提交

8 месяцев назад · ddfafc9a5a
--- a/BPA.SAAS.Manage.Application/AExternalPlatform/BaseDto/DtoValidator.cs
+++ b/BPA.SAAS.Manage.Application/AExternalPlatform/BaseDto/DtoValidator.cs
@@ -5,6 +5,7 @@ using BPA.SAAS.Manage.Core.DataBase;
 using BPA.SAAS.Manage.Core.Org;
 using Furion.JsonSerialization;
 using Newtonsoft.Json;
 using NPOI.SS.Formula.Functions;
 using NPOI.Util.ArrayExtensions;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
@@ -19,9 +20,8 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
    /// <summary>
    /// Dto参数验证
    /// </summary>
   public static class DtoValidator
    public static class DtoValidator
    {
       

        /// <summary>
        /// 获取签名
@@ -51,7 +51,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
                    {
                        retstr = retstr + p.Name + "=" + p.GetValue(t, null) + "&";
                    }
                   

                }
            });
            //把字符串最后一位截断
@@ -59,5 +59,69 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto
            //输出字符串
            return retstr;
        }

        /// <summary>
        /// 获取签名
        /// </summary>
        /// <param name="t"></param>
        /// <returns></returns>
        public static string GetSign(object t)
        {
            string retstr = "";
            //定义PropertyInfo的List
            List<PropertyInfo> proplist = new List<PropertyInfo>();
            //遍历泛型类的每个属性加入到List里面
            Array.ForEach<PropertyInfo>(t.GetType().GetProperties(),
                p => proplist.Add(p));
            //根据参数进行排序 0-不排序  1-按名称ASCII码排序
            proplist = proplist.OrderBy(k => k.Name).ToList();

            //遍历List泛型生成我们要签名的字符串
            proplist.ForEach(p =>
            {
                if (p.Name.ToLower() != "sign".ToLower())
                {
                    if (p.GetValue(t, null) != null && p.GetValue(t, null).ToString() != "")
                    {
                        retstr = retstr + p.Name + "=" + p.GetValue(t, null) + "&";
                    }

                }
            });
            //把字符串最后一位截断
            retstr = retstr.Substring(0, retstr.Length - 1);
            //输出字符串
            return retstr;
        }

        
        /// <summary>
        /// 获取属性值
        /// </summary>
        /// <param name="obj"></param>
        /// <param name="name"></param>
        /// <returns></returns>
        public static string GetAttributePrice(object obj,string name)
        {
            string retstr = "";
            //定义PropertyInfo的List
            List<PropertyInfo> proplist = new List<PropertyInfo>();
            //遍历泛型类的每个属性加入到List里面
            Array.ForEach<PropertyInfo>(obj.GetType().GetProperties(),
                p => proplist.Add(p));
            //根据参数进行排序 0-不排序  1-按名称ASCII码排序
            proplist = proplist.OrderBy(k => k.Name).ToList();

            //遍历List泛型生成我们要签名的字符串
            proplist.ForEach(p =>
            {
                if (p.Name.ToLower() != name.ToLower())
                {
                    retstr= p.GetValue(obj, null)?.ToString();
                }
            });
            //输出字符串
            return retstr;
        }
    }
 }
--- a/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/CheckServices.cs
+++ b/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/CheckServices.cs
@@ -28,9 +28,9 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService
        /// <summary>
        ///检查Sign
        /// </summary>
        public async Task CheckSign<T>(T dto)
        public async Task CheckSign(string key, string signStr, string signMd5)
        {
           await _checkServices.CheckSign(dto);
           await _checkServices.CheckSign( key,  signStr,  signMd5);
        }


--- a/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/CheckServices.cs
+++ b/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/CheckServices.cs
@@ -20,24 +20,17 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
        /// <summary>
        ///检查Sign
        /// </summary>
        public async Task CheckSign<T>(T dto)
        public async Task CheckSign(string key,string signStr,string signMd5)
        {

            var key = GetModelValue(dto, "Key");
            var sign = GetModelValue(dto, "Sign");
            var timestamp = GetModelValue(dto, "TimeStamp");


            //检查租户
            await CheckTenant(CurrentUser.GroupId);

