JC26WMS.git - Gitblit

parent: 3f728687 | 补丁 | 提交 | show whitespace

hwh

2024-06-21 158a01ee5fa6903111790c52bfb778f93f797028

验签调整

2个文件已修改

	Wms/Utility/Filter/ApiSignatureVerificationAttribute.cs	51 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	Wms/Wms/Controllers/UpApiController.cs	52 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 Wms/Utility/Filter/ApiSignatureVerificationAttribute.cs

@@ -1,5 +1,7 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json.Linq;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Linq;
@@ -28,9 +30,10 @@
            var request = context.HttpContext.Request;

            // 获取请求中的时间戳和签名
            //var timestamp = request.Headers["Timestamp"].FirstOrDefault();
            var timestamp = "1718873584";
            var signature = "1718873584";
            var timestamp = request.Headers["Timestamp"].FirstOrDefault();
            var signature = request.Headers["Signature"].FirstOrDefault();
            //var timestamp = "1718873584";
            //var signature = "1718873584";

            if (string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(signature))
            {
@@ -49,13 +52,32 @@
            string jsonParams;
            using (var reader = new System.IO.StreamReader(request.Body, Encoding.UTF8, true, 1024, true))
            {
                char[] buffer = new char[500];
                int bytesRead = await reader.ReadAsync(buffer, 0, buffer.Length);
                jsonParams = new string(buffer, 0, bytesRead);
                // 将请求体流位置重置到起始位置
                request.Body.Seek(0, System.IO.SeekOrigin.Begin);
                jsonParams = await reader.ReadToEndAsync();
            }

            // 反序列化 JSON 参数为 JObject
            JObject jObject = null;
            try
            {
                jObject = JObject.Parse(jsonParams);
            }
            catch (JsonReaderException)
            {
                // JSON 格式错误，返回未经授权
                context.Result = new UnauthorizedResult();
                return;
            }
            // 过滤掉数组类型的属性
            var filteredProperties = jObject.Properties()
                .Where(p => p.Value.Type != JTokenType.Array)
                .ToDictionary(p => p.Name, p => p.Value.ToString());
            filteredProperties.Add("timestamp", timestamp);
            filteredProperties.Add("appKey", appKey);

            // 构建待签名字符串
            var signatureBaseString = appKey + jsonParams + timestamp;
            var signatureBaseString = string.Join("&", filteredProperties.OrderBy(p => p.Key).Select(p => p.Key + "=" + p.Value));

            // 计算 MD5 值
            var computedSignature = Md5Tools.CalcMd5(Encoding.UTF8.GetBytes(signatureBaseString));
@@ -88,21 +110,6 @@
            }
            return false;

            //try
            //{
            //    var requestDateTime = DateTimeOffset.FromUnixTimeSeconds(long.Parse(timestamp));
            //    var currentDateTime = DateTimeOffset.UtcNow;

            //    // 计算时间差
            //    var timeDifference = currentDateTime - requestDateTime;

            //    // 比较时间差是否在允许的范围内
            //    return timeDifference.TotalMinutes <= Minutes;
            //}
            //catch (Exception)
            //{
            //    return false;
            //}
        }
    }
    public class SignConfig

 Wms/Wms/Controllers/UpApiController.cs

@@ -15,6 +15,11 @@
using WMS.DAL;
using Microsoft.AspNetCore.Authorization;
using Utility;
using System.Collections.Generic;
using System.Reflection.Emit;
using System.Linq;
using System.Text;
using Newtonsoft.Json.Linq;

namespace Wms.Controllers
{
@@ -464,24 +469,45 @@
        }

        [HttpGet]
        public IActionResult Demo3()
        [ServiceFilter(typeof(ApiResponseActionFilter))]
        public string Demo3()
        {
            var result = new ErpModel { Success = -1, Message = "" };
            try
            {
                var time = DateTimeOffset.Now.ToUnixTimeSeconds();
                result = new ErpModel { Success = 0, Message = time.ToString() };
            string jsonParams = "{\"param1\": \"value1\", \"param2\": \"value2\"}";

                return Ok(result);
            }
            catch (Exception e)
            {
                result.Message = e.Message;
                return Ok(result);
            }
            // 生成时间戳（Unix 时间戳）
            var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();

            // 生成签名
            var signature = GenerateSignature(jsonParams);

            // 输出签名
            Console.WriteLine("Generated Signature: " + signature);
            return signature;
        }

        private static string GenerateSignature(string jsonParams)
        {
            var appKey = "90170307d4184844ac2a26b431f79980";
            // 将 JSON 字符串转换为 JObject
            JObject jObject = JObject.Parse(jsonParams);

            // 过滤掉数组类型的属性
            var filteredProperties = jObject.Properties()
                .Where(p => p.Value.Type != JTokenType.Array)
                .ToDictionary(p => p.Name, p => p.Value.ToString());

            // 添加时间戳（Unix 时间戳）
            var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
            filteredProperties.Add("timestamp", timestamp);
            filteredProperties.Add("appKey", appKey);

            // 构建待签名字符串
            var signatureBaseString = string.Join("&", filteredProperties.OrderBy(p => p.Key).Select(p => p.Key + "=" + p.Value));

