using ADT.Core.Encrypt; using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Http; using System.Web.Security; namespace ADT.API.App_Start { /// <summary> /// 自定义此特性用于接口的身份验证 /// </summary> public class RequestAuthorizeAttribute : AuthorizeAttribute { /// <summary> /// 重写基类的验证方式,加入我们自定义的Ticket验证 /// </summary> /// <param name="actionContext"></param> public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //signature:(控制器+方法+jinyuanbaoapp)Md5加密 string controlName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName; string actionName = actionContext.ActionDescriptor.ActionName; var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase; var signature = content.Request.QueryString["signature"]; if (!string.IsNullOrEmpty(signature)) { string token = "jinyuanbaoapp"; string inspect = controlName + actionName + token; string Md5 = MD5Encrypt.MD5(inspect); if (signature == Md5) { base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } else { var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>(); bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (isAnonymous) base.OnAuthorization(actionContext); else HandleUnauthorizedRequest(actionContext); } } } }
using ADT.API.Infrastructure; using ADT.Core.ApiResult; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Text; using System.Web; using System.Web.Http; using System.Web.Http.Controllers; using System.Web.Script.Serialization; namespace ADT.API.App_Start { public class IsLoginAuthorizeAttribute : AuthorizeAttribute { private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //判断本地有无缓存判断用户有无登陆 var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase; var token = content.Request.QueryString["token"]; if (!string.IsNullOrEmpty(token)) { string[] ArrayToken = token.Split(new string[] { "F" }, StringSplitOptions.RemoveEmptyEntries); if(ADT.Cache.Cache.CAC.Instance.IsExCache(ArrayToken[0]) && ADT.Cache.Cache.CAC.Instance.GetWCache(ArrayToken[0]).Equipment == ArrayToken[1]) { HttpContext.Current.Session["UserInfo"] = ADT.Cache.Cache.CAC.Instance.GetWCache(ArrayToken[0]).CuserID; //用户id base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } else { //自定义一个json返回给客户端 HandleUnauthorizedRequest(actionContext); } } protected override void HandleUnauthorizedRequest(HttpActionContext filterContext) { base.HandleUnauthorizedRequest(filterContext); var response = filterContext.Response = filterContext.Response ?? new HttpResponseMessage(); response.StatusCode = HttpStatusCode.OK; MessagesCode obj = new MessagesCode(false, "该操作必须登陆", 122); JavaScriptSerializer serializer = new JavaScriptSerializer(); string str = serializer.Serialize(obj); response.Content = new StringContent(str, Encoding.UTF8, "application/json"); } } }
用Ping++做支付成功返回的数据类型的定义
using ADT.API.Models; using ADT.Concrete.App; using ADT.Core.ApiResult; using ADT.Entities.App; using Newtonsoft.Json.Linq; using Swashbuckle.Swagger; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.Security.Cryptography; using System.Text; using System.Transactions; using System.Web; using System.Web.Http; using System.Web.UI; namespace ADT.API.Controllers { public class WebhooksController : ApiController { private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); [HttpPost] public HttpResponseMessage Index() { MessagesCode result = new MessagesCode(false, "无效的参数", -300); try { if (HttpContext.Current.Request.RequestType.ToUpper().Equals("POST")) { //获取 post 的 event对象 var inputData = ReadStream(HttpContext.Current.Request.InputStream); //获取 header 中的签名 var sig = HttpContext.Current.Request.Headers.Get("x-pingplusplus-signature"); //公钥路径(请检查你的公钥 .pem 文件存放路径) var path = HttpContext.Current.Server.MapPath("/Lib/public_key.pem"); //验证签名 if (RSACryptoServiceProviderExtension.VerifySignedHash(inputData, sig, path)) { var jObject = JObject.Parse(inputData); var type = jObject.SelectToken("type"); var eventType = jObject.SelectToken("object"); if (eventType.ToString() == "event")//验证接收到的是否为 Event 对象。 { if (type.ToString() == "charge.succeeded") { //在这里做支付成功的逻辑处理 1.订单状态改变 2.支付目的改变 3.这里要限制一下更新的次数,只有当订单是未支付时在进行下面的操作 var data = jObject.SelectToken("data"); var credentialObject = data["object"];//凭据对象 var PayNo = credentialObject["order_no"];//订单号 logger.Error("接受到支付成功的事件"); bool IsOk = false; PayLogBean model = new PayLog().GetModelById(PayNo.ToString()); if (model != null) { if (model.Valid) { IsOk = true; } else { using (TransactionScope ts = new TransactionScope()) { bool OneTrans = false; bool TwoTrans = false; OneTrans = new PayLog().UpdateValid(PayNo.ToString(), true); UserBean userModel = new User().GetModelById((int)model.UserId); if (userModel != null) { if (model.OrderType ==1) { if (Convert.IsDBNull(userModel.Ranketime)|| userModel.RankId==1)//一定不是会员 { userModel.Rankbtime = DateTime.Now; userModel.Ranketime = DateTime.Now.AddMonths((int)model.ChangeNum); userModel.RankId = 2; } else {//代表历史上是有会员的记录的 //判断当前是否为会员 if (userModel.RankId == 2 && userModel.Ranketime >= DateTime.Now) { userModel.Ranketime = userModel.Ranketime.AddMonths((int)model.ChangeNum); } else { userModel.RankId = 2; userModel.Ranketime = DateTime.Now.AddMonths((int)model.ChangeNum); userModel.Ranketime = DateTime.Now; } } //更新用户信息 TwoTrans = new User().UpdateMemRoleByRMB(userModel); } else { userModel.Currency = userModel.Currency + model.ChangeNum; TwoTrans = new User().UpdateCurrency(model.UserId, userModel.Currency); } } if (OneTrans&&TwoTrans) { IsOk = true; ts.Complete(); } } } } if (IsOk) { //在这里写日志 if (model.OrderType == 1) //购买会员 { //在这里加一个消费日志 //需要拿这个有效时间去获得人民币的价格是多少 List<ProductBean> productList = new Product().GetAllList().Where(p => p.ValidTime == model.ChangeNum).ToList(); if (productList.Count > 0) { CreateBase64.CreateReclog(7, "人民币购买会员", Convert.ToInt64(productList[0].ProdutPrice), (int)model.UserId); } } else {//购买虚拟币 CreateBase64.CreateReclog(2, "充虚拟币", model.ChangeNum, (int)model.UserId); } return Request.CreateResponse(HttpStatusCode.OK, "接受成功"); } } } } } } catch (Exception ex) { logger.Error("接受ping++的支付订单消息发生异常:" + ex); } return Request.CreateResponse(HttpStatusCode.InternalServerError, "接受失败"); } private static string ReadStream(Stream stream) { using (var reader = new StreamReader(stream, Encoding.UTF8)) { return reader.ReadToEnd(); } } } }
浙公网安备 33010602011771号