using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using Microsoft.AspNetCore.Cors; using Dapper; using System.Data; using System.Data.SqlClient; using System.Web; using System.Text; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using Dapper.Contrib.Extensions; using System.IO; using System.Threading; using System.Dynamic; using NPOI; using NPOI.HPSF; using NPOI.HSSF; using NPOI.HSSF.UserModel; using NPOI.XSSF; using NPOI.XSSF.UserModel; using NPOI.POIFS; using NPOI.Util; using Microsoft.Extensions.Configuration; using System.Security.Policy; using NPOI.SS.Formula.Functions; using static DbTableClass; using System.Runtime.InteropServices.ObjectiveC; using static System.Net.WebRequestMethods; using System.Diagnostics.Eventing.Reader; namespace Journeys_WantHome.Controllers { [Route("AuthApi")] public class AuthApiController : ControllerBase { private readonly IHttpContextAccessor _httpContextAccessor; DbConn dbConn = new DbConn(); SqlConnection conn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:SQLConnectionString")); SqlConnection elabConn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:ElabConnectionString")); public AuthApiController(IHttpContextAccessor httpContextAccessor) { this._httpContextAccessor = httpContextAccessor; } [Route("addEditDelItem")] public ActionResult AddEditDelItem(IFormCollection obj) { optionItemResult ret = new optionItemResult(); authToken token = new authToken(this._httpContextAccessor); if (token.user_isLogin == false) { HttpContext.Response.Cookies.Delete("token_key"); ret.ret = "no"; ret.err_code = "99999"; ret.message = "非登入狀態!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (token.user_perm != "system") { ret.ret = "no"; ret.err_code = "90001"; ret.message = "此帳號無此api使用權限!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } string option_uid = obj["option_uid"].ToString(); string optionItem_uid = obj["optionItem_uid"].ToString(); string optionItem_name = obj["optionItem_name"].ToString(); string method = obj["method"].ToString(); if (option_uid == "") { ret.ret = "no"; ret.err_code = "00001"; ret.message = "無option_uid資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "") { ret.ret = "no"; ret.err_code = "0002"; ret.message = "無method資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "get") { optionItem item = conn.QueryFirstOrDefault("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid and optionItem_uid = @optionItem_uid", new { option_uid = option_uid, optionItem_uid = optionItem_uid}); if (item == null) { ret.ret = "no"; ret.err_code = "0003"; ret.message = "無此筆資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.ret = "yes"; ret.optionItem = item; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "add") { if (optionItem_name == "") { ret.ret = "no"; ret.err_code = "0004"; ret.message = "無項目名稱!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } optionItem item = conn.QueryFirstOrDefault("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid and optionItem_name = @optionItem_name", new { option_uid = option_uid, optionItem_name = optionItem_name}); if (item != null) { ret.ret = "no"; ret.err_code = "0005"; ret.message = "此項目名稱已存在!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } List itemsList = conn.Query("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid", new { option_uid = option_uid}).ToList(); optionItem_uid = "item_" + GlobalClass.CreateRandomCode(8); item = new optionItem(); item.option_uid = option_uid; item.optionItem_uid = optionItem_uid; item.optionItem_name = optionItem_name; item.optionItem_ishide = "N"; item.optionItem_userId = token.user_id; item.optionItem_order = itemsList.Count + 1; conn.Insert(item); ret.ret = "yes"; ret.optionItem = item; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "edit") { if (optionItem_name == "") { ret.ret = "no"; ret.err_code = "0004"; ret.message = "無項目名稱!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } optionItem item = conn.QueryFirstOrDefault("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid and optionItem_name = @optionItem_name and optionItem_uid <> @optionItem_uid", new { option_uid = option_uid, optionItem_name = optionItem_name, optionItem_uid = optionItem_uid }); if (item != null) { ret.ret = "no"; ret.err_code = "0005"; ret.message = "此修改後項目名稱已被使用!