MES-WEB-API.git

parent: c9abc7da | 补丁 | 提交 | ignore whitespace

llj

2 天以前 1155851fe7896727ca3bf835a52589505aa946c6

接口签名

4个文件已修改

2个文件已添加

	WebAPI/App_Start/WebApiConfig.cs	8 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/项目管理/工作任务/PM_WorkTaskBillController.cs	3 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Global.asax.cs	2 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Service/RequireSignatureAttribute.cs	12 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Service/SignatureVerifyAttribute.cs	112 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/WebAPI.csproj	2 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 WebAPI/App_Start/WebApiConfig.cs

@@ -1,10 +1,11 @@
ï»¿using System;
ï»¿using project.Filter;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Web.Http.Cors;
using WebAPI.Dapper;

using WebAPI.Service;
namespace WebAPI
{
    public static class WebApiConfig
@@ -29,7 +30,8 @@
                routeTemplate: "actionapi/{controller}/{action}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );

            //æ³¨åç¾å
            config.Filters.Add(new SignatureVerifyAttribute());
            //// å¨å±å¯ç¨ JWT è®¤è¯
            //config.Filters.Add(new JwtAuthorizeAttribute());


 WebAPI/Controllers/ÏîÄ¿¹ÜÀí/¹¤×÷ÈÎÎñ/PM_WorkTaskBillController.cs

@@ -14,6 +14,7 @@
using DLL;
using SyntacticSugar.constant;
using System.IO;
using WebAPI.Service;

namespace WebAPI.Controllers.é¡¹ç®ç®¡ç.å·¥ä½ä»»å¡
{
@@ -398,6 +399,7 @@
        /// </summary>
        [Route("PM_WorkTaskBill/list")]
        [HttpGet]

        public object getWorkTaskBill(string sWhere, string user)
        {
            try
@@ -453,6 +455,7 @@
        #region å·¥ä½ä»»å¡åè¡¨åé¡µåè¡¨
        [Route("PM_WorkTaskBill/page")]
        [HttpGet]
        [RequireSignature]
        public object PM_WorkTaskBillPage(string sWhere, string user, int page, int size)
        {
            DataSet ds;

 WebAPI/Global.asax.cs

@@ -3,6 +3,7 @@
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Routing;
using WebApiWithFleck;
namespace WebAPI
@@ -13,6 +14,7 @@
        {

            GlobalConfiguration.Configure(WebApiConfig.Register);
           // FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        }
    }
}

 WebAPI/Service/RequireSignatureAttribute.cs

New file
@@ -0,0 +1,12 @@
ï»¿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace WebAPI.Service
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
    public class RequireSignatureAttribute : Attribute
    {
    }
}

 WebAPI/Service/SignatureVerifyAttribute.cs

New file
@@ -0,0 +1,112 @@
ï»¿using System;
using System.Linq;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using WebAPI.Service;

namespace project.Filter
{
    public class SignatureVerifyAttribute : AuthorizationFilterAttribute
    {
        private const string SecretKey = "MES_2026_SecretKey_XYZ!@#";

        public override async System.Threading.Tasks.Task OnAuthorizationAsync(
            HttpActionContext actionContext,
            System.Threading.CancellationToken cancellationToken)
        {
            var hasAttr = actionContext.ActionDescriptor.GetCustomAttributes<RequireSignatureAttribute>(true).Any()
                       || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<RequireSignatureAttribute>(true).Any();

            if (!hasAttr)
            {
                return; 
            }

            var headers = actionContext.Request.Headers;
            string timestamp = null, nonce = null, clientSign = null;

            if (headers.Contains("X-Timestamp"))
                timestamp = headers.GetValues("X-Timestamp").FirstOrDefault();
            if (headers.Contains("X-Nonce"))
                nonce = headers.GetValues("X-Nonce").FirstOrDefault();
            if (headers.Contains("X-Sign"))
                clientSign = headers.GetValues("X-Sign").FirstOrDefault();

            if (string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(nonce) || string.IsNullOrEmpty(clientSign))
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
                    new { success = false, msg = "ç¼ºå°ç¾ååæ°ï¼X-Timestamp/X-Nonce/X-Signï¼" });
                return;
            }


            double ts;
            if (!double.TryParse(timestamp, out ts))
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
                    new { success = false, msg = "æ¶é´æ³æ ¼å¼éè¯¯" });
                return;
            }
            var currentTs = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
            var diff = Math.Abs(currentTs - ts);

