Commit 0f2248d3 authored by 黄奎's avatar 黄奎

页面修改

parent 4b1b0734
...@@ -205,7 +205,7 @@ namespace Mall.CacheManager.User ...@@ -205,7 +205,7 @@ namespace Mall.CacheManager.User
{ {
string token = ""; string token = "";
var umodel = member_UserRepository.GetEntity<RB_Member_User_Extend>(NewUserId); var umodel = member_UserRepository.GetEntity<RB_Member_User_Extend>(NewUserId);
if (umodel != null) if (umodel != null && (umodel.Blacklist??0) == 0)
{ {
userInfo = new AppletUserInfo userInfo = new AppletUserInfo
{ {
......
...@@ -1632,7 +1632,7 @@ namespace Mall.WebApi.Controllers.TradePavilion ...@@ -1632,7 +1632,7 @@ namespace Mall.WebApi.Controllers.TradePavilion
/// </summary> /// </summary>
/// <returns></returns> /// <returns></returns>
[HttpPost] [HttpPost]
[AllowAnonymous] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)]
public ApiResult GetCarrierPageList() public ApiResult GetCarrierPageList()
{ {
var userInfo = AppletUserInfo; var userInfo = AppletUserInfo;
...@@ -1718,7 +1718,7 @@ namespace Mall.WebApi.Controllers.TradePavilion ...@@ -1718,7 +1718,7 @@ namespace Mall.WebApi.Controllers.TradePavilion
/// </summary> /// </summary>
/// <returns></returns> /// <returns></returns>
[HttpPost] [HttpPost]
[AllowAnonymous] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)]
public ApiResult GetCarrierDetails() public ApiResult GetCarrierDetails()
{ {
var userInfo = AppletUserInfo; var userInfo = AppletUserInfo;
...@@ -1904,10 +1904,10 @@ namespace Mall.WebApi.Controllers.TradePavilion ...@@ -1904,10 +1904,10 @@ namespace Mall.WebApi.Controllers.TradePavilion
/// <returns></returns> /// <returns></returns>
[HttpGet] [HttpGet]
[HttpPost] [HttpPost]
[AllowAnonymous] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)]
[RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)]
public ApiResult GetBrandPageList() public ApiResult GetBrandPageList()
{ {
var userInfo = AppletUserInfo;
ResultPageModel pageModel = JsonConvert.DeserializeObject<ResultPageModel>(RequestParm.msg.ToString()); ResultPageModel pageModel = JsonConvert.DeserializeObject<ResultPageModel>(RequestParm.msg.ToString());
JObject parms = JObject.Parse(RequestParm.msg.ToString()); JObject parms = JObject.Parse(RequestParm.msg.ToString());
var query = new RB_Brand_Extend() var query = new RB_Brand_Extend()
...@@ -1925,8 +1925,8 @@ namespace Mall.WebApi.Controllers.TradePavilion ...@@ -1925,8 +1925,8 @@ namespace Mall.WebApi.Controllers.TradePavilion
DianLiang = parms.GetStringValue("DianLiang"), DianLiang = parms.GetStringValue("DianLiang"),
PrizeId = parms.GetInt("PrizeId", 0), PrizeId = parms.GetInt("PrizeId", 0),
}; };
query.MallBaseId = RequestParm.MallBaseId; query.MallBaseId = userInfo.MallBaseId;
query.TenantId = RequestParm.TenantId; query.TenantId = userInfo.TenantId;
var list = carrierModule.GetBrandPageList(pageModel.pageIndex, pageModel.pageSize, out long rowsCount, query); var list = carrierModule.GetBrandPageList(pageModel.pageIndex, pageModel.pageSize, out long rowsCount, query);
List<RB_FirstShop_ListEnroll_Extend> listEnroll = new List<RB_FirstShop_ListEnroll_Extend>(); List<RB_FirstShop_ListEnroll_Extend> listEnroll = new List<RB_FirstShop_ListEnroll_Extend>();
if (list != null && list.Any()) if (list != null && list.Any())
...@@ -1965,7 +1965,7 @@ namespace Mall.WebApi.Controllers.TradePavilion ...@@ -1965,7 +1965,7 @@ namespace Mall.WebApi.Controllers.TradePavilion
/// <returns></returns> /// <returns></returns>
[HttpGet] [HttpGet]
[HttpPost] [HttpPost]
[AllowAnonymous] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)] [RateValve(Policy = Policy.Ip, Limit = 10, Duration = 60)]
public ApiResult GetBrandDetails() public ApiResult GetBrandDetails()
{ {
var req = RequestParm; var req = RequestParm;
......