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } optionItem editItem = conn.QueryFirstOrDefault("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid and optionItem_uid = @optionItem_uid", new { option_uid = option_uid, optionItem_uid = optionItem_uid}); if (editItem == null) { ret.ret = "no"; ret.err_code = "0003"; ret.message = "無此筆資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } editItem.optionItem_name = optionItem_name; editItem.optionItem_userId = token.user_id; editItem.optionItem_modifydate = DateTime.Now; conn.Update(editItem); ret.ret = "yes"; ret.optionItem = editItem; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "del") { optionItem editItem = conn.QueryFirstOrDefault("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid and optionItem_uid = @optionItem_uid", new { option_uid = option_uid, optionItem_uid = optionItem_uid }); if (editItem == null) { ret.ret = "no"; ret.err_code = "0003"; ret.message = "無此筆資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } editItem.optionItem_userId = token.user_id; editItem.optionItem_modifydate = DateTime.Now; editItem.optionItem_ishide = "Y"; conn.Update(editItem); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } [Route("optionItemList")] public ActionResult OptionItemList(IFormCollection obj) { optionListResult ret = new optionListResult(); authToken token = new authToken(this._httpContextAccessor); if (token.user_isLogin == false) { HttpContext.Response.Cookies.Delete("token_key"); ret.ret = "no"; ret.err_code = "99999"; ret.message = "非登入狀態!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (token.user_perm != "system") { ret.ret = "no"; ret.err_code = "90001"; ret.message = "此帳號無此api使用權限!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } string option_uid = obj["option_uid"].ToString(); if (option_uid == "") { ret.ret = "no"; ret.err_code = "00001"; ret.message = "無option_uid資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.optionItems = conn.Query("select * from optionItem where optionItem_ishide = 'N' and option_uid = @option_uid order by optionItem_order ", new { option_uid = option_uid }).ToList(); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } [Route("addEditGetUser")] public ActionResult AddEditGetUser(IFormCollection obj) { updateUserResult ret = new updateUserResult(); authToken token = new authToken(this._httpContextAccessor); if (token.user_isLogin == false) { HttpContext.Response.Cookies.Delete("token_key"); ret.ret = "no"; ret.err_code = "99999"; ret.message = "非登入狀態!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (token.user_perm != "system") { ret.ret = "no"; ret.err_code = "90001"; ret.message = "此帳號無此api使用權限!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } string method = obj["method"].ToString(); if (method == "") { ret.ret = "no"; ret.err_code = "0001"; ret.message = "沒有method參數"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "add") { string user_type = obj["user_type"].ToString(); string user_perm = obj["user_perm"].ToString(); if (user_type == "") { ret.ret = "no"; ret.err_code = "0002"; ret.message = "沒有user_type參數"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } //N為E白板帳號 if (user_type == "N") { string user_id = obj["user_elabName"].ToString(); user newUser = conn.QueryFirstOrDefault("select * from users where user_id = @user_id ", new { user_id = user_id }); if (newUser != null) { ret.ret = "no"; ret.err_code = "0003"; ret.message = "此帳號已經存在於系統!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } new_userdata elabUser; try { elabUser = elabConn.QueryFirstOrDefault("select * from new_userdata where userid = @user_id", new { user_id = user_id }); } catch (Exception ex) { ret.ret = "no"; ret.err_code = "90001"; ret.message = ex.Message; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (elabUser == null) { ret.ret = "no"; ret.err_code = "0004"; ret.message = "E白板無此帳號!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } string user_uid = GlobalClass.CreateRandomCode(12); newUser = new user(); newUser.user_uid = user_uid; newUser.user_name = elabUser.username; newUser.user_id = elabUser.userid; newUser.user_email = elabUser.mail; newUser.user_type = user_type; newUser.user_onjob = "Y"; newUser.user_perm = user_perm; newUser.user_ishidden = "N"; newUser.user_createdate = DateTime.Now; if (user_perm == "") { ret.ret = "no"; ret.err_code = "0009"; ret.message = "無此帳號的權限設定值!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } conn.Insert(newUser); ret.ret = "yes"; ret.user = newUser; } else { string user_id = obj["user_id"].ToString(); string user_pwd = obj["user_pwd"].ToString(); string user_uid = GlobalClass.CreateRandomCode(12); string user_name = obj["user_name"].ToString(); string user_email = obj["user_email"].ToString(); if (user_id == "") { ret.ret = "no"; ret.err_code = "0006"; ret.message = "請輸入帳號ID!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (user_name == "") { ret.ret = "no"; ret.err_code = "0006"; ret.message = "請輸入帳號名稱!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (user_perm == "") { ret.ret = "no"; ret.err_code = "0009"; ret.message = "無此帳號的權限設定值!