using Coldairarrow.Business.Base_Manage; using Coldairarrow.Util; using
Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.Filters; using
Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.
DependencyInjection; using Microsoft.Extensions.Logging; using System; using
System.Threading.Tasks; namespace Core.Api { /* ==== 签名校验 ====
为保证接口安全,每次请求必带以下header | header名 | 类型 | 描述 | | appId | string | 应用Id | | time |
string | 当前时间,格式为:2020-06-29 23:00:00 | | guid | string |
GUID字符串,作为请求唯一标志,防止重复请求 | | sign| string | 签名,签名算法如下 | 签名算法示例: 令: appId=xxx
appSecret=xxx time=2017-01-01 23:00:00
guid=d0595245-60db-495d-9c0e-fea931b8d69a 请求的body={"aaa":"aaa"} 1:
依次拼接appId+time+guid+body+appSecret得到xxx2017-01-01
23:00:00d0595245-60db-495d-9c0e-fea931b8d69a{"aaa":"aaa"}xxx 2:
将上面拼接字符串进行MD5(32位)即可得到签名 sign=MD5(xxx2017-01-01
23:00:00d0595245-60db-495d-9c0e-fea931b8d69a{"aaa":"aaa"}xxx)
=4e30f1eca521485c208f642a7d927ff0 3: 在header中携带上述的appId、time、guid、sign即可 */ ///
<summary> /// 校验签名、十分严格 /// 防抵赖、防伪造、防重复调用 /// </summary> public class
CheckSignAttribute : BaseActionFilterAsync { /// <summary> /// Action执行之前执行 ///
</summary> /// <param name="filterContext"></param> public async override Task
OnActionExecuting(ActionExecutingContext filterContext) { //判断是否需要签名 if (
filterContext.ContainsFilter<IgnoreSignAttribute>()) return; var request =
filterContext.HttpContext.Request; IServiceProvider serviceProvider =
filterContext.HttpContext.RequestServices; IBase_AppSecretBusiness appSecretBus
= serviceProvider.GetService<IBase_AppSecretBusiness>(); ILogger logger =
serviceProvider.GetService<ILogger<CheckSignAttribute>>(); var cache =
serviceProvider.GetService<IDistributedCache>(); string appId = request.Headers[
"appId"].ToString(); if (appId.IsNullOrEmpty()) { ReturnError("缺少header:appId");
return; } string time = request.Headers["time"].ToString(); if (time.
IsNullOrEmpty()) { ReturnError("缺少header:time"); return; } if (time.ToDateTime()
< DateTime.Now.AddMinutes(-5) || time.ToDateTime() > DateTime.Now.AddMinutes(5))
{ ReturnError("time过期"); return; } string guid = request.Headers["guid"].
ToString(); if (guid.IsNullOrEmpty()) { ReturnError("缺少header:guid"); return; }
string guidKey = $"ApiGuid_{guid}"; if (cache.GetString(guidKey).IsNullOrEmpty()
) cache.SetString(guidKey, "1", new DistributedCacheEntryOptions {
AbsoluteExpirationRelativeToNow= TimeSpan.FromMinutes(10) }); else { ReturnError
("禁止重复调用!"); return; } request.EnableBuffering(); string body = await request.
Body.ReadToStringAsync(); string sign = request.Headers["sign"].ToString(); if (
sign.IsNullOrEmpty()) { ReturnError("缺少header:sign"); return; } string appSecret
= await appSecretBus.GetAppSecretAsync(appId); if (appSecret.IsNullOrEmpty()) {
ReturnError("header:appId无效"); return; } string newSign = HttpHelper.
BuildApiSign(appId, appSecret, guid, time.ToDateTime(), body); if (sign !=
newSign) { string log = $@"sign签名错误! headers:{request.Headers.ToJson()}
body:{body} 正确sign:{newSign} "; logger.LogWarning(log); ReturnError(
"header:sign签名错误"); return; } void ReturnError(string msg) { filterContext.
Result= Error(msg); } } } } namespace Core.Api { /// <summary> /// 忽略接口签名校验 ///
</summary> public class IgnoreSignAttribute : BaseActionFilterAsync { } }

技术
©2019-2020 Toolsou All rights reserved,
微软与 OpenAI 达成合作,获得 GPT-3 独家使用授权!(精华)2020年7月12日 webpack 常见插件的使用央视:Tiktok打官司表明了维权的态度和决心关于Bellman-Ford算法的个人理解最优化方法总结:公式解、数值优化、求解思想python 中的短路逻辑TypeScript-多态篇git拉取远程分支并切换到该分支vs2017,创建C++Win32窗体应用程序python读取、写入txt文本内容