using System.Text;
using System.Web;
using Common;
using Extensions;
using Infrastructure;
using Infrastructure.Model;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Services;
//本命名空间暂时先不改,改动比较大2023年9月2日
namespace Filters
{
///
///
public class AuthorizationFilter : IAuthorizationFilter
{
private readonly ISysLoginService SysLoginService;
public AuthorizationFilter(ISysLoginService sysLoginService)
{
this.SysLoginService = sysLoginService;
}
///
///
///
public void OnAuthorization(AuthorizationFilterContext context)
{
var request = context.HttpContext.Request;
if(request.Path.Value.ToLower().Contains("v1/"))
{
string content = "";
if(context.HttpContext.Request.Method.ToLower() == "get")
{
content = context.HttpContext.GetQueryString();
content = content.Substring(content.IndexOf("=") + 1);
content = HttpUtility.UrlDecode(content);
content = Decrypt(content);
content = HttpUtility.UrlDecode(content);
if(!string.IsNullOrEmpty(content))
{
Dictionary dic = Newtonsoft.Json.JsonConvert.DeserializeObject>(content);
string queryString = "";
var parameters = context.ActionDescriptor.Parameters;
foreach(var parameter in parameters)
{
string parameterName = parameter.Name;
Type objectType = parameter.ParameterType;
if(objectType.FullName != "System.String")
{
System.Reflection.Assembly assembly = System.Reflection.Assembly.GetAssembly(objectType);
var entry = assembly.CreateInstance(objectType.FullName);
Type type = entry.GetType();
System.Reflection.PropertyInfo[] propertyInfos = type.GetProperties();
for (int i = 0; i < propertyInfos.Length; i++)
{
foreach (string key in dic.Keys)
{
if (propertyInfos[i].Name == key)
{
object value = dic[key];
string ParameterType = propertyInfos[i].GetMethod.ReturnParameter.ParameterType.Name;
if (ParameterType == "Int32")
{
if(value == null || value == "") value = "0";
value = Convert.ToInt32(value);
}
else if (ParameterType == "Int64[]")
{
value = Tools.SpitLongArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
}
else if (ParameterType == "Int32[]")
{
value = Tools.SpitIntArrary(Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"'), ',');
}
else if (ParameterType == "List`1")
{
string val = Newtonsoft.Json.JsonConvert.SerializeObject(value).Replace("[", "").Replace("]", "").Trim('"');
value = Tools.SpitLongArrary(val, ',').ToList();
}
else if(ParameterType == "Nullable`1" && value == null)
{
string fullName = Function.CheckNull(propertyInfos[i].GetMethod.ReturnParameter.ParameterType.FullName);
if(fullName.Contains("System.Int32"))
{
value = -99;
}
}
if(value.ToString() == "-1") value = -1;
if(value.ToString() == "[]") value = "";
queryString += key + "=" + value.ToString() + "&";
break;
}
}
}
}
}
request.QueryString = new QueryString("?" + queryString.TrimEnd('&'));
}
}
else if(context.HttpContext.Request.Method.ToLower() == "delete")
{
string path = request.Path.Value;
string value = path.Substring(path.LastIndexOf("/") + 1);
path = path.Substring(0, path.LastIndexOf("/") + 1);
value = Decrypt(value);
path += value;
request.Path = new PathString(path);
request.RouteValues["id"] = value;
}
else
{
content = context.HttpContext.GetBody();
content = Decrypt(content);
request.Body = new MemoryStream(Encoding.UTF8.GetBytes(content));
//验证登录接口
if(request.Path.Value.EndsWith("/oauth2/token"))
{
var scope = request.Query["scope"].ToString();
var grantType = request.Query["grant_type"].ToString();
bool checkLogin = SysLoginService.CheckLogin(scope, grantType, context.HttpContext.GetToken().Replace("Basic ", ""));
if(!checkLogin)
{
string msg = $"请求访问失败,无法访问系统资源";
context.Result = new JsonResult(ApiResult.Error(ResultCode.DENY, msg));
}
}
}
}
}
public string Decrypt(string str)
{
str = str.Trim('"');
str = Encoding.UTF8.GetString(Convert.FromBase64String(str));
return Dbconn.AesDecrypt(str, Base.GlobalConstant.ApiKey, Base.GlobalConstant.ApiIv);
}
}
}