1

wtt

9 小时以前 2f53ca83fa03c317fb5db3f6ffdadbafbd78dda6

 WebAPI/Service/SignatureVerifyAttribute.cs

@@ -6,6 +6,7 @@
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using WebAPI;
using WebAPI.Service;

namespace project.Filter
@@ -53,7 +54,6 @@
            }
            var currentTs = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
            var diff = Math.Abs(currentTs - ts);

            if (diff > 300) // 300秒 = 5分钟
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
@@ -69,26 +69,43 @@
                if (!string.IsNullOrEmpty(query) && query.StartsWith("?"))
                {
                    rawData = query.Substring(1); 

                }
            }
            else
            {

                var originalContentType = actionContext.Request.Content.Headers.ContentType;


                var bodyBytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
                rawData = Encoding.UTF8.GetString(bodyBytes);


                actionContext.Request.Content = new ByteArrayContent(bodyBytes);
                if (actionContext.Request.Content.Headers.ContentType != null)
                if (originalContentType != null)
                {
                    actionContext.Request.Content.Headers.ContentType =
                        new System.Net.Http.Headers.MediaTypeHeaderValue(
                            actionContext.Request.Content.Headers.ContentType.MediaType);
                    actionContext.Request.Content.Headers.ContentType = originalContentType;
                }
            }
            var signStr = rawData + "&timestamp=" + timestamp + "&nonce=" + nonce + "&key=" + SecretKey;
            //else
            //{
            //    var bodyBytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
            //    rawData = Encoding.UTF8.GetString(bodyBytes);

            //    actionContext.Request.Content = new ByteArrayContent(bodyBytes);
            //    if (actionContext.Request.Content.Headers.ContentType != null)
            //    {
            //        actionContext.Request.Content.Headers.ContentType =
            //            new System.Net.Http.Headers.MediaTypeHeaderValue(
            //                actionContext.Request.Content.Headers.ContentType.MediaType);
            //    }
            //}
            rawData = rawData.Replace("'", "%27");
            var signStr = rawData + "&timestamp=" + timestamp + "&nonce=" + nonce + "&key=" + SecretKey;
            var serverSign = ComputeHmacSha256(signStr, SecretKey);


            
            if (serverSign != clientSign.ToUpper())
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized,