Api/Ewide.Core/Ewide.Core.Common/BaseDisplayJSON.cs

@@ -10,53 +10,58 @@ namespace Ewide.Core.Common
 {
     public class BaseDisplayJSON
     {
-        public static object DisplayJSON(object obj)
+        public static object DeserializeJSON(object obj)
         {
-            var _result = JsonConvert.SerializeObject(obj, Formatting.Indented, new JsonSerializerSettings
+            var _result = SerializeJSON(obj);
-            {
-                ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver(),
-                DateFormatString = "yyyy-MM-dd HH:mm:ss"
-            });
 
             return JsonConvert.DeserializeObject(_result);
         }
 
-        public static object Display(HttpStatusCode status, object result)
+        public static string SerializeJSON(object obj)
         {
-            return new
+            return JsonConvert.SerializeObject(obj, Formatting.Indented, new JsonSerializerSettings
+            {
+                ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver(),
+                DateFormatString = "yyyy-MM-dd HH:mm:ss"
+            });
+        }
+
+        public static object JSON(HttpStatusCode status, object result)
+        {
+            return DeserializeJSON(new
             {
                 Status = status,
                 Result = result
-            };
+            });
         }
 
-        public static object Display(HttpStatusCode status, string message)
+        public static object JSON(HttpStatusCode status, string message)
         {
-            return new
+            return DeserializeJSON(new
             {
                 Status = status,
                 Message = message
-            };
+            });
         }
 
         public static object Ok(object result)
         {
-            return Display(HttpStatusCode.OK, result);
+            return JSON(HttpStatusCode.OK, result);
         }
 
         public static object Ok(string message)
         {
-            return Display(HttpStatusCode.OK, message);
+            return JSON(HttpStatusCode.OK, message);
         }
 
         public static object Error(string message)
         {
-            return Display(HttpStatusCode.InternalServerError, message);
+            return JSON(HttpStatusCode.InternalServerError, message);
         }
 
         public static object Unauthorized(string message)
         {
-            return Display(HttpStatusCode.Unauthorized, message);
+            return JSON(HttpStatusCode.Unauthorized, message);
         }
     }
 }

Api/Ewide.Core/Ewide.Core.WebApi/App_Start/Filters/HttpNotFoundControllerActionSelector.cs

@@ -27,7 +27,7 @@ namespace Ewide.Core.WebApi
             catch (HttpResponseException ex)
             {
                 var code = ex.Response.StatusCode;
-                var result = BaseDisplayJSON.Display(code, code == HttpStatusCode.NotFound ? "找不到接口，请确认接口地址是否正确" : "请求方式错误");
+                var result = BaseDisplayJSON.JSON(code, code == HttpStatusCode.NotFound ? "找不到接口，请确认接口地址是否正确" : "请求方式错误");
                 if (code == HttpStatusCode.NotFound || code == HttpStatusCode.MethodNotAllowed)
                 {
                     ex.Response.Content = new ObjectContent(result.GetType(), result, formatter);

Api/Ewide.Core/Ewide.Core.WebApi/App_Start/Filters/HttpNotFoundDefaultHttpControllerSelector.cs

@@ -28,7 +28,7 @@ namespace Ewide.Core.WebApi
             catch (HttpResponseException ex)
             {
                 var code = ex.Response.StatusCode;
-                var result = BaseDisplayJSON.Display(code, "找不到接口，请确认接口地址是否正确");
+                var result = BaseDisplayJSON.JSON(code, "找不到接口，请确认接口地址是否正确");
                 if (code == HttpStatusCode.NotFound || code == HttpStatusCode.MethodNotAllowed)
                 {
                     ex.Response.Content = new ObjectContent(result.GetType(), result, formatter);

Api/Ewide.Core/Ewide.Core.WebApi/App_Start/Filters/HttpWebApiControllerActionInvoker.cs

@@ -28,11 +28,11 @@ namespace Ewide.Core.WebApi
                 var baseException = responseMessage.Exception.InnerExceptions[0];
                 var message = baseException.Message;
 
-                var result = BaseDisplayJSON.Display(HttpStatusCode.InternalServerError, message);
+                var result = BaseDisplayJSON.JSON(HttpStatusCode.InternalServerError, message);
 
                 if (baseException is TimeoutException)
                 {
-                    result = BaseDisplayJSON.Display(HttpStatusCode.RequestTimeout, message);
+                    result = BaseDisplayJSON.JSON(HttpStatusCode.RequestTimeout, message);
                 }
 
                 return Task.Run(() => new HttpResponseMessage()

