lichunlei
/
KxsConfigNew


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
							using System.Text;
using System.Web;
using Common;
using Extensions;
using Infrastructure;
using Infrastructure.Model;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Services;

//本命名空间暂时先不改，改动比较大2023年9月2日
namespace Filters
{
    /// <summary>
    /// </summary>
    public class AuthorizationFilter : IAuthorizationFilter
    {
        
        private readonly ISysLoginService SysLoginService;

        public AuthorizationFilter(ISysLoginService sysLoginService)
        {
            this.SysLoginService = sysLoginService;
        }

        /// <summary>
        /// </summary>
        /// <param name="context"></param>
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            var request = context.HttpContext.Request;
            if(!request.Path.Value.ToLower().Contains("noauth/"))
            {
                string content = "";
                if(context.HttpContext.Request.Method.ToLower() == "get")
                {
                    content = context.HttpContext.GetQueryString();
                    content = GetParam(content, "value");
                    content = HttpUtility.UrlDecode(content);
                    content = Decrypt(content);
                    content = HttpUtility.UrlDecode(content);
                    if(!string.IsNullOrEmpty(content))
                    {
                        Dictionary<string, object> dic = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<string, object>>(content);

                        string queryString = "";
                        var parameters = context.ActionDescriptor.Parameters;
                        foreach(var parameter in parameters)
                        {
                            string parameterName = parameter.Name;
                            Type objectType = parameter.ParameterType;
                            if(objectType.FullName != "System.String")
                            {
                                System.Reflection.Assembly assembly = System.Reflection.Assembly.GetAssembly(objectType);
                                var entry = assembly.CreateInstance(objectType.FullName);
                                Type type = entry.GetType();
                                System.Reflection.PropertyInfo[] propertyInfos = type.GetProperties();
                                for (int i = 0; i < propertyInfos.Length; i++)
                                {
                                    foreach (string key in dic.Keys)
                                    {
                                        if (propertyInfos[i].Name == key)
                                        {
                                            object value = dic[key];
                                            string ParameterType = propertyInfos[i].GetMethod.ReturnParameter.ParameterType.Name;
                                            if (ParameterType == "Int32")
                                            {
                                                if(value == null || value == "") value = "0";
                                                value = Convert.ToInt32(value);
                                            }
                                            else if (ParameterType == "Int64[]")
                                            {
                                                value = Tools.SpitLongArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
                                            }
                                            else if (ParameterType == "Int32[]")
                                            {
                                                value = Tools.SpitIntArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
                                            }
                                            else if (ParameterType == "List`1")
                                            {
                                                string val = Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"');
                                                value = Tools.SpitLongArrary(val, ',').ToList();
                                            }
                                            if(value.ToString() == "-1") value = -1;
                                            if(value.ToString() == "[]") value = "";
                                            queryString += key + "=" + value.ToString() + "&";
                                            break;
                                        }
                                    }
                                }
                            }
                        }

                        request.QueryString = new QueryString("?" + queryString.TrimEnd('&'));
                    }
                }
                else if(context.HttpContext.Request.Method.ToLower() == "delete")
                {
                    string path = request.Path.Value;
                    string value = path.Substring(path.LastIndexOf("/") + 1);
                    path = path.Substring(0, path.LastIndexOf("/") + 1);
                    value = Decrypt(value);
                    path += value;
                    request.Path = new PathString(path);
                    request.RouteValues["id"] = value;
                }
                else
                {
                    content = context.HttpContext.GetBody();
                    content = Decrypt(content);
                    //{"username":"admin","password":"000000"}
                    request.Body = new MemoryStream(Encoding.UTF8.GetBytes(content));

                    //验证登录接口
                    if(request.Path.Value.EndsWith("/oauth2/token"))
                    {
                        var scope = request.Query["scope"].ToString();
                        var grantType = request.Query["grant_type"].ToString();
                        bool checkLogin = SysLoginService.CheckLogin(scope, grantType, context.HttpContext.GetToken().Replace("Basic ", ""));
                        if(!checkLogin)
                        {
                            string msg = $"请求访问失败，无法访问系统资源";
                            context.Result = new JsonResult(ApiResult.Error(ResultCode.DENY, msg));
                        }
                    }
                }
            }
        }

        public string Decrypt(string str)
        {
            str = str.Trim('"');
            str = Encoding.UTF8.GetString(Convert.FromBase64String(str));
            return Dbconn.AesDecrypt(str, Base.GlobalConstant.ApiKey, Base.GlobalConstant.ApiIv);
        }

        public string GetParam(string content, string key)
        {
            if(content.StartsWith("?")) content = content.Substring(1);
            string[] data = content.Split('&');
            foreach(string sub in data)
            {
                if(sub.StartsWith(key + "="))
                {
                    return sub.Substring(sub.IndexOf("=") + 1);
                }
            }
            return "";
        }
    }
}