            if (diff > 300) // 300ç§ = 5åé
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
                    new { success = false, msg = "è¯·æ±å·²è¿æ" });
                return;
            }

            string rawData = "";

            if (actionContext.Request.Method == HttpMethod.Get)
            {
                var query = actionContext.Request.RequestUri.Query;
                if (!string.IsNullOrEmpty(query) && query.StartsWith("?"))
                {
                    rawData = query.Substring(1); 
                }
            }
            else
            {
                var bodyBytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
                rawData = Encoding.UTF8.GetString(bodyBytes);

                actionContext.Request.Content = new ByteArrayContent(bodyBytes);
                if (actionContext.Request.Content.Headers.ContentType != null)
                {
                    actionContext.Request.Content.Headers.ContentType =
                        new System.Net.Http.Headers.MediaTypeHeaderValue(
                            actionContext.Request.Content.Headers.ContentType.MediaType);
                }
            }
            var signStr = rawData + "&timestamp=" + timestamp + "&nonce=" + nonce + "&key=" + SecretKey;

            var serverSign = ComputeHmacSha256(signStr, SecretKey);


            if (serverSign != clientSign.ToUpper())
            {
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized,
                    new { success = false, msg = "ç¾åéªè¯å¤±è´¥" });
                return;
            }
        }

        private string ComputeHmacSha256(string data, string key)
        {
            var keyBytes = Encoding.UTF8.GetBytes(key);
            var dataBytes = Encoding.UTF8.GetBytes(data);

            using (var hmac = new HMACSHA256(keyBytes))
            {
                var hashBytes = hmac.ComputeHash(dataBytes);
                return BitConverter.ToString(hashBytes).Replace("-", "").ToUpper();
            }
        }
    }
}

 WebAPI/WebAPI.csproj

@@ -1247,6 +1247,8 @@
    <Compile Include="Service\JwtAuthorizeAttribute.cs" />
    <Compile Include="Service\LuBaoSevice.cs" />
    <Compile Include="Service\ProcessDal.cs" />
    <Compile Include="Service\RequireSignatureAttribute.cs" />
    <Compile Include="Service\SignatureVerifyAttribute.cs" />
    <Compile Include="Service\YqnDal.cs" />
    <Compile Include="Service\YqnQbService.cs" />
    <Compile Include="Utility\Barcode.ashx.cs">

			@@ -1,10 +1,11 @@
			ï»¿using System;
			ï»¿using project.Filter;
			using System;
			using System.Collections.Generic;
			using System.Linq;
			using System.Web.Http;
			using System.Web.Http.Cors;
			using WebAPI.Dapper;

			using WebAPI.Service;
			namespace WebAPI
			{
			public static class WebApiConfig
			@@ -29,7 +30,8 @@
			routeTemplate: "actionapi/{controller}/{action}/{id}",
			defaults: new { id = RouteParameter.Optional }
			);

			//æ³¨åç¾å
			config.Filters.Add(new SignatureVerifyAttribute());
			//// å¨å±å¯ç¨ JWT è®¤è¯
			//config.Filters.Add(new JwtAuthorizeAttribute());

			@@ -14,6 +14,7 @@
			using DLL;
			using SyntacticSugar.constant;
			using System.IO;
			using WebAPI.Service;

			namespace WebAPI.Controllers.é¡¹ç®ç®¡ç.å·¥ä½ä»»å¡
			{
			@@ -398,6 +399,7 @@
			/// </summary>
			[Route("PM_WorkTaskBill/list")]
			[HttpGet]

			public object getWorkTaskBill(string sWhere, string user)
			{
			try
			@@ -453,6 +455,7 @@
			#region å·¥ä½ä»»å¡åè¡¨åé¡µåè¡¨
			[Route("PM_WorkTaskBill/page")]
			[HttpGet]
			[RequireSignature]
			public object PM_WorkTaskBillPage(string sWhere, string user, int page, int size)
			{
			DataSet ds;

			@@ -3,6 +3,7 @@
			using System.Linq;
			using System.Web;
			using System.Web.Http;
			using System.Web.Mvc;
			using System.Web.Routing;
			using WebApiWithFleck;
			namespace WebAPI
			@@ -13,6 +14,7 @@
			{

			GlobalConfiguration.Configure(WebApiConfig.Register);
			// FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
			}
			}
			}

New file
			@@ -0,0 +1,12 @@
			ï»¿using System;
			using System.Collections.Generic;
			using System.Linq;
			using System.Web;

			namespace WebAPI.Service
			{
			[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method, AllowMultiple = false)]
			public class RequireSignatureAttribute : Attribute
			{
			}
			}

