gwbvipvip před 8 měsíci
rodič
revize
ddfafc9a5a
9 změnil soubory, kde provedl 164 přidání a 59 odebrání
  1. +67
    -3
      BPA.SAAS.Manage.Application/AExternalPlatform/BaseDto/DtoValidator.cs
  2. +2
    -2
      BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/CheckServices.cs
  3. +7
    -43
      BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/CheckServices.cs
  4. +1
    -1
      BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/ICheckServices.cs
  5. +4
    -9
      BPA.SAAS.Manage.Application/AExternalPlatform/Service/Material/Services/MaterialService.cs
  6. +3
    -1
      BPA.SAAS.Manage.Core/DbContext.cs
  7. +1
    -0
      BPA.SAAS.Manage.Core/SqlSugarDb.cs
  8. +78
    -0
      BPA.SAAS.Manage.Web.Core/Handlers/RequestAuditFiltercs.cs
  9. +1
    -0
      BPA.SAAS.Manage.Web.Core/Startup.cs

+ 67
- 3
BPA.SAAS.Manage.Application/AExternalPlatform/BaseDto/DtoValidator.cs Zobrazit soubor

@@ -5,6 +5,7 @@ using BPA.SAAS.Manage.Core.DataBase;
using BPA.SAAS.Manage.Core.Org;
using Furion.JsonSerialization;
using Newtonsoft.Json;
using NPOI.SS.Formula.Functions;
using NPOI.Util.ArrayExtensions;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
@@ -19,9 +20,8 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
/// <summary>
/// Dto参数验证
/// </summary>
public static class DtoValidator
public static class DtoValidator
{

/// <summary>
/// 获取签名
@@ -51,7 +51,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
{
retstr = retstr + p.Name + "=" + p.GetValue(t, null) + "&";
}
}
});
//把字符串最后一位截断
@@ -59,5 +59,69 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
//输出字符串
return retstr;
}

/// <summary>
/// 获取签名
/// </summary>
/// <param name="t"></param>
/// <returns></returns>
public static string GetSign(object t)
{
string retstr = "";
//定义PropertyInfo的List
List<PropertyInfo> proplist = new List<PropertyInfo>();
//遍历泛型类的每个属性加入到List里面
Array.ForEach<PropertyInfo>(t.GetType().GetProperties(),
p => proplist.Add(p));
//根据参数进行排序 0-不排序 1-按名称ASCII码排序
proplist = proplist.OrderBy(k => k.Name).ToList();

//遍历List泛型生成我们要签名的字符串
proplist.ForEach(p =>
{
if (p.Name.ToLower() != "sign".ToLower())
{
if (p.GetValue(t, null) != null && p.GetValue(t, null).ToString() != "")
{
retstr = retstr + p.Name + "=" + p.GetValue(t, null) + "&";
}

}
});
//把字符串最后一位截断
retstr = retstr.Substring(0, retstr.Length - 1);
//输出字符串
return retstr;
}

/// <summary>
/// 获取属性值
/// </summary>
/// <param name="obj"></param>
/// <param name="name"></param>
/// <returns></returns>
public static string GetAttributePrice(object obj,string name)
{
string retstr = "";
//定义PropertyInfo的List
List<PropertyInfo> proplist = new List<PropertyInfo>();
//遍历泛型类的每个属性加入到List里面
Array.ForEach<PropertyInfo>(obj.GetType().GetProperties(),
p => proplist.Add(p));
//根据参数进行排序 0-不排序 1-按名称ASCII码排序
proplist = proplist.OrderBy(k => k.Name).ToList();

//遍历List泛型生成我们要签名的字符串
proplist.ForEach(p =>
{
if (p.Name.ToLower() != name.ToLower())
{
retstr= p.GetValue(obj, null)?.ToString();
}
});
//输出字符串
return retstr;
}
}
}

+ 2
- 2
BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/CheckServices.cs Zobrazit soubor