...@@ -93,10 +93,10 @@ namespace Mall.WebApi.Controllers.User ...@@ -93,10 +93,10 @@ namespace Mall.WebApi.Controllers.User
{ {
return ApiResult.ParamIsNull("请传递来源平台"); return ApiResult.ParamIsNull("请传递来源平台");
} }
if (string.IsNullOrEmpty(demodel.OpenId)) //if (string.IsNullOrEmpty(demodel.OpenId))
{ //{
return ApiResult.ParamIsNull("请传递唯一码"); // return ApiResult.ParamIsNull("请传递唯一码");
} //}
Model.Extend.MarketingCenter.RB_DiscountCoupon_Extend couponResult = new Model.Extend.MarketingCenter.RB_DiscountCoupon_Extend(); Model.Extend.MarketingCenter.RB_DiscountCoupon_Extend couponResult = new Model.Extend.MarketingCenter.RB_DiscountCoupon_Extend();
......
...@@ -189,7 +189,11 @@ namespace Mall.WebApi.Controllers.User ...@@ -189,7 +189,11 @@ namespace Mall.WebApi.Controllers.User
{ {
var parms = RequestParm; var parms = RequestParm;
var query = JsonConvert.DeserializeObject<RB_Supplier_Extend>(RequestParm.msg.ToString()); var query = JsonConvert.DeserializeObject<RB_Supplier_Extend>(RequestParm.msg.ToString());
query.TenantId = UserInfo.TenantId; if (UserInfo != null)
{
query.TenantId = UserInfo.TenantId;
}
query.MallBaseId = parms.MallBaseId; query.MallBaseId = parms.MallBaseId;
var oldLogisticsList = supplierModule.GetList(query); var oldLogisticsList = supplierModule.GetList(query);
return ApiResult.Success("", oldLogisticsList); return ApiResult.Success("", oldLogisticsList);
......
...@@ -50,71 +50,108 @@ namespace Mall.WebApi.Filter ...@@ -50,71 +50,108 @@ namespace Mall.WebApi.Filter
isCheckToken = false; isCheckToken = false;
} }
#region Token校验 #region Token校验
if (isCheckToken) if (isCheckToken)
{ {
JWTValidat(actionContext, token); JWTValidat(actionContext, token);
} }
#endregion #endregion
#region 签名校验权限校验 //token
if (actionContext.HttpContext.Items[GlobalKey.TokenUserInfo] != null) var userToken = actionContext.HttpContext.Items[GlobalKey.TokenUserInfo];
if (userToken != null && !string.IsNullOrEmpty(userToken.ToString()))
{ {
string openValidation = new ConfigurationBuilder().Add(new JsonConfigurationSource { Path = "appsettings.json" }).Build().GetSection("OpenValidation").Value; JObject parms = JObject.Parse(userToken.ToString());
if (openValidation.Equals("True")) var requestFrom = parms.GetInt("requestFrom");
var uid = parms.GetStringValue("uid");
//后台用户
if (requestFrom == 1)
{ {
TokenUserInfo userInfo = JsonConvert.DeserializeObject<TokenUserInfo>(actionContext.HttpContext.Items[GlobalKey.TokenUserInfo].ToString()); var cacheUser = UserReidsCache.GetUserLoginInfo(uid);
if (userInfo != null && (userInfo.requestFrom == Mall.Common.Enum.ApiRequestFromEnum.Web || userInfo.requestFrom == Mall.Common.Enum.ApiRequestFromEnum.MiniProgram)) if (cacheUser == null || (cacheUser != null && (cacheUser.TenantId <= 0)))
{
SignValidat(actionContext, parm);
}
else
{ {
#region 权限校验 actionContext.Result = new Microsoft.AspNetCore.Mvc.JsonResult(new ApiResult
