilter()
  23. {
  24. }
  25. /// <summary>
  26. /// </summary>
  27. /// <param name="context"></param>
  28. public void OnAuthorization(AuthorizationFilterContext context)
  29. {
  30. var request = context.HttpContext.Request;
  31. if(!request.Path.Value.ToLower().Contains("noauth/"))
  32. {
  33. string content = "";
  34. if(context.HttpContext.Request.Method.ToLower() == "get")
  35. {
  36. content = context.HttpContext.GetQueryString();
  37. content = GetParam(content, "value");
  38. content = HttpUtility.UrlDecode(content);
  39. content = Decrypt(content);
  40. content = HttpUtility.UrlDecode(content);
  41. if(!string.IsNullOrEmpty(content))
  42. {
  43. Dictionary<string, object> dic = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<string, object>>(content);
  44. string queryString = "";
  45. var parameters = context.ActionDescriptor.Parameters;
  46. foreach(var parameter in parameters)
  47. {
  48. string parameterName = parameter.Name;
  49. Type objectType = parameter.ParameterType;
  50. if(objectType.FullName != "System.String")
  51. {
  52. System.Reflection.Assembly assembly = System.Reflection.Assembly.GetAssembly(objectType);
  53. var entry = assembly.CreateInstance(objectType.FullName);
  54. Type type = entry.GetType();
  55. System.Reflection.PropertyInfo[] propertyInfos = type.GetProperties();
  56. for (int i = 0; i < propertyInfos.Length; i++)
  57. {
  58. foreach (string key in dic.Keys)
  59. {
  60. if (propertyInfos[i].Name == key)
  61. {
  62. object value = dic[key];
  63. string ParameterType = propertyInfos[i].GetMethod.ReturnParameter.ParameterType.Name;
  64. if (ParameterType == "Int32")
  65. {
  66. if(value == null || value == "") value = "0";
  67. value = Convert.ToInt32(value);
  68. }
  69. else if (ParameterType == "Int64[]")
  70. {
  71. value = Tools.SpitLongArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
  72. }
  73. else if (ParameterType == "Int32[]")
  74. {
  75. value = Tools.SpitIntArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
  76. }
  77. else if (ParameterType == "List`1")
  78. {
  79. string val = Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"');
  80. value = Tools.SpitLongArrary(val, ',').ToList();
  81. }
  82. if(value.ToString() == "-1") value = -1;
  83. if(value.ToString() == "[]") value = "";
  84. queryString += key + "=" + value.ToString() + "&";
  85. break;
  86. }
  87. }
  88. }
  89. }
  90. }
  91. request.QueryString = new QueryString("?" + queryString.TrimEnd('&'));
  92. }
  93. }
  94. else if(context.HttpContext.Request.Method.ToLower() == "delete")
  95. {
  96. string path = request.Path.Value;
  97. string value = path.Substring(path.LastIndexOf("/") + 1);
  98. path = path.Substring(0, path.LastIndexOf("/") + 1);
  99. value = Decrypt(value);
  100. path += value;
  101. request.Path = new PathString(path);
  102. request.RouteValues["id"] = value;
  103. }
  104. else
  105. {
  106. content = context.HttpContext.GetBody();
  107. content = Decrypt(content);
  108. //{"username":"admin","password":"000000"}
  109. request.Body = new MemoryStream(Encoding.UTF8.GetBytes(content));
  110. //验证登录接口
  111. if(request.Path.Value.EndsWith("/oauth2/token"))
  112. {
  113. // var scope = request.Query["scope"].ToString();
  114. // var grantType = request.Query["grant_type"].ToString();
  115. // bool checkLogin = SysLoginService.CheckLogin(scope, grantType, context.HttpContext.GetToken().Replace("Basic ", ""));
  116. // if(!checkLogin)
  117. // {
  118. // string msg = $"请求访问失败,无法访问系统资源";
  119. // context.Result = new JsonResult(ApiResult.Error(ResultCode.DENY, msg));
  120. // }
  121. }
  122. }
  123. }
  124. }
  125. public string Decrypt(string str)
  126. {
  127. str = str.Trim('"');
  128. str = Encoding.UTF8.GetString(Convert.FromBase64String(str));
  129. return Dbconn.AesDecrypt(str, Base.GlobalConstant.ApiKey, Base.GlobalConstant.ApiIv);
  130. }
  131. public string GetParam(string content, string key)
  132. {
  133. if(content.StartsWith("?")) content = content.Substring(1);
  134. string[] data = content.Split('&');
  135. foreach(string sub in data)
  136. {
  137. if(sub.StartsWith(key + "="))
  138. {
  139. return sub.Substring(sub.IndexOf("=") + 1);
  140. }
  141. }
  142. return "";
  143. }
  144. }
  145. }