209 lines
7.2 KiB
C#
209 lines
7.2 KiB
C#
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using Newtonsoft.Json;
|
|
using Newtonsoft.Json.Linq;
|
|
using Microsoft.AspNetCore.Cors;
|
|
using Dapper;
|
|
using System.Data;
|
|
using System.Data.SqlClient;
|
|
using System.Web;
|
|
using System.Text;
|
|
using System.Net;
|
|
using System.Net.Http;
|
|
using System.Net.Http.Headers;
|
|
using Dapper.Contrib.Extensions;
|
|
|
|
using System.IO;
|
|
using System.Threading;
|
|
using System.Dynamic;
|
|
using NPOI;
|
|
using NPOI.HPSF;
|
|
using NPOI.HSSF;
|
|
using NPOI.HSSF.UserModel;
|
|
using NPOI.XSSF;
|
|
using NPOI.XSSF.UserModel;
|
|
using NPOI.POIFS;
|
|
using NPOI.Util;
|
|
using Microsoft.Extensions.Configuration;
|
|
using System.Security.Policy;
|
|
using NPOI.SS.Formula.Functions;
|
|
using static DbTableClass;
|
|
using System.Runtime.InteropServices.ObjectiveC;
|
|
using static System.Net.WebRequestMethods;
|
|
using System.Diagnostics.Eventing.Reader;
|
|
|
|
|
|
namespace Journeys_WantHome.Controllers
|
|
{
|
|
|
|
|
|
|
|
[Route("BackEndApi")]
|
|
public class AuthApiController : ControllerBase
|
|
{
|
|
private readonly IHttpContextAccessor _httpContextAccessor;
|
|
|
|
DbConn dbConn = new DbConn();
|
|
SqlConnection conn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:SQLConnectionString"));
|
|
SqlConnection elabConn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:ElabConnectionString"));
|
|
|
|
|
|
public AuthApiController(IHttpContextAccessor httpContextAccessor)
|
|
{
|
|
this._httpContextAccessor = httpContextAccessor;
|
|
}
|
|
|
|
[Route("signin")]
|
|
public ActionResult Signin(FormCollection obj) {
|
|
signinResult ret = new signinResult();
|
|
|
|
string input_ID = obj["id"].ToString();
|
|
string input_PWD = obj["pwd"].ToString();
|
|
string input_isRemember = obj["remember"].ToString();
|
|
|
|
string sys_ID = GlobalClass.appsettings("Admin:id");
|
|
string sys_PWD = GlobalClass.Sha256(GlobalClass.appsettings("Admin:pwd"));
|
|
|
|
//判斷是否為系統預設帳號
|
|
if (input_ID == sys_ID)
|
|
{
|
|
if (input_PWD != sys_PWD)
|
|
{
|
|
ret.ret = "no";
|
|
ret.err_code = "0001";
|
|
ret.message = "帳號或密碼錯誤!";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
token adminToken = new token();
|
|
|
|
int intexpireMin = 20;
|
|
|
|
if (input_isRemember == "Y")
|
|
{
|
|
intexpireMin = 60 * 24 * 7;
|
|
}
|
|
|
|
string token_key = GlobalClass.CreateRandomCode(24);
|
|
|
|
adminToken.user_uid = GlobalClass.appsettings("Admin:id");
|
|
adminToken.token_isremember = input_isRemember;
|
|
adminToken.token_key = token_key;
|
|
adminToken.token_createdate = DateTime.Now;
|
|
adminToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);
|
|
|
|
conn.Insert<token>(adminToken);
|
|
|
|
CookieOptions options = new CookieOptions();
|
|
|
|
options.Secure = true;
|
|
options.Expires = DateTime.Now.AddMinutes(intexpireMin);
|
|
|
|
HttpContext.Response.Cookies.Delete("token_key");
|
|
|
|
_httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);
|
|
|
|
ret.ret = "yes";
|
|
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
else {
|
|
//非系統帳號
|
|
user webUser = conn.QueryFirstOrDefault<user>("select * from users where user_ishidden = 'N' and user_uid = @user_uid", new { user_uid = input_ID});
|
|
|
|
if (webUser == null)
|
|
{
|
|
ret.ret = "no";
|
|
ret.err_code = "0002";
|
|
ret.message = "系統無此帳號!";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
if (webUser.user_onjob == "N") {
|
|
ret.ret = "no";
|
|
ret.err_code = "0003";
|
|
ret.message = "此帳號已經離職,無法登入";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
if (webUser.user_type == "Y")
|
|
{
|
|
if (input_PWD != webUser.user_pwd) {
|
|
ret.ret = "no";
|
|
ret.err_code = "0004";
|
|
ret.message = "密碼錯誤!";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
new_userdata elabUser = elabConn.QueryFirstOrDefault<new_userdata>("select * from new_userdata where userid = @userid", new { userid = webUser.user_id});
|
|
|
|
if (input_PWD != GlobalClass.Sha256(elabUser.userpw)) {
|
|
ret.ret = "no";
|
|
ret.err_code = "0004";
|
|
ret.message = "密碼錯誤!";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
if (elabUser.onjob == 1) {
|
|
webUser.user_onjob = "N";
|
|
|
|
conn.Update(webUser);
|
|
|
|
ret.ret = "no";
|
|
ret.err_code = "0003";
|
|
ret.message = "此帳號已經離職,無法登入";
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
token userToken = new token();
|
|
|
|
int intexpireMin = 20;
|
|
|
|
if (input_isRemember == "Y")
|
|
{
|
|
intexpireMin = 60 * 24 * 7;
|
|
}
|
|
|
|
string token_key = GlobalClass.CreateRandomCode(24);
|
|
|
|
userToken.user_uid = input_ID;
|
|
userToken.token_isremember = input_isRemember;
|
|
userToken.token_key = token_key;
|
|
userToken.token_createdate = DateTime.Now;
|
|
userToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);
|
|
|
|
conn.Insert<token>(userToken);
|
|
|
|
CookieOptions options = new CookieOptions();
|
|
|
|
options.Secure = true;
|
|
options.Expires = DateTime.Now.AddMinutes(intexpireMin);
|
|
|
|
HttpContext.Response.Cookies.Delete("token_key");
|
|
|
|
_httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);
|
|
|
|
ret.ret = "yes";
|
|
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
}
|
|
|
|
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
|
|
}
|
|
|
|
public class signinResult
|
|
{
|
|
public string ret = "no";
|
|
public string err_code = "0000";
|
|
public string message = "";
|
|
}
|
|
}
|
|
}
|