            // 计算 MD5 值
            var computedSignature = Md5Tools.CalcMd5(signatureBaseString);
            return computedSignature;
        }
        #endregion
    }
}

			@@ -1,5 +1,7 @@
			using Microsoft.AspNetCore.Mvc;
			using Microsoft.AspNetCore.Mvc.Filters;
			using Newtonsoft.Json.Linq;
			using Newtonsoft.Json;
			using System;
			using System.Collections.Generic;
			using System.Linq;
			@@ -28,9 +30,10 @@
			var request = context.HttpContext.Request;

			// 获取请求中的时间戳和签名
			//var timestamp = request.Headers["Timestamp"].FirstOrDefault();
			var timestamp = "1718873584";
			var signature = "1718873584";
			var timestamp = request.Headers["Timestamp"].FirstOrDefault();
			var signature = request.Headers["Signature"].FirstOrDefault();
			//var timestamp = "1718873584";
			//var signature = "1718873584";

			if (string.IsNullOrEmpty(timestamp) \|\| string.IsNullOrEmpty(signature))
			{
			@@ -49,13 +52,32 @@
			string jsonParams;
			using (var reader = new System.IO.StreamReader(request.Body, Encoding.UTF8, true, 1024, true))
			{
			char[] buffer = new char[500];
			int bytesRead = await reader.ReadAsync(buffer, 0, buffer.Length);
			jsonParams = new string(buffer, 0, bytesRead);
			// 将请求体流位置重置到起始位置
			request.Body.Seek(0, System.IO.SeekOrigin.Begin);
			jsonParams = await reader.ReadToEndAsync();
			}

			// 反序列化 JSON 参数为 JObject
			JObject jObject = null;
			try
			{
			jObject = JObject.Parse(jsonParams);
			}
			catch (JsonReaderException)
			{
			// JSON 格式错误，返回未经授权
			context.Result = new UnauthorizedResult();
			return;
			}
			// 过滤掉数组类型的属性
			var filteredProperties = jObject.Properties()
			.Where(p => p.Value.Type != JTokenType.Array)
			.ToDictionary(p => p.Name, p => p.Value.ToString());
			filteredProperties.Add("timestamp", timestamp);
			filteredProperties.Add("appKey", appKey);

			// 构建待签名字符串
			var signatureBaseString = appKey + jsonParams + timestamp;
			var signatureBaseString = string.Join("&", filteredProperties.OrderBy(p => p.Key).Select(p => p.Key + "=" + p.Value));

			// 计算 MD5 值
			var computedSignature = Md5Tools.CalcMd5(Encoding.UTF8.GetBytes(signatureBaseString));
			@@ -88,21 +110,6 @@
			}
			return false;

			//try
			//{
			// var requestDateTime = DateTimeOffset.FromUnixTimeSeconds(long.Parse(timestamp));
			// var currentDateTime = DateTimeOffset.UtcNow;

			// // 计算时间差
			// var timeDifference = currentDateTime - requestDateTime;

			// // 比较时间差是否在允许的范围内
			// return timeDifference.TotalMinutes <= Minutes;
			//}
			//catch (Exception)
			//{
			// return false;
			//}
			}
			}
			public class SignConfig

			@@ -15,6 +15,11 @@
			using WMS.DAL;
			using Microsoft.AspNetCore.Authorization;
			using Utility;
			using System.Collections.Generic;
			using System.Reflection.Emit;
			using System.Linq;
			using System.Text;
			using Newtonsoft.Json.Linq;

			namespace Wms.Controllers
			{
			@@ -464,24 +469,45 @@
			}

			[HttpGet]
			public IActionResult Demo3()
			[ServiceFilter(typeof(ApiResponseActionFilter))]
			public string Demo3()
			{
			var result = new ErpModel { Success = -1, Message = "" };
			try
			{
			var time = DateTimeOffset.Now.ToUnixTimeSeconds();
			result = new ErpModel { Success = 0, Message = time.ToString() };
			string jsonParams = "{\"param1\": \"value1\", \"param2\": \"value2\"}";

			return Ok(result);
			}
			catch (Exception e)
			{
			result.Message = e.Message;
			return Ok(result);
			}
			// 生成时间戳（Unix 时间戳）
			var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();

			// 生成签名
			var signature = GenerateSignature(jsonParams);

			// 输出签名
			Console.WriteLine("Generated Signature: " + signature);
			return signature;
			}

			private static string GenerateSignature(string jsonParams)
			{
			var appKey = "90170307d4184844ac2a26b431f79980";
			// 将 JSON 字符串转换为 JObject
			JObject jObject = JObject.Parse(jsonParams);

			// 过滤掉数组类型的属性
			var filteredProperties = jObject.Properties()
			.Where(p => p.Value.Type != JTokenType.Array)
			.ToDictionary(p => p.Name, p => p.Value.ToString());

			// 添加时间戳（Unix 时间戳）
			var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
			filteredProperties.Add("timestamp", timestamp);
			filteredProperties.Add("appKey", appKey);

			// 构建待签名字符串
			var signatureBaseString = string.Join("&", filteredProperties.OrderBy(p => p.Key).Select(p => p.Key + "=" + p.Value));

			// 计算 MD5 值
			var computedSignature = Md5Tools.CalcMd5(signatureBaseString);
			return computedSignature;
			}
			#endregion
			}
			}