MemberCenter/Member/MemberWeb/Controllers/WXValidController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using ZcPeng.weixin.PublicAccount;
using System.IO;
using System.Text;
using Common.Wechat;
using Microsoft.AspNetCore.Http;

namespace SupplierWeb.Controllers
{
    [Route("api/WXValid")]
    public class WXValidController : Controller
    {
        private readonly ILogger<WXValidController> _logger;
        public WXValidController(ILoggerFactory loggerFactory)
        {
            _logger = loggerFactory.CreateLogger<WXValidController>();
        }

        public string Token = "Token";
        /// <summary>
        /// 验证接口
        /// </summary>
        /// <param name="signature">签名</param>
        /// <param name="timestamp">时间戳</param>
        /// <param name="nonce"></param>
        /// <param name="echostr"></param>
        /// <returns></returns>
        [HttpGet]
        //[AllowAnonymous]
        public ActionResult  Index(string echostr, string signature, string timestamp,string nonce)
        {
            _logger.LogInformation($"echostr:{echostr}, signature:{signature}, timestamp:{timestamp}, nonce:{nonce}");
            if (CheckSignature(signature, timestamp, nonce, Token))
            {
                return Content(echostr);
            }
            return Content("error");
        }
        
        
        /// <summary>
        /// 接收消息并处理和返回相应结果
        /// </summary>
        /// <param name="msg_signature">当加密模式时才会有该变量（消息签名）</param>
        /// <param name="signature">签名</param>
        /// <param name="timestamp">时间戳</param>
        /// <param name="nonce"></param>
        /// <returns></returns>
        [HttpPost]
        //[AllowAnonymous]
        public ActionResult MessagePost(string msg_signature, string signature, string timestamp, string nonce)
        {
            try
            {
                //if (!new SecurityHelper().CheckSignature(signature, timestamp, nonce, _settings.Value.Token))
                //{
                //    return Content(null);
                //}
                using (Stream stream = HttpContext.Request.Body)
                {
                    byte[] buffer = new byte[HttpContext.Request.ContentLength.Value];
                    stream.Read(buffer, 0, buffer.Length);
                    string content = Encoding.UTF8.GetString(buffer);
                    /*if (!string.IsNullOrWhiteSpace(msg_signature)) // 消息加密模式
                    {
                        string decryptMsg = string.Empty;
                        var wxBizMsgCrypt = new WXBizMsgCrypt(_settings.Value.Token, _settings.Value.EncodingAESKey, _settings.Value.AppId);
                        int decryptResult = wxBizMsgCrypt.DecryptMsg(msg_signature, timestamp, nonce, content, ref decryptMsg);
                        if (decryptResult == 0 && !string.IsNullOrWhiteSpace(decryptMsg))
                        {
                            string resultMsg = new WechatMessageHelper().MessageResult(decryptMsg);
                            string sEncryptMsg = string.Empty;
                            if (!string.IsNullOrWhiteSpace(resultMsg))
                            {
                                int encryptResult = wxBizMsgCrypt.EncryptMsg(resultMsg, timestamp, nonce, ref sEncryptMsg);
                                if (encryptResult == 0 && !string.IsNullOrWhiteSpace(sEncryptMsg))
                                {
                                    return Content(sEncryptMsg);
                                }
                            }
                        }
                    }
                    else // 消息未加密码处理
                    {*/
                    string resultMsg = string.Empty;
                    RequestMessageHelper helper = new RequestMessageHelper(content, ref resultMsg);
                    return Content(resultMsg);
                    
                    /*}
                    return Content(null);*/
                }
            }
            catch (Exception ex)
            {
                _logger.LogError("接收消息并处理和返回相应结果异常：", ex);
                return Content(null);
            }
        }
        //////////////////////////////////////////
        /// <summary>
        /// 要与基本配置中的Token一致
        /// </summary>

        //PRotected void Page_Load(string echostr, string signature, string timestamp, string nonce)
        //{
        //    //Log.Debug("Token", "测试输出: echoStr = " + echoStr);
        //    if (CheckSignature() && !string.IsNullOrEmpty(echoStr))
        //    {
        //        Response.Write(echoStr);
        //        Response.End();
        //    }
        //}

        /// <summary>
        /// 验证微信签名
        /// </summary>
        /// * 将token、timestamp、nonce三个参数进行字典序排序
        /// * 将三个参数字符串拼接成一个字符串进行sha1加密
        /// * 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信。
        /// <returns></returns>
        private bool CheckSignature(string msg_signature, string signature, string timestamp, string nonce)
        {
            //Log.Debug("Token", "测试输出: signature = " + signature);
            //Log.Debug("Token", "测试输出: timestamp = " + timestamp);
            //Log.Debug("Token", "测试输出: nonce = " + nonce);
            string[] arrTmp = { Token, timestamp, nonce };
            Array.Sort(arrTmp);
            string tmpStr = string.Join("", arrTmp);
            //tmpStr = System.Web.Security.FormsAuthentication.HashPassWordForStoringInConfigFile(tmpStr, "SHA1");
            //if (tmpStr != null)
            //{
            //    tmpStr = tmpStr.ToLower();
            //    return tmpStr == signature;
            //}
            return true;
            //return false;
        }
    }
}