New file
			@@ -0,0 +1,112 @@
			ï»¿using System;
			using System.Linq;
			using System.Net.Http;
			using System.Security.Cryptography;
			using System.Text;
			using System.Web.Http;
			using System.Web.Http.Controllers;
			using System.Web.Http.Filters;
			using WebAPI.Service;

			namespace project.Filter
			{
			public class SignatureVerifyAttribute : AuthorizationFilterAttribute
			{
			private const string SecretKey = "MES_2026_SecretKey_XYZ!@#";

			public override async System.Threading.Tasks.Task OnAuthorizationAsync(
			HttpActionContext actionContext,
			System.Threading.CancellationToken cancellationToken)
			{
			var hasAttr = actionContext.ActionDescriptor.GetCustomAttributes<RequireSignatureAttribute>(true).Any()
			\|\| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<RequireSignatureAttribute>(true).Any();

			if (!hasAttr)
			{
			return;
			}

			var headers = actionContext.Request.Headers;
			string timestamp = null, nonce = null, clientSign = null;

			if (headers.Contains("X-Timestamp"))
			timestamp = headers.GetValues("X-Timestamp").FirstOrDefault();
			if (headers.Contains("X-Nonce"))
			nonce = headers.GetValues("X-Nonce").FirstOrDefault();
			if (headers.Contains("X-Sign"))
			clientSign = headers.GetValues("X-Sign").FirstOrDefault();

			if (string.IsNullOrEmpty(timestamp) \|\| string.IsNullOrEmpty(nonce) \|\| string.IsNullOrEmpty(clientSign))
			{
			actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
			new { success = false, msg = "ç¼ºå°ç¾ååæ°ï¼X-Timestamp/X-Nonce/X-Signï¼" });
			return;
			}


			double ts;
			if (!double.TryParse(timestamp, out ts))
			{
			actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
			new { success = false, msg = "æ¶é´æ³æ ¼å¼éè¯¯" });
			return;
			}
			var currentTs = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
			var diff = Math.Abs(currentTs - ts);

			if (diff > 300) // 300ç§ = 5åé
			{
			actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest,
			new { success = false, msg = "è¯·æ±å·²è¿æ" });
			return;
			}

			string rawData = "";

			if (actionContext.Request.Method == HttpMethod.Get)
			{
			var query = actionContext.Request.RequestUri.Query;
			if (!string.IsNullOrEmpty(query) && query.StartsWith("?"))
			{
			rawData = query.Substring(1);
			}
			}
			else
			{
			var bodyBytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
			rawData = Encoding.UTF8.GetString(bodyBytes);

			actionContext.Request.Content = new ByteArrayContent(bodyBytes);
			if (actionContext.Request.Content.Headers.ContentType != null)
			{
			actionContext.Request.Content.Headers.ContentType =
			new System.Net.Http.Headers.MediaTypeHeaderValue(
			actionContext.Request.Content.Headers.ContentType.MediaType);
			}
			}
			var signStr = rawData + "&timestamp=" + timestamp + "&nonce=" + nonce + "&key=" + SecretKey;

			var serverSign = ComputeHmacSha256(signStr, SecretKey);


			if (serverSign != clientSign.ToUpper())
			{
			actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.Unauthorized,
			new { success = false, msg = "ç¾åéªè¯å¤±è´¥" });
			return;
			}
			}

			private string ComputeHmacSha256(string data, string key)
			{
			var keyBytes = Encoding.UTF8.GetBytes(key);
			var dataBytes = Encoding.UTF8.GetBytes(data);

			using (var hmac = new HMACSHA256(keyBytes))
			{
			var hashBytes = hmac.ComputeHash(dataBytes);
			return BitConverter.ToString(hashBytes).Replace("-", "").ToUpper();
			}
			}
			}
			}

			@@ -1247,6 +1247,8 @@
			<Compile Include="Service\JwtAuthorizeAttribute.cs" />
			<Compile Include="Service\LuBaoSevice.cs" />
			<Compile Include="Service\ProcessDal.cs" />
			<Compile Include="Service\RequireSignatureAttribute.cs" />
			<Compile Include="Service\SignatureVerifyAttribute.cs" />
			<Compile Include="Service\YqnDal.cs" />
			<Compile Include="Service\YqnQbService.cs" />
			<Compile Include="Utility\Barcode.ashx.cs">