          
            //检查key
            await CheckKey(key);

            var thisSign = DtoValidator.GetSign(dto)+"&"+ key;
            var thisSign = signStr + "&" + key;


            if (MD5Encryption.Encrypt(thisSign).ToUpper() != sign.ToUpper())
            if (MD5Encryption.Encrypt(thisSign).ToUpper() != signMd5.ToUpper())
            {
                throw Oops.Oh(ErrorCodeEnum.Code1005);
            }
@@ -45,44 +38,15 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser



        /// <summary>
        /// 获取模型值
        /// </summary>
        /// <typeparam name="T"></typeparam>
        /// <param name="t"></param>
        /// <returns></returns>
        public string GetModelValue<T>(T t, string name)
        {
            string retstr = "";
            //定义PropertyInfo的List
            List<PropertyInfo> proplist = new List<PropertyInfo>();
            //遍历泛型类的每个属性加入到List里面
            Array.ForEach<PropertyInfo>(typeof(T).GetProperties(),
                p => proplist.Add(p));

            foreach (PropertyInfo prop in proplist)
            {
                if (prop.Name.ToLower() == name.ToLower())
                {
                    var data = prop.GetValue(t, null);
                    if (data != null)
                    {
                        return data.ToString();
                    }
                }
            }

            return "";
        }

        /// <summary>
        /// 检查平key验证
        /// </summary>
        /// <param name="key"></param>
        public async Task CheckKey(string key)
        private async Task CheckKey(string key)
        {
            var data = await SqlSugarDb.Db.Queryable<BPA_PlatformAuthorization>()
                .FirstAsync(x => x.Key == key);
            await CheckTenant(data.GroupId);
            if (data == null)
            {
                throw Oops.Oh(ErrorCodeEnum.Code1004);
@@ -95,7 +59,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
        /// </summary>
        /// <param name="id"></param>
        /// <returns></returns>
        public async Task CheckTenant(string tenantId)
        private async Task CheckTenant(string tenantId)
        {
            var data = await SqlSugarDb.Db.Queryable<BPA_Company>().FirstAsync(x => x.Id == tenantId);

--- a/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/ICheckServices.cs
+++ b/BPA.SAAS.Manage.Application/AExternalPlatform/Service/CheckService/Services/ICheckServices.cs
@@ -17,6 +17,6 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Ser
        /// <summary>
        ///检查Sign
        /// </summary>
         Task CheckSign<T>(T dto);
        Task CheckSign(string key, string signStr, string signMd5);
    }
 }
--- a/BPA.SAAS.Manage.Application/AExternalPlatform/Service/Material/Services/MaterialService.cs
+++ b/BPA.SAAS.Manage.Application/AExternalPlatform/Service/Material/Services/MaterialService.cs
@@ -27,8 +27,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
        /// <returns></returns>
        public async Task<PageUtil<List<MaterialDto>>> GetMaterialPageList(MaterialPageInputDto inputDto)
        {
            //验签
            await _checkServices.CheckSign(inputDto);
            

            int total = new RefAsync<int>();
            var data = SqlSugarDb.Db.Queryable<BPA_Batching, BPA_BatchingType, BPA_BatchingUint>((a, b, c) =>
@@ -66,9 +65,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service

            try
            {
                //验签
                await _checkServices.CheckSign(inputDto);

                
                SqlSugarDb.Db.Ado.BeginTran();
                //1.物料单位查询
                var typeData = await SqlSugarDb.Db.Queryable<BPA_BatchingType>().FirstAsync(x => x.Name == inputDto.TypeName);
@@ -143,8 +140,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
        /// <returns></returns>
        public async Task<bool> DelMaterial(DelMaterialDto inputDto)
        {
            //验签
            await _checkServices.CheckSign(inputDto);
            

            var materialData = await SqlSugarDb.Db.Queryable<BPA_Batching>().FirstAsync(x => x.Id == inputDto.MaterialId);
            if (materialData == null)
@@ -164,8 +160,7 @@ namespace BPA.SAAS.Manage.Application.AExternalPlatform.Service.Material.Service
        {
            try
            {
                //验签
                await _checkServices.CheckSign(inputDto);
                