if (userInfo.uid != Config.AdminId)
{ {
resultCode = (int)ResultCode.FormRepeatSubmit,
SignValidat(actionContext, parm); message = "Token验证失败!",
//PermissionValidat(actionContext); data = null
} });
#endregion
} }
} }
} else
#endregion
#region 验证表单重复提交
string controllerName = actionContext.ActionDescriptor.RouteValues["controller"].ToString().ToLower();
string actionName = actionContext.ActionDescriptor.RouteValues["action"].ToString().ToLower();
if (!actionName.ToLower().Contains("get"))
{
string cachedKey = SecurityHelper.MD5(string.Format("cmd={0}&token={1}", controllerName + "/" + actionName, token));
try
{ {
if (UserReidsCache.Exists(cachedKey))//判断表单是否重复提交 var cacheMiniAppUser = UserReidsCache.GetAppletUserLoginInfo(uid);
if (cacheMiniAppUser == null || (cacheMiniAppUser != null && (cacheMiniAppUser.UserId <= 0)))
{ {
actionContext.Result = new Microsoft.AspNetCore.Mvc.JsonResult(new ApiResult actionContext.Result = new Microsoft.AspNetCore.Mvc.JsonResult(new ApiResult
{ {
resultCode = (int)ResultCode.FormRepeatSubmit, resultCode = (int)ResultCode.FormRepeatSubmit,
message = "表单重复提交,请稍后再试", message = "Token验证失败!",
data = null data = null
}); });
} }
else }
}
#region 签名校验权限校验
if (actionContext.HttpContext.Items[GlobalKey.TokenUserInfo] != null)
{
string openValidation = new ConfigurationBuilder().Add(new JsonConfigurationSource { Path = "appsettings.json" }).Build().GetSection("OpenValidation").Value;
if (openValidation.Equals("True"))
{ {
//默认3秒钟之内不能重复提交 TokenUserInfo userInfo = JsonConvert.DeserializeObject<TokenUserInfo>(actionContext.HttpContext.Items[GlobalKey.TokenUserInfo].ToString());
UserReidsCache.Set(cachedKey, 1, 3); if (userInfo != null && (userInfo.requestFrom == Mall.Common.Enum.ApiRequestFromEnum.Web || userInfo.requestFrom == Mall.Common.Enum.ApiRequestFromEnum.MiniProgram))
{
SignValidat(actionContext, parm);
}
else
{
#region 权限校验
if (userInfo.uid != Config.AdminId)
{
SignValidat(actionContext, parm);
//PermissionValidat(actionContext);
}
#endregion
}
} }
} }
catch #endregion
#region 验证表单重复提交
string controllerName = actionContext.ActionDescriptor.RouteValues["controller"].ToString().ToLower();
string actionName = actionContext.ActionDescriptor.RouteValues["action"].ToString().ToLower();
if (!actionName.ToLower().Contains("get"))
{ {
string cachedKey = SecurityHelper.MD5(string.Format("cmd={0}&token={1}", controllerName + "/" + actionName, token));
try
{
if (UserReidsCache.Exists(cachedKey))//判断表单是否重复提交
{
actionContext.Result = new Microsoft.AspNetCore.Mvc.JsonResult(new ApiResult
{
resultCode = (int)ResultCode.FormRepeatSubmit,
message = "表单重复提交,请稍后再试",
data = null
});
}
else
{
//默认3秒钟之内不能重复提交
UserReidsCache.Set(cachedKey, 1, 3);
}
}
catch
{
}
} }
} #endregion
#endregion
} }
/// <summary> /// <summary>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment