using ADT.Core.Encrypt;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Web.Security; namespace ADT.API.App_Start
{
/// <summary>
/// 自定义此特性用于接口的身份验证
/// </summary>
public class RequestAuthorizeAttribute : AuthorizeAttribute
{
/// <summary>
/// 重写基类的验证方式,加入我们自定义的Ticket验证
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//signature:(控制器+方法+jinyuanbaoapp)Md5加密
string controlName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = actionContext.ActionDescriptor.ActionName;
var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
var signature = content.Request.QueryString["signature"];
if (!string.IsNullOrEmpty(signature))
{
string token = "jinyuanbaoapp";
string inspect = controlName + actionName + token;
string Md5 = MD5Encrypt.MD5(inspect);
if (signature == Md5)
{
base.IsAuthorized(actionContext);
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
else {
var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
if (isAnonymous) base.OnAuthorization(actionContext);
else HandleUnauthorizedRequest(actionContext);
} } } }
using ADT.API.Infrastructure;
using ADT.Core.ApiResult;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Script.Serialization; namespace ADT.API.App_Start
{
public class IsLoginAuthorizeAttribute : AuthorizeAttribute
{
private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//判断本地有无缓存判断用户有无登陆
var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
var token = content.Request.QueryString["token"];
if (!string.IsNullOrEmpty(token))
{
string[] ArrayToken = token.Split(new string[] { "F" }, StringSplitOptions.RemoveEmptyEntries); if(ADT.Cache.Cache.CAC.Instance.IsExCache(ArrayToken[]) && ADT.Cache.Cache.CAC.Instance.GetWCache(ArrayToken[]).Equipment == ArrayToken[])
{
HttpContext.Current.Session["UserInfo"] = ADT.Cache.Cache.CAC.Instance.GetWCache(ArrayToken[]).CuserID; //用户id
base.IsAuthorized(actionContext);
}
else {
HandleUnauthorizedRequest(actionContext);
}
}
else
{
//自定义一个json返回给客户端
HandleUnauthorizedRequest(actionContext);
} }
protected override void HandleUnauthorizedRequest(HttpActionContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
var response = filterContext.Response = filterContext.Response ?? new HttpResponseMessage();
response.StatusCode = HttpStatusCode.OK;
MessagesCode obj = new MessagesCode(false, "该操作必须登陆", );
JavaScriptSerializer serializer = new JavaScriptSerializer();
string str = serializer.Serialize(obj);
response.Content = new StringContent(str, Encoding.UTF8, "application/json");
}
}
}
用Ping++做支付成功返回的数据类型的定义
using ADT.API.Models;
using ADT.Concrete.App;
using ADT.Core.ApiResult;
using ADT.Entities.App;
using Newtonsoft.Json.Linq;
using Swashbuckle.Swagger;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Transactions;
using System.Web;
using System.Web.Http;
using System.Web.UI;
namespace ADT.API.Controllers
{
public class WebhooksController : ApiController
{
private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
[HttpPost]
public HttpResponseMessage Index()
{
MessagesCode result = new MessagesCode(false, "无效的参数", -);
try
{ if (HttpContext.Current.Request.RequestType.ToUpper().Equals("POST"))
{
//获取 post 的 event对象
var inputData = ReadStream(HttpContext.Current.Request.InputStream);
//获取 header 中的签名
var sig = HttpContext.Current.Request.Headers.Get("x-pingplusplus-signature"); //公钥路径(请检查你的公钥 .pem 文件存放路径) var path = HttpContext.Current.Server.MapPath("/Lib/public_key.pem"); //验证签名
if (RSACryptoServiceProviderExtension.VerifySignedHash(inputData, sig, path))
{ var jObject = JObject.Parse(inputData);
var type = jObject.SelectToken("type");
var eventType = jObject.SelectToken("object");
if (eventType.ToString() == "event")//验证接收到的是否为 Event 对象。
{
if (type.ToString() == "charge.succeeded")
{ //在这里做支付成功的逻辑处理 1.订单状态改变 2.支付目的改变 3.这里要限制一下更新的次数,只有当订单是未支付时在进行下面的操作
var data = jObject.SelectToken("data");
var credentialObject = data["object"];//凭据对象
var PayNo = credentialObject["order_no"];//订单号
logger.Error("接受到支付成功的事件");
bool IsOk = false;
PayLogBean model = new PayLog().GetModelById(PayNo.ToString());
if (model != null)
{
if (model.Valid)
{
IsOk = true;
}
else
{
using (TransactionScope ts = new TransactionScope())
{
bool OneTrans = false;
bool TwoTrans = false;
OneTrans = new PayLog().UpdateValid(PayNo.ToString(), true);
UserBean userModel = new User().GetModelById((int)model.UserId);
if (userModel != null)
{
if (model.OrderType ==)
{ if (Convert.IsDBNull(userModel.Ranketime)|| userModel.RankId==)//一定不是会员
{ userModel.Rankbtime = DateTime.Now;
userModel.Ranketime = DateTime.Now.AddMonths((int)model.ChangeNum);
userModel.RankId = ;
}
else
{//代表历史上是有会员的记录的
//判断当前是否为会员
if (userModel.RankId == && userModel.Ranketime >= DateTime.Now)
{
userModel.Ranketime = userModel.Ranketime.AddMonths((int)model.ChangeNum);
}
else
{
userModel.RankId = ;
userModel.Ranketime = DateTime.Now.AddMonths((int)model.ChangeNum);
userModel.Ranketime = DateTime.Now; } }
//更新用户信息
TwoTrans = new User().UpdateMemRoleByRMB(userModel);
}
else
{ userModel.Currency = userModel.Currency + model.ChangeNum;
TwoTrans = new User().UpdateCurrency(model.UserId, userModel.Currency);
}
}
if (OneTrans&&TwoTrans)
{ IsOk = true;
ts.Complete(); } }
}
}
if (IsOk)
{
//在这里写日志
if (model.OrderType == ) //购买会员
{
//在这里加一个消费日志
//需要拿这个有效时间去获得人民币的价格是多少
List<ProductBean> productList = new Product().GetAllList().Where(p => p.ValidTime == model.ChangeNum).ToList();
if (productList.Count > )
{
CreateBase64.CreateReclog(, "人民币购买会员", Convert.ToInt64(productList[].ProdutPrice), (int)model.UserId);
} }
else
{//购买虚拟币
CreateBase64.CreateReclog(, "充虚拟币", model.ChangeNum, (int)model.UserId);
}
return Request.CreateResponse(HttpStatusCode.OK, "接受成功");
} }
} } }
} catch (Exception ex)
{
logger.Error("接受ping++的支付订单消息发生异常:" + ex);
}
return Request.CreateResponse(HttpStatusCode.InternalServerError, "接受失败"); }
private static string ReadStream(Stream stream)
{
using (var reader = new StreamReader(stream, Encoding.UTF8))
{
return reader.ReadToEnd();
}
} }
}