Api/Ewide.Core/Ewide.Core.WebApi/App_Start/WebApiConfig.cs

@@ -32,6 +32,7 @@ namespace Ewide.Core.WebApi
             config.Services.Replace(typeof(IHttpActionInvoker), new HttpWebApiControllerActionInvoker(config));
             #endregion
 
+            config.Filters.Add(new ApiAuthorizeAttribute());
             config.Filters.Add(new ValidateArgumentsFilter());
         }
     }

Api/Ewide.Core/Ewide.Core.WebApi/Areas/Base/Controllers/GateController.cs

@@ -15,12 +15,15 @@ namespace Ewide.Core.WebApi.Areas.Base.Controllers
         /// </summary>
         /// <param name="dto"></param>
         /// <returns></returns>
+        [ApiAuthorize(VerifyAuthorization = false)]
+        [HttpPost]
         public IHttpActionResult Login(LoginDTO dto)
         {
             return DisplayJSON(dto);
         }
 
         [ValidateArgumentsFilter(AllowNull = true)]
+        [HttpPost]
         public IHttpActionResult AllowNullAPI(LoginDTO dto)
         {
             return DisplayJSON(dto);

Api/Ewide.Core/Ewide.Core.WebApi/Controllers/Code/ApiAuthorizeAttribute.cs

@@ -1,13 +1,65 @@
-using System;
+using Ewide.Core.Common;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Text;
 using System.Web.Http;
+using System.Web.Http.Controllers;
 
 namespace Ewide.Core.WebApi
 {
+    [AttributeUsage(AttributeTargets.All, AllowMultiple = false)]
     public class ApiAuthorizeAttribute : AuthorizeAttribute
     {
+        /// <summary>
+        /// 是否验证权限
+        /// </summary>
+        public bool VerifyAuthorization { get; set; } = true;
+
+        public override void OnAuthorization(HttpActionContext actionContext)
+        {
+            if (!VerifyAuthorization)
+            {
+                base.IsAuthorized(actionContext);
+                return;
+            }
+
+            // 验证token
+            var authorization = actionContext.Request.Headers.Authorization;
+            if (authorization != null && !String.IsNullOrEmpty(authorization.Parameter))
+            {
+                var token = authorization.Parameter;
+                var userID = AuthorizedHelper.GetUserID(token);
+                if (!String.IsNullOrEmpty(userID))
+                {
+                    base.IsAuthorized(actionContext);
+                    return;
+                }
+            }
+            else
+            {
+                var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
+                bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
+                if (isAnonymous)
+                {
+                    base.OnAuthorization(actionContext);
+                }
+                else
+                {
+                    HandleUnauthorizedRequest(actionContext);
+                }
+            }
+
+            base.OnAuthorization(actionContext);
+        }
+
+        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
+        {
+            var response = actionContext.Response = actionContext.Response ?? new HttpResponseMessage();
+            response.StatusCode = HttpStatusCode.OK;
+            response.Content = new StringContent(BaseDisplayJSON.SerializeJSON(BaseDisplayJSON.Unauthorized("权限验证失败")), Encoding.UTF8, "application/json");
+        }
     }
 }

Api/Ewide.Core/Ewide.Core.WebApi/Controllers/Code/BaseController.cs

@@ -31,7 +31,7 @@ namespace Ewide.Core.WebApi
         /// <returns></returns>
         private IHttpActionResult _DisplayJSON(object obj)
         {
-            var result = BaseDisplayJSON.DisplayJSON(obj);
+            var result = BaseDisplayJSON.DeserializeJSON(obj);
 
             return Ok(result);
         }

Api/Ewide.Core/Ewide.Core.WebApi/Controllers/Code/ValidateArgumentsFilter.cs

@@ -24,9 +24,7 @@ namespace Ewide.Core.WebApi
                 {
                     if (arg.Value == null)
                     {
-                        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
+                        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, BaseDisplayJSON.JSON(HttpStatusCode.BadRequest, "参数不可为空"));
-                            BaseDisplayJSON.DisplayJSON(BaseDisplayJSON.Display(HttpStatusCode.BadRequest, "参数不可为空"))
-                        );
                         break;
                     }
                 }
@@ -71,7 +69,7 @@ namespace Ewide.Core.WebApi
 
 
                 actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
-                    BaseDisplayJSON.DisplayJSON(BaseDisplayJSON.Display(HttpStatusCode.BadRequest, message))
+                    BaseDisplayJSON.JSON(HttpStatusCode.BadRequest, message)
                 );
             }
             base.OnActionExecuting(actionContext);