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (GlobalClass.isEmail(user_email) == false) { ret.ret = "no"; ret.err_code = "0007"; ret.message = "請輸入正確EMail!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } user newUser = conn.QueryFirstOrDefault("select * from users where user_id = @user_id ", new { user_id = user_id }); if (newUser != null) { ret.ret = "no"; ret.err_code = "0003"; ret.message = "此帳號已經存在於系統!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } new_userdata elabUser = elabConn.QueryFirstOrDefault("select * from new_userdata where userid = @user_id", new { user_id = user_id }); if (elabUser != null) { ret.ret = "no"; ret.err_code = "0005"; ret.message = "E白板系統內有此帳號ID,請換帳號或改以E白板帳號加入!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } newUser = new user(); newUser.user_uid = user_uid; newUser.user_id = user_id; newUser.user_name = user_name; newUser.user_pwd = user_pwd; newUser.user_email = user_email; newUser.user_type = user_type; newUser.user_onjob = "Y"; newUser.user_perm = user_perm; newUser.user_ishidden = "N"; newUser.user_createdate = DateTime.Now; conn.Insert(newUser); ret.ret = "yes"; ret.user = newUser; } return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "edit") { string user_type = obj["user_type"].ToString(); string user_uid = obj["user_uid"].ToString(); string user_perm = obj["user_perm"].ToString(); if (user_type == "") { ret.ret = "no"; ret.err_code = "0002"; ret.message = "沒有user_type參數"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (user_perm == "") { ret.ret = "no"; ret.err_code = "0009"; ret.message = "無此帳號的權限設定值!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } user editUser = conn.QueryFirstOrDefault("select * from users where user_uid = @user_uid and user_type = @user_type", new { user_uid = user_uid, user_type = user_type }); if (editUser == null) { ret.ret = "no"; ret.err_code = "0008"; ret.message = "沒有此用戶資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } //N為E白板帳號 if (user_type == "N") { editUser.user_perm = user_perm; } else { string user_pwd = obj["user_pwd"].ToString(); string user_name = obj["user_name"].ToString(); string user_email = obj["user_email"].ToString(); editUser.user_perm = user_perm; if (user_name == "") { ret.ret = "no"; ret.err_code = "0006"; ret.message = "請輸入帳號名稱!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (GlobalClass.isEmail(user_email) == false) { ret.ret = "no"; ret.err_code = "0007"; ret.message = "請輸入正確EMail!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (user_pwd != "") { editUser.user_pwd = user_pwd; } editUser.user_name = user_name; editUser.user_email = user_email; } conn.Update(editUser); ret.ret = "yes"; ret.user = editUser; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "del") { string user_uid = obj["user_uid"].ToString(); user editUser = conn.QueryFirstOrDefault("select * from users where user_ishidden = 'N' and user_uid = @user_uid ", new { user_uid = user_uid }); if (editUser == null) { ret.ret = "no"; ret.err_code = "0008"; ret.message = "沒有此用戶資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } editUser.user_ishidden = "Y"; conn.Update(editUser); if (editUser.user_lastlogintime == "") { conn.Delete(editUser); } ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (method == "get") { string user_uid = obj["user_uid"].ToString(); user editUser = conn.QueryFirstOrDefault("select * from users where user_ishidden = 'N' and user_uid = @user_uid", new { user_uid = user_uid }); if (editUser == null) { ret.ret = "no"; ret.err_code = "0008"; ret.message = "沒有此用戶資料!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.ret = "yes"; ret.user = editUser; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } [Route("elab_UserList")] public ActionResult Elab_UserList(IFormCollection obj) { elabUserListResult ret = new elabUserListResult(); authToken token = new authToken(this._httpContextAccessor); if (token.user_isLogin == false) { HttpContext.Response.Cookies.Delete("token_key"); ret.ret = "no"; ret.err_code = "99999"; ret.message = "非登入狀態!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (token.user_perm != "system") { ret.ret = "no"; ret.err_code = "90001"; ret.message = "此帳號無此api使用權限!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.userList = elabConn.Query("select * from new_userdata where onjob = 0 order by usersn desc ").ToList(); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } [Route("userList")] public ActionResult UserList(IFormCollection obj) { userListResult ret = new userListResult(); authToken token = new authToken(this._httpContextAccessor); if (token.user_isLogin == false) { HttpContext.Response.Cookies.Delete("token_key"); ret.ret = "no"; ret.err_code = "99999"; ret.message = "非登入狀態!