qrcodeService/QRCodeService/Infrastructure/Middlewares/CheckSignMiddleware.cs

using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features;
using QRCodeService.Application.Queries;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Text.Json;
using System.Text.Json.Serialization;
using QRCodeService.Extensions;
using Microsoft.EntityFrameworkCore.ChangeTracking;

namespace QRCodeService.Infrastructure.Middlewares
{
    /// <summary>
    /// 报文签名验证中间件
    /// </summary>
    public class CheckSignMiddleware
    {
        readonly RequestDelegate next;

        public CheckSignMiddleware(RequestDelegate next)
        {
            this.next = next;
        }
        public async Task Invoke(HttpContext context, IAppQueries appQueries)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }
            var endpoint = context.GetEndpoint();
            if (endpoint != null)
            {
                var attribute = endpoint.Metadata.GetMetadata<CheckSignAttribute>();
                if (attribute != null)
                {
                    context.Request.EnableBuffering();
                    var requestReader = new StreamReader(context.Request.Body);

                    var requestContent = await requestReader.ReadToEndAsync();
                    var param = JsonSerializer.Deserialize<Dictionary<string,JsonElement>>(requestContent);
                    var appid = param.Where(kv=>kv.Key.ToLower()=="appid").Single().Value.GetInt32();
                    var time = param.Where(kv=>kv.Key.ToLower()=="time").Single().Value.GetString();
                    var sign = param.Where(kv=>kv.Key.ToLower()== "sign").Single().Value.GetString();
                    var timeDate = time.ToDate("yyyyMMddHHmmss");
                    var localTime = DateTime.Now.AddHours(8);
                    if (timeDate == null||Math.Abs((timeDate.Value - localTime).TotalSeconds) > 60)//时间不同步
                    {
                        context.Response.StatusCode = StatusCodes.Status400BadRequest;
                        await context.Response.BodyWriter.WriteAsync(Encoding.UTF8.GetBytes("check sign failed"));
                        return;
                    }
                    var app = await appQueries.GetAppAsync(appid);
                    if (app == null)
                    {
                        context.Response.StatusCode = StatusCodes.Status400BadRequest;
                        await context.Response.BodyWriter.WriteAsync(Encoding.UTF8.GetBytes("check sign failed"));
                        return;
                    }
                    var appKey = app.Appkey;
                    var signStr = string.Join(null, param.Where(kv =>kv.Key.ToLower()  != "sign").OrderBy(kv => kv.Key).Select(kv => kv.Value.ToString()));
                    var checkSign =  BitConverter.ToString( (signStr + appKey).ToMD5()).Replace("-","");
                    if(checkSign.ToLower() != sign.ToLower())
                    {
                        context.Response.StatusCode = StatusCodes.Status400BadRequest;
                        await context.Response.BodyWriter.WriteAsync(Encoding.UTF8.GetBytes("check sign failed"));
                        return;
                    }
                    context.Request.Body.Position = 0;
                }

            }
                await next(context);
        }
    }
}