                SqlSugarDb.Db.Ado.BeginTran();
                //1.物料单位查询
--- a/BPA.SAAS.Manage.Core/DbContext.cs
+++ b/BPA.SAAS.Manage.Core/DbContext.cs
@@ -1,4 +1,5 @@
 using BPA.SAAS.Manage.Comm.Const;
 using BPA.KitChen.GroupMeal.SqlSugar;
 using BPA.SAAS.Manage.Comm.Const;
 using BPA.SAAS.Manage.Core.Base;
 using Furion;
 using Microsoft.Extensions.Configuration;
@@ -32,6 +33,7 @@ namespace BPA.SAAS.Manage.Core
                ConfigId = "default",
            };

            SqlSugarDb.SqlSugarScope(configConnection);
            SqlSugarScope sqlSugar = new SqlSugarScope(configConnection,
                db =>
                {
--- a/BPA.SAAS.Manage.Core/SqlSugarDb.cs
+++ b/BPA.SAAS.Manage.Core/SqlSugarDb.cs
@@ -51,6 +51,7 @@ namespace BPA.KitChen.GroupMeal.SqlSugar

            //添加默认值
            DataExecuting(db);
            db.QueryFilter.AddTableFilter<IGroupId>(it => it.GroupId == CurrentUser.GroupId);
        }

        /// <summary>
--- a/BPA.SAAS.Manage.Web.Core/Handlers/RequestAuditFiltercs.cs
+++ b/BPA.SAAS.Manage.Web.Core/Handlers/RequestAuditFiltercs.cs
@@ -0,0 +1,78 @@
 using BPA.SAAS.Manage.Application.AExternalPlatform.BaseDto;
 using BPA.SAAS.Manage.Application.AExternalPlatform.Enum;
 using BPA.SAAS.Manage.Application.AExternalPlatform.Service.CheckService.Services;
 using Furion;
 using Furion.EventBus;
 using Furion.FriendlyException;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Newtonsoft.Json;
 using NPOI.SS.Formula.Functions;
 using SqlSugar;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
 using System.Security.Claims;
 using System.Threading.Tasks;

 namespace BPA.SAAS.Manage.Web.Core
 {
    public class RequestAuditFiltercs : IAsyncActionFilter
    {
        private readonly ICheckServices _checkServices;
        public RequestAuditFiltercs(ICheckServices checkServices)
        {
            _checkServices = checkServices;
        }

        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {

       

        //============== 这里是执行方法之前获取数据 ====================
        // 获取 HttpContext 和 HttpRequest 对象
            var httpContext = context.HttpContext;
            var httpRequest = httpContext.Request;

            // 获取客户端 Ipv4 地址
            var remoteIPv4 = httpContext.GetRemoteIpAddressToIPv4();

            // 获取请求的 Url 地址
            var requestUrl = httpRequest.GetRequestUrlAddress();

            // 获取来源 Url 地址
            var refererUrl = httpRequest.GetRefererUrlAddress();

            if (requestUrl.ToUpper().Contains("ExternalPlatform".ToUpper()))
            {
                // 获取请求参数（写入日志，需序列化成字符串后存储）
                var parameters = context.ActionArguments;
                var key= httpRequest.Headers["key"];
                List<PropertyInfo> proplist = new List<PropertyInfo>();
                foreach (var parameter in parameters)
                {
                  var stingA=  DtoValidator.GetSign(parameter.Value);
                  var sign = DtoValidator.GetAttributePrice(parameter.Value, "sign");
                  await _checkServices.CheckSign(key, stingA, sign);
                }



                // 请求时间
                var requestedTime = DateTimeOffset.Now;
                //============== 这里是执行方法之后获取数据 ====================
                var actionContext = await next();
                // 获取返回的结果
                var returnResult = actionContext.Result;
                // 判断是否请求成功，没有异常就是请求成功
                var isRequestSucceed = actionContext.Exception == null;
                proplist = proplist.OrderBy(k => k.Name).ToList();


            }
        }
    }
 }
--- a/BPA.SAAS.Manage.Web.Core/Startup.cs
+++ b/BPA.SAAS.Manage.Web.Core/Startup.cs
@@ -68,6 +68,7 @@ namespace BPA.SAAS.Manage.Web.Core
            services.AddSqlsugarSetup(App.Configuration);
            services.AddControllers()
                    .AddInjectWithUnifyResult();
            services.AddMvcFilter<RequestAuditFiltercs>();
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)