using System; using System.Linq; using System.Threading.Tasks; using Hncore.Infrastructure.Common; using Hncore.Infrastructure.Extension; using Hncore.Infrastructure.Serializer; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Authorization; using Microsoft.AspNetCore.Mvc.Filters; using Hncore.Infrastructure.Core.Web; namespace Hncore.Infrastructure.OpenApi { public class OpenApiAuthAttribute : TypeFilterAttribute { public OpenApiAuthAttribute() : base(typeof(OpenApiAuthFilter)) { Order = -9997; } } public class OpenApiAuthFilter : IAsyncAuthorizationFilter { public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { if (context.Filters.Any(item => item is IAllowAnonymousFilter)) { context.HttpContext.Items["AllowAnonymous"] = true; return; } context.HttpContext.Items["OpenApi"] = true; var body = await context.HttpContext.Request.ReadBodyAsStringAsync(); var requestBase = body.FromJsonTo(); if (requestBase.Timestamp==null) { OpenApiException.Throw(OpenApiReturnCode.Error,"缺少timestamp参数"); } if (!requestBase.Sign.Has()) { OpenApiException.Throw(OpenApiReturnCode.Error,"缺少sign参数"); } if (!requestBase.AppId.Has()) { OpenApiException.Throw(OpenApiReturnCode.Error,"缺少appid参数"); } var application = await RedisHelper.HGetAsync("OpenApi:Application", requestBase.AppId); context.HttpContext.Items["OpenApiAppKey"] = application.AppKey; if (!application.Enable) { OpenApiException.Throw(OpenApiReturnCode.Unauthorized); } if (DateTimeHelper.ToUnixTimestamp(DateTime.Now) - requestBase.Timestamp > 60) { OpenApiException.Throw(OpenApiReturnCode.TimeStampExpired); } requestBase.CheckSign(application.AppKey); } } }