@@ -28,9 +28,9 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService
/// <summary>
///检查Sign
/// </summary>
public async Task CheckSign<T>(T dto)
public async Task CheckSign(string key, string signStr, string signMd5)
{
await _checkServices.CheckSign(dto);
await _checkServices.CheckSign( key, signStr, signMd5);
}




+ 7
- 43
BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/CheckServices.cs Zobrazit soubor

@@ -20,24 +20,17 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
/// <summary>
///检查Sign
/// </summary>
public async Task CheckSign<T>(T dto)
public async Task CheckSign(string key,string signStr,string signMd5)
{

var key = GetModelValue(dto, "Key");
var sign = GetModelValue(dto, "Sign");
var timestamp = GetModelValue(dto, "TimeStamp");


//检查租户
await CheckTenant(CurrentUser.GroupId);

//检查key
await CheckKey(key);

var thisSign = DtoValidator.GetSign(dto)+"&"+ key;
var thisSign = signStr + "&" + key;


if (MD5Encryption.Encrypt(thisSign).ToUpper() != sign.ToUpper())
if (MD5Encryption.Encrypt(thisSign).ToUpper() != signMd5.ToUpper())
{
throw Oops.Oh(ErrorCodeEnum.Code1005);
}
@@ -45,44 +38,15 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser



/// <summary>
/// 获取模型值
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="t"></param>
/// <returns></returns>
public string GetModelValue<T>(T t, string name)
{
string retstr = "";
//定义PropertyInfo的List
List<PropertyInfo> proplist = new List<PropertyInfo>();
//遍历泛型类的每个属性加入到List里面
Array.ForEach<PropertyInfo>(typeof(T).GetProperties(),
p => proplist.Add(p));

foreach (PropertyInfo prop in proplist)
{
if (prop.Name.ToLower() == name.ToLower())
{
var data = prop.GetValue(t, null);
if (data != null)
{
return data.ToString();
}
}
}

return "";
}

/// <summary>
/// 检查平key验证
/// </summary>
/// <param name="key"></param>
public async Task CheckKey(string key)
private async Task CheckKey(string key)
{
var data = await SqlSugarDb.Db.Queryable<BPA_PlatformAuthorization>()
.FirstAsync(x => x.Key == key);
await CheckTenant(data.GroupId);
if (data == null)
{
throw Oops.Oh(ErrorCodeEnum.Code1004);
@@ -95,7 +59,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public async Task CheckTenant(string tenantId)
private async Task CheckTenant(string tenantId)
{
var data = await SqlSugarDb.Db.Queryable<BPA_Company>().FirstAsync(x => x.Id == tenantId);



+ 1
- 1
BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/ICheckServices.cs Zobrazit soubor

@@ -17,6 +17,6 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
/// <summary>
///检查Sign
/// </summary>
Task CheckSign<T>(T dto);
Task CheckSign(string key, string signStr, string signMd5);
}
}

+ 4
- 9
BPA.SAAS.Manage.Application/AExternalPlatform/Service/Material/Services/MaterialService.cs Zobrazit soubor

@@ -27,8 +27,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
/// <returns></returns>
public async Task<PageUtil<List<MaterialDto>>> GetMaterialPageList(MaterialPageInputDto inputDto)
{
//验签
await _checkServices.CheckSign(inputDto);

int total = new RefAsync<int>();
var data = SqlSugarDb.Db.Queryable<BPA_Batching, BPA_BatchingType, BPA_BatchingUint>((a, b, c) =>
@@ -66,9 +65,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service

try
{
//验签
await _checkServices.CheckSign(inputDto);

SqlSugarDb.Db.Ado.BeginTran();
//1.物料单位查询
var typeData = await SqlSugarDb.Db.Queryable<BPA_BatchingType>().FirstAsync(x => x.Name == inputDto.TypeName);
@@ -143,8 +140,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
/// <returns></returns>
public async Task<bool> DelMaterial(DelMaterialDto inputDto)
{
//验签
await _checkServices.CheckSign(inputDto);

var materialData = await SqlSugarDb.Db.Queryable<BPA_Batching>().FirstAsync(x => x.Id == inputDto.MaterialId);
if (materialData == null)
@@ -164,8 +160,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
{
try
{
//验签
await _checkServices.CheckSign(inputDto);

