namespace CounsellorBL { using CounsellorBL.BLStructure; using CounsellorBL.Common; using CounsellorBL.ConstDefinition; using CounsellorBL.Helper; using Microsoft.Extensions.Caching.Memory; using MonumentDefine; using OT.COM.ArsenalDB; using OT.COM.SignalerMessage; using SoldierData.EnterprizeV4; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Globalization; using System.Linq; public partial class AuthorityService : DBService { public override string MainTable => null; [Auth(false)] public CResponseMessage HandShake(CRequestMessage i_crmInput) { CResponseMessage crmRes = new CSuccessResponseMessage(null, i_crmInput); crmRes.param[BLWording.TOKEN] = Guid.NewGuid().ToString(); return crmRes; } [Auth(false)] public CResponseMessage Login(CRequestMessage i_crmInput) { int nExpMinute = Convert.ToInt32(CustomizeDBMgr.SettingData[BLWording.TOKEN_EXP_MINUTE], CultureInfo.CurrentCulture); string sMsg = null; CResponseMessage crmRes = null; do { List> lDic = getQryParameterList(i_crmInput); IMemoryCache imc = GetMemoryCache(); if (imc != null) { lock (imc) { if (imc.TryGetValue(BLWording.TOKENMAP, out ConcurrentDictionary dicMap)) { List lKeys = dicMap.Keys.ToList(); DateTime dtLast = DateTime.Now.AddMinutes(-1 * nExpMinute); foreach (string sKey in lKeys) { tb_sys_session s = dicMap[sKey]; if (s.update_date < dtLast) { dicMap.TryRemove(sKey, out _); } } } } } if (lDic != null && lDic.Count == 1) { Dictionary dicLoginInfo = lDic[0]; bool bIsAD = false; if (dicLoginInfo.ContainsKey(BLWording.ENTERCODE) && dicLoginInfo.ContainsKey(BLWording.AUTOENTER)) { string sEnterCode = dicLoginInfo[BLWording.ENTERCODE].ToString(); string sAutoCode = dicLoginInfo[BLWording.AUTOENTER].ToString(); int nLen = sEnterCode.Length; int nIdex = 0; if (nLen > 0 && nLen == sAutoCode.Length) { for (nIdex = 0; nIdex < nLen; nIdex++) { if (sEnterCode[nIdex] != sAutoCode[nLen - nIdex - 1]) { break; } } } bIsAD = nIdex == nLen; } QueryJsonElementCollection lBlocks = new QueryJsonElementCollection(); QueryJsonElement qjeA = lBlocks.GetInst(); qjeA.table = tb_sys_user.TABLENAME; qjeA.wherecols = new WhereNode(WhereNode.ENodeOperation.ENO_AND, new WhereNode(tb_sys_user.CN_ACCOUNT, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_user), dicLoginInfo[tb_sys_user.CN_ACCOUNT]), new WhereNode(tb_sys_user.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_user), BLWording.STATUS_FLAG_ON) ); qjeA.displaycols = new List() { tb_sys_user.CN_UID }; lBlocks.Add(qjeA); QueryJsonElement qjeEmp = lBlocks.GetInst(); qjeEmp.table = tb_hr_employee.TABLENAME; qjeEmp.jointype = QueryJsonElement.LEFT_JOIN; qjeEmp.joincols = new Dictionary() { {tb_hr_employee.CN_UID, tb_sys_user.CN_UID } }; qjeEmp.jointable = qjeA; lBlocks.Add(qjeEmp); QueryJsonElement qjeB = lBlocks.GetInst(); qjeB.table = tb_sys_user2entercode.TABLENAME; qjeB.jointype = QueryJsonElement.LEFT_JOIN; qjeB.joincols = new Dictionary() { {tb_sys_user2entercode.CN_USER_UID, tb_sys_user.CN_UID } }; qjeB.jointable = qjeA; sMsg = EncryptHelper.Encrypt(dicLoginInfo[BLWording.ENTERCODE].ToString(), out string sEnc); if (sMsg != null) { break; } if (!bIsAD) { qjeB.wherecols = new WhereNode(tb_sys_user2entercode.CN_USER_ENTERCODE, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_user2entercode), sEnc); } lBlocks.Add(qjeB); QueryJsonElement qjeC = lBlocks.GetInst(); qjeC.table = tb_sys_user2role.TABLENAME; qjeC.jointype = QueryJsonElement.LEFT_JOIN; qjeC.displaycols = new List() { tb_sys_user2role.CN_ROLE_UID, tb_sys_user2role.CN_STATUS_FLAG }; qjeC.joincols = new Dictionary() { {tb_sys_user2role.CN_USER_UID, tb_sys_user.CN_UID } }; qjeC.jointable = qjeA; //qjeC.wherecols = new WhereNode(tb_sys_user2role.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_user2role), BLWording.STATUS_FLAG_ON); lBlocks.Add(qjeC); // QueryJsonElement qjeD = lBlocks.GetInst(); // qjeD.table = tb_sys_role2org.TABLENAME; // qjeD.jointype = QueryJsonElement.LEFT_JOIN; // qjeD.joincols = new Dictionary() //{ {tb_sys_role2org.CN_ROLE_UID, tb_sys_user2role.CN_ROLE_UID } }; // qjeD.jointable = qjeC; // qjeD.wherecols = new WhereNode(WhereNode.ENodeOperation.ENO_AND, // new WhereNode(tb_sys_role2org.CN_ORG_UID, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_role2org), dicLoginInfo[BLWording.ORGANIZATION]), // new WhereNode(tb_sys_role2org.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_role2org), BLWording.STATUS_FLAG_ON)); // lBlocks.Add(qjeD); sMsg = MakeSelectJoinByBlocks(lBlocks, out Command cSelect); ArsenalInterface ai = ArsenalDBMgr.GetInst(cSelect); List lRes = ai.RunQueryList(cSelect, null); //QueryDataSet lRes = ai.RunQueryDataSet(cSelect, null); if (!cSelect.IsSuccess) { break; } if (!lRes.Any()) { sMsg = BseMessageWording.NO_MATCHED_ACCOUNT; break; } string sRoleName = "NoRole"; if (!string.IsNullOrEmpty(lRes[0].role_uid) && lRes[0].status_flag == BLWording.STATUS_FLAG_ON) { tb_sys_role rData = new tb_sys_role(); rData.SetDirty(tb_sys_role.CN_NAME); tb_sys_role rCond = new tb_sys_role() { uid = lRes[0].role_uid }; Command cSelectRoleName = Command.SetupSelectCmd(rData, rCond); List lRole = ai.RunQueryList(cSelectRoleName, null); sRoleName = lRole[0].name; } List lCmds = new List(); DateTime dtNow = DateTime.Now.AddMinutes(-1 * Convert.ToInt32(CustomizeDBMgr.SettingData[BLWording.TOKEN_EXP_MINUTE], CultureInfo.CurrentCulture)); WhereNode wn = new WhereNode(tb_sys_session.CN_UPDATE_DATE, WhereNode.EColumnOperation.EOT_LT, typeof(tb_sys_session), dtNow); Command cDelete = Command.SetupDeleteCmd(wn); lCmds.Add(cDelete); tb_sys_session s = new tb_sys_session(); s.create_user_uid = s.update_user_uid = lRes[0].uid; s.create_org_uid = s.update_org_uid = dicLoginInfo[BLWording.ORGANIZATION].ToString(); s.role_name = sRoleName; s.uid = Guid.NewGuid().ToString(); Command cInsert = Command.SetupInsertCmd(s); lCmds.Add(cInsert); ai.RunEditCmds(lCmds); if (!cInsert.IsSuccess) { sMsg = cInsert.LastErrorCode; break; } // Privilidges List lRoles = new List(); foreach (tb_sys_user2role r in lRes) { lRoles.Add(r.role_uid); } lBlocks.Clear(); QueryJsonElement qjeAp = lBlocks.GetInst(); qjeAp.table = tb_sys_program2action_grant.TABLENAME; qjeAp.displaycols = new List() { tb_sys_program2action_grant.CN_PROGRAM2ACTION_UID, tb_sys_program2action_grant.CN_UID, tb_sys_program2action_grant.CN_GRANT_UID }; qjeAp.wherecols = new WhereNode(WhereNode.ENodeOperation.ENO_AND, new WhereNode(tb_sys_program2action_grant.CN_GRANT_TYPE, WhereNode.EColumnOperation.EOT_IN, typeof(tb_sys_program2action_grant), BLWording.ROLE_ID), new WhereNode(tb_sys_program2action_grant.CN_GRANT_UID, WhereNode.EColumnOperation.EOT_IN, typeof(tb_sys_program2action_grant), lRoles.ToArray()), new WhereNode(tb_sys_program2action_grant.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_program2action_grant), BLWording.STATUS_FLAG_ON) ); lBlocks.Add(qjeAp); QueryJsonElement qjeBp = lBlocks.GetInst(); qjeBp.table = tb_sys_program2action.TABLENAME; qjeBp.aliascols = new Dictionary>() { { tb_sys_program2action.CN_ACTION_NAME, new List() { "action_name" } } }; qjeBp.jointype = QueryJsonElement.LEFT_JOIN; qjeBp.jointable = qjeAp; qjeBp.joincols = new Dictionary() { { tb_sys_program2action.CN_UID,tb_sys_program2action_grant.CN_PROGRAM2ACTION_UID }}; lBlocks.Add(qjeBp); QueryJsonElement qjeCp = lBlocks.GetInst(); qjeCp.table = tb_sys_program.TABLENAME; qjeCp.displaycols = new List() { tb_sys_program.CN_ROUT_PATH, tb_sys_program.CN_MODULE_UID, tb_sys_program.CN_SEQ, tb_sys_program.CN_ICON, tb_sys_program.CN_MENUDISPLAY }; qjeCp.aliascols = new Dictionary>() { { tb_sys_program.CN_NAME, new List() { "program_name" } }, { tb_sys_program.CN_UID, new List() { "program_id" } } }; qjeCp.jointype = QueryJsonElement.LEFT_JOIN; qjeCp.joincols = new Dictionary() { {tb_sys_program.CN_UID, tb_sys_program2action.CN_PROGRAM_UID } }; qjeCp.jointable = qjeBp; qjeCp.wherecols = new WhereNode(tb_sys_program.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_program), BLWording.STATUS_FLAG_ON); lBlocks.Add(qjeCp); QueryJsonElement qjeDp = lBlocks.GetInst(); qjeDp.table = tb_sys_role.TABLENAME; qjeDp.aliascols = new Dictionary>() { { tb_sys_role.CN_NAME, new List() { "role_name" } } }; qjeDp.jointype = QueryJsonElement.LEFT_JOIN; qjeDp.joincols = new Dictionary() { {tb_sys_role.CN_UID, tb_sys_program2action_grant.CN_GRANT_UID } }; qjeDp.jointable = qjeAp; lBlocks.Add(qjeDp); qjeAp.ordercols = new List>() { Tuple.Create(qjeCp, tb_sys_program.CN_SEQ, BLWording.ORDER_ASC), Tuple.Create(qjeBp, tb_sys_program2action.CN_SEQUENCE, BLWording.ORDER_ASC) }; sMsg = MakeSelectJoinByBlocks(lBlocks, out cSelect); QueryDataSet qds = ai.RunQueryDataSet(cSelect, null); lBlocks.Clear(); QueryJsonElement qjeUser = lBlocks.GetInst(); qjeUser.table = tb_sys_program2action_grant.TABLENAME; qjeUser.displaycols = new List() { tb_sys_program2action_grant.CN_PROGRAM2ACTION_UID, tb_sys_program2action_grant.CN_UID, tb_sys_program2action_grant.CN_GRANT_UID }; qjeUser.wherecols = new WhereNode(WhereNode.ENodeOperation.ENO_AND, new WhereNode(tb_sys_program2action_grant.CN_GRANT_TYPE, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_program2action_grant), BLWording.USER_ID), new WhereNode(tb_sys_program2action_grant.CN_GRANT_UID, WhereNode.EColumnOperation.EOT_IN, typeof(tb_sys_program2action_grant), lRes.Select(x => x.user_uid).FirstOrDefault()), new WhereNode(tb_sys_program2action_grant.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_program2action_grant), BLWording.STATUS_FLAG_ON) ); lBlocks.Add(qjeUser); QueryJsonElement qjeUserA = lBlocks.GetInst(); qjeUserA.table = tb_sys_program2action.TABLENAME; qjeUserA.aliascols = new Dictionary>() { { tb_sys_program2action.CN_ACTION_NAME, new List() { "action_name" } } }; qjeUserA.jointype = QueryJsonElement.LEFT_JOIN; qjeUserA.jointable = qjeUser; qjeUserA.joincols = new Dictionary() { { tb_sys_program2action.CN_UID,tb_sys_program2action_grant.CN_PROGRAM2ACTION_UID }}; lBlocks.Add(qjeUserA); QueryJsonElement qjeUserP = lBlocks.GetInst(); qjeUserP.table = tb_sys_program.TABLENAME; qjeUserP.displaycols = new List() { tb_sys_program.CN_ROUT_PATH, tb_sys_program.CN_MODULE_UID, tb_sys_program.CN_SEQ, tb_sys_program.CN_ICON, tb_sys_program.CN_MENUDISPLAY }; qjeUserP.aliascols = new Dictionary>() { { tb_sys_program.CN_NAME, new List() { "program_name" } }, { tb_sys_program.CN_UID, new List() { "program_id" } } }; qjeUserP.jointype = QueryJsonElement.LEFT_JOIN; qjeUserP.joincols = new Dictionary() { {tb_sys_program.CN_UID, tb_sys_program2action.CN_PROGRAM_UID } }; qjeUserP.jointable = qjeUserA; qjeUserP.wherecols = new WhereNode(tb_sys_program.CN_STATUS_FLAG, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_program), "1"); lBlocks.Add(qjeUserP); qjeUser.ordercols = new List>() { Tuple.Create(qjeUserP, tb_sys_program.CN_SEQ, BLWording.ORDER_ASC), Tuple.Create(qjeUserA, tb_sys_program2action.CN_SEQUENCE, BLWording.ORDER_ASC) }; cSelect = null; sMsg = MakeSelectJoinByBlocks(lBlocks, out cSelect); QueryDataSet qdsUser = ai.RunQueryDataSet(cSelect, null); var roleData = new QueryResponse(qds).Records; var userData = new QueryResponse(qdsUser).Records; var qrsPrivilidge = roleData.Union(userData).ToList(); crmRes = new CSuccessResponseMessage(null, i_crmInput); crmRes.param[BLWording.TOKEN] = s.uid; crmRes.param[BLWording.PRIVILEGES] = qrsPrivilidge; crmRes.param["rolename"] = sRoleName; } } while (false); if (sMsg != null) { crmRes = new CErrorResponseMessage(sMsg, i_crmInput); } return crmRes; } private class VarificationModel { public string ip_address { get; set; } public string create_user_uid { get; set; } public string branch_name { get; set; } } public CResponseMessage VerifyIPAddress(CRequestMessage i_crmInput) { string sMsg = null; CResponseMessage crmRes = null; do { List> lDic = getQryParameterList(i_crmInput); var receive_branch_uid = ProjectHelper.GetLoginUser(i_crmInput).receive_branch_uid; if (lDic != null && lDic.Count == 1) { if (i_crmInput == null) { throw new ArgumentNullException(nameof(i_crmInput)); } var token = i_crmInput.token; if (!string.IsNullOrEmpty(token)) { QueryJsonElementCollection lBlocks = new QueryJsonElementCollection(); QueryJsonElement qjeSession = lBlocks.GetInst(); qjeSession.table = tb_sys_session.TABLENAME; qjeSession.wherecols = new WhereNode(tb_sys_session.CN_UID, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_sys_session), token); qjeSession.displaycols = new List { tb_sys_session.CN_CREATE_USER_UID }; // 人員資訊 QueryJsonElement qjeEmployee = lBlocks.GetInst(); qjeEmployee.table = tb_hr_employee.TABLENAME; qjeEmployee.jointype = QueryJsonElement.JOIN; qjeEmployee.joincols = new Dictionary() { { tb_hr_employee.CN_UID, tb_sys_session.CN_CREATE_USER_UID } }; qjeEmployee.jointable = qjeSession; // 所屬社團 QueryJsonElement qjeEmp2Branch = lBlocks.GetInst(); qjeEmp2Branch.table = tb_hr_employee2branch.TABLENAME; qjeEmp2Branch.jointype = QueryJsonElement.JOIN; qjeEmp2Branch.joincols = new Dictionary() { { tb_hr_employee2branch.CN_UID, tb_hr_employee.CN_UID } }; qjeEmp2Branch.jointable = qjeEmployee; // 社團資訊 QueryJsonElement qjeBranch = lBlocks.GetInst(); qjeBranch.table = tb_grp_branch.TABLENAME; qjeBranch.jointype = QueryJsonElement.JOIN; qjeBranch.joincols = new Dictionary() { { tb_grp_branch.CN_UID, tb_hr_employee2branch.CN_BRANCH_UID } }; qjeBranch.wherecols = new WhereNode(tb_grp_branch.CN_UID, WhereNode.EColumnOperation.EOT_EQ, typeof(tb_grp_branch), receive_branch_uid); qjeBranch.jointable = qjeEmp2Branch; qjeBranch.displaycols = new List() { tb_grp_branch.CN_BRANCH_NAME, tb_grp_branch.CN_IP_ADDRESS, }; lBlocks.Add(qjeSession); lBlocks.Add(qjeEmployee); lBlocks.Add(qjeEmp2Branch); lBlocks.Add(qjeBranch); sMsg = MakeSelectJoinByBlocks(lBlocks, out Command cRes); ArsenalInterface ai = ArsenalDBMgr.GetInst(cRes); var qds = ai.RunQueryList(cRes); List ipList = new List(); foreach (var item in qds) { if (!string.IsNullOrEmpty(item.ip_address)) { ipList.AddRange(item.ip_address.Split(',').ToList()); } } var count = ipList.Count(x => x == i_crmInput.clientip); Logger.Info("IP_Address = " + i_crmInput.clientip); if (ipList.Count > 0 && count < 1 && i_crmInput.clientip != "::1" && i_crmInput.clientip != "127.0.0.1") { sMsg = "IP address invalid"; break; } } crmRes = new CSuccessResponseMessage(null, i_crmInput); } } while (false); if (sMsg != null) { crmRes = new CErrorResponseMessage(sMsg, i_crmInput); } return crmRes; } } }