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (token.user_perm != "system") { ret.ret = "no"; ret.err_code = "90001"; ret.message = "此帳號無此api使用權限!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.userList = conn.Query("select * from users where user_ishidden = 'N' order by user_sn desc").ToList(); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } [Route("signin")] public ActionResult Signin(IFormCollection obj) { signinResult ret = new signinResult(); string input_ID = obj["id"].ToString(); string input_PWD = obj["pwd"].ToString(); string input_isRemember = obj["remember"].ToString(); string sys_ID = GlobalClass.appsettings("Admin:id"); string sys_PWD = GlobalClass.Sha256(GlobalClass.appsettings("Admin:pwd")); if (input_ID == "") { ret.ret = "no"; ret.err_code = "0001"; ret.message = "帳號或密碼錯誤!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } //判斷是否為系統預設帳號 if (input_ID == sys_ID) { if (input_PWD != sys_PWD) { ret.ret = "no"; ret.err_code = "0001"; ret.message = "帳號或密碼錯誤!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } token adminToken = new token(); int intexpireMin = 20; if (input_isRemember == "Y") { intexpireMin = 60 * 24 * 7; } string token_key = GlobalClass.CreateRandomCode(24); adminToken.user_uid = GlobalClass.appsettings("Admin:uid"); adminToken.user_id = GlobalClass.appsettings("Admin:id"); adminToken.token_isremember = input_isRemember; adminToken.token_key = token_key; adminToken.token_createdate = DateTime.Now; adminToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin); conn.Insert(adminToken); CookieOptions options = new CookieOptions(); options.Secure = true; options.Expires = DateTime.Now.AddMinutes(intexpireMin); HttpContext.Response.Cookies.Delete("token_key"); _httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } else { //非系統帳號 user webUser = conn.QueryFirstOrDefault("select * from users where user_ishidden = 'N' and user_id = @user_id", new { user_id = input_ID}); if (webUser == null) { ret.ret = "no"; ret.err_code = "0002"; ret.message = "系統無此帳號!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (webUser.user_onjob == "N") { ret.ret = "no"; ret.err_code = "0003"; ret.message = "此帳號已經離職,無法登入"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } webUser.user_lastlogintime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); if (webUser.user_type == "Y") { if (input_PWD != webUser.user_pwd) { ret.ret = "no"; ret.err_code = "0004"; ret.message = "密碼錯誤!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } } else { new_userdata elabUser = elabConn.QueryFirstOrDefault("select * from new_userdata where userid = @userid", new { userid = webUser.user_id }); if (input_PWD != GlobalClass.Sha256(elabUser.userpw)) { ret.ret = "no"; ret.err_code = "0004"; ret.message = "密碼錯誤!"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } if (elabUser.onjob == 1) { webUser.user_onjob = "N"; conn.Update(webUser); ret.ret = "no"; ret.err_code = "0003"; ret.message = "此帳號已經離職,無法登入"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } } token userToken = new token(); int intexpireMin = 20; if (input_isRemember == "Y") { intexpireMin = 60 * 24 * 7; } string token_key = GlobalClass.CreateRandomCode(24); userToken.user_uid = webUser.user_uid; userToken.user_id = input_ID; userToken.token_isremember = input_isRemember; userToken.token_key = token_key; userToken.token_createdate = DateTime.Now; userToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin); conn.Insert(userToken); conn.Update(webUser); CookieOptions options = new CookieOptions(); options.Secure = true; options.Expires = DateTime.Now.AddMinutes(intexpireMin); HttpContext.Response.Cookies.Delete("token_key"); _httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options); ret.ret = "yes"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } ret.ret = "no"; ret.err_code = "9999"; ret.message = "無參數錯誤"; return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8"); } public class signinResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; } public class userListResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; public List userList = new List(); } public class elabUserListResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; public List userList = new List(); } public class updateUserResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; public user user = new user(); } public class optionListResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; public List optionItems = new List(); } public class optionItemResult { public string ret = "no"; public string err_code = "0000"; public string message = ""; public optionItem optionItem = new optionItem(); } } }