SqlSugarDb.Db.Ado.BeginTran();
//1.物料单位查询


+ 3
- 1
BPA.SAAS.Manage.Core/DbContext.cs Zobrazit soubor

@@ -1,4 +1,5 @@
using BPA.SAAS.Manage.Comm.Const;
using BPA.KitChen.GroupMeal.SqlSugar;
using BPA.SAAS.Manage.Comm.Const;
using BPA.SAAS.Manage.Core.Base;
using Furion;
using Microsoft.Extensions.Configuration;
@@ -32,6 +33,7 @@ namespace BPA.SAAS.Manage.Core
ConfigId = "default",
};

SqlSugarDb.SqlSugarScope(configConnection);
SqlSugarScope sqlSugar = new SqlSugarScope(configConnection,
db =>
{


+ 1
- 0
BPA.SAAS.Manage.Core/SqlSugarDb.cs Zobrazit soubor

@@ -51,6 +51,7 @@ namespace BPA.KitChen.GroupMeal.SqlSugar

//添加默认值
DataExecuting(db);
db.QueryFilter.AddTableFilter<IGroupId>(it => it.GroupId == CurrentUser.GroupId);
}

/// <summary>


+ 78
- 0
BPA.SAAS.Manage.Web.Core/Handlers/RequestAuditFiltercs.cs Zobrazit soubor

@@ -0,0 +1,78 @@
using BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto;
using BPA.SAAS.Manage.Application.AExternalPlatform.Enum;
using BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Services;
using Furion;
using Furion.EventBus;
using Furion.FriendlyException;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;
using NPOI.SS.Formula.Functions;
using SqlSugar;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Security.Claims;
using System.Threading.Tasks;

namespace BPA.SAAS.Manage.Web.Core
{
public class RequestAuditFiltercs : IAsyncActionFilter
{
private readonly ICheckServices _checkServices;
public RequestAuditFiltercs(ICheckServices checkServices)
{
_checkServices = checkServices;
}

public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{


//============== 这里是执行方法之前获取数据 ====================
// 获取 HttpContext 和 HttpRequest 对象
var httpContext = context.HttpContext;
var httpRequest = httpContext.Request;

// 获取客户端 Ipv4 地址
var remoteIPv4 = httpContext.GetRemoteIpAddressToIPv4();

// 获取请求的 Url 地址
var requestUrl = httpRequest.GetRequestUrlAddress();

// 获取来源 Url 地址
var refererUrl = httpRequest.GetRefererUrlAddress();

if (requestUrl.ToUpper().Contains("ExternalPlatform".ToUpper()))
{
// 获取请求参数(写入日志,需序列化成字符串后存储)
var parameters = context.ActionArguments;
var key= httpRequest.Headers["key"];
List<PropertyInfo> proplist = new List<PropertyInfo>();
foreach (var parameter in parameters)
{
var stingA= DtoValidator.GetSign(parameter.Value);
var sign = DtoValidator.GetAttributePrice(parameter.Value, "sign");
await _checkServices.CheckSign(key, stingA, sign);
}



// 请求时间
var requestedTime = DateTimeOffset.Now;
//============== 这里是执行方法之后获取数据 ====================
var actionContext = await next();
// 获取返回的结果
var returnResult = actionContext.Result;
// 判断是否请求成功,没有异常就是请求成功
var isRequestSucceed = actionContext.Exception == null;
proplist = proplist.OrderBy(k => k.Name).ToList();


}
}
}
}

+ 1
- 0
BPA.SAAS.Manage.Web.Core/Startup.cs Zobrazit soubor

@@ -68,6 +68,7 @@ namespace BPA.SAAS.Manage.Web.Core
services.AddSqlsugarSetup(App.Configuration);
services.AddControllers()
.AddInjectWithUnifyResult();
services.AddMvcFilter<RequestAuditFiltercs>();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)


Načítá se…
Zrušit
Uložit