lxbfYeaa
/
QuotationMaker
forked from dk96/QuotationMaker
1
0
Fork 0
Code Pull Requests Activity
QuotationMaker/Controllers/AuthApiController.cs

741 lines
28 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using static DbTableClass;
using static resultClass;
using System.Data.SqlClient;
using Dapper.Contrib.Extensions;
using Dapper;
using Newtonsoft.Json;
namespace QuotationMaker.Controllers
{
[Route("AuthApi")]
public class AuthApiController : ControllerBase
{
private readonly IHttpContextAccessor _httpContextAccessor;
DbConn dbConn = new DbConn();
SqlConnection conn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:SQLConnectionString"));
SqlConnection elabConn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:ElabConnectionString"));
public AuthApiController(IHttpContextAccessor httpContextAccessor)
{
this._httpContextAccessor = httpContextAccessor;
}
[Route("deptList")]
public ActionResult DeptList(IFormCollection obj)
{
deptListResult ret = new deptListResult();
authToken token = new authToken(this._httpContextAccessor);
if (token.user_isLogin == false)
{
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "no";
ret.err_code = "99999";
ret.message = "非登入狀態!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (token.user_perm != "system")
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = "此帳號無此api使用權限!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
ret.depts = conn.Query<depts>("select * from depts order by dept_order ").ToList();
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("groupList")]
public ActionResult GroupList(IFormCollection obj)
{
groupListResult ret = new groupListResult();
authToken token = new authToken(this._httpContextAccessor);
if (token.user_isLogin == false)
{
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "no";
ret.err_code = "99999";
ret.message = "非登入狀態!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (token.user_perm != "system")
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = "此帳號無此api使用權限!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("addEditGetUser")]
public ActionResult AddEditGetUser(IFormCollection obj)
{
updateUserResult ret = new updateUserResult();
authToken token = new authToken(this._httpContextAccessor);
if (token.user_isLogin == false)
{
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "no";
ret.err_code = "99999";
ret.message = "非登入狀態!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (token.user_perm != "system")
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = "此帳號無此api使用權限!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
string method = obj["method"].ToString();
if (method == "")
{
ret.ret = "no";
ret.err_code = "0001";
ret.message = "沒有method參數";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (method == "add")
{
string user_type = obj["user_type"].ToString();
string user_perm = obj["user_perm"].ToString();
string user_depts = obj["user_depts"].ToString().Trim(',');
string[] depts = user_depts.Split(",");
if (depts.Length == 0) {
ret.ret = "no";
ret.err_code = "0002";
ret.message = "沒有所屬單位";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_type == "")
{
ret.ret = "no";
ret.err_code = "0002";
ret.message = "沒有user_type參數";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
//N為E白板帳號
if (user_type == "N")
{
string user_id = obj["user_elabName"].ToString();
user newUser = conn.QueryFirstOrDefault<user>("select * from users where user_id = @user_id ", new { user_id = user_id });
if (newUser != null)
{
ret.ret = "no";
ret.err_code = "0003";
ret.message = "此帳號已經存在於系統!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
new_userdata elabUser;
try
{
elabUser = elabConn.QueryFirstOrDefault<new_userdata>("select * from new_userdata where userid = @user_id", new { user_id = user_id });
}
catch (Exception ex)
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = ex.Message;
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (elabUser == null)
{
ret.ret = "no";
ret.err_code = "0004";
ret.message = "E白板無此帳號!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
string user_uid = GlobalClass.CreateRandomCode(12);
newUser = new user();
newUser.user_uid = user_uid;
newUser.user_name = elabUser.username;
newUser.user_id = elabUser.userid;
newUser.user_email = elabUser.mail;
newUser.user_type = user_type;
newUser.user_onjob = "Y";
newUser.user_perm = user_perm;
newUser.user_ishidden = "N";
newUser.user_createdate = DateTime.Now;
if (user_perm == "")
{
ret.ret = "no";
ret.err_code = "0009";
ret.message = "無此帳號的權限設定值!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
conn.Insert(newUser);
foreach (string dept_uid in depts) {
if (dept_uid != "")
{
userDept objUserDept = new userDept();
objUserDept.user_uid = user_uid;
objUserDept.dept_uid = dept_uid;
conn.Insert<userDept>(objUserDept);
}
}
ret.ret = "yes";
ret.user = new userWithDept(newUser);
}
else
{
string user_id = obj["user_id"].ToString();
string user_pwd = obj["user_pwd"].ToString();
string user_uid = GlobalClass.CreateRandomCode(12);
string user_name = obj["user_name"].ToString();
string user_email = obj["user_email"].ToString();
if (user_id == "")
{
ret.ret = "no";
ret.err_code = "0006";
ret.message = "請輸入帳號ID!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_name == "")
{
ret.ret = "no";
ret.err_code = "0006";
ret.message = "請輸入帳號名稱!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_perm == "")
{
ret.ret = "no";
ret.err_code = "0009";
ret.message = "無此帳號的權限設定值!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (GlobalClass.isEmail(user_email) == false)
{
ret.ret = "no";
ret.err_code = "0007";
ret.message = "請輸入正確EMail!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
user newUser = conn.QueryFirstOrDefault<user>("select * from users where user_id = @user_id ", new { user_id = user_id });
if (newUser != null)
{
ret.ret = "no";
ret.err_code = "0003";
ret.message = "此帳號已經存在於系統!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
new_userdata elabUser = elabConn.QueryFirstOrDefault("select * from new_userdata where userid = @user_id", new { user_id = user_id });
if (elabUser != null)
{
ret.ret = "no";
ret.err_code = "0005";
ret.message = "E白板系統內有此帳號ID請換帳號或改以E白板帳號加入!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
newUser = new user();
newUser.user_uid = user_uid;
newUser.user_id = user_id;
newUser.user_name = user_name;
newUser.user_pwd = user_pwd;
newUser.user_email = user_email;
newUser.user_type = user_type;
newUser.user_onjob = "Y";
newUser.user_perm = user_perm;
newUser.user_ishidden = "N";
newUser.user_createdate = DateTime.Now;
conn.Insert(newUser);
foreach (string dept_uid in depts)
{
if (dept_uid != "")
{
userDept objUserDept = new userDept();
objUserDept.user_uid = user_uid;
objUserDept.dept_uid = dept_uid;
conn.Insert<userDept>(objUserDept);
}
}
ret.ret = "yes";
ret.user = new userWithDept(newUser);
}
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (method == "edit")
{
string user_type = obj["user_type"].ToString();
string user_uid = obj["user_uid"].ToString();
string user_perm = obj["user_perm"].ToString();
string user_depts = obj["user_depts"].ToString().Trim(',');
string[] depts = user_depts.Split(",");
if (depts.Length == 0)
{
ret.ret = "no";
ret.err_code = "0002";
ret.message = "沒有所屬單位";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_type == "")
{
ret.ret = "no";
ret.err_code = "0002";
ret.message = "沒有user_type參數";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_perm == "")
{
ret.ret = "no";
ret.err_code = "0009";
ret.message = "無此帳號的權限設定值!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
user editUser = conn.QueryFirstOrDefault<user>("select * from users where user_uid = @user_uid and user_type = @user_type", new { user_uid = user_uid, user_type = user_type });
if (editUser == null)
{
ret.ret = "no";
ret.err_code = "0008";
ret.message = "沒有此用戶資料!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
//N為E白板帳號
if (user_type == "N")
{
editUser.user_perm = user_perm;
}
else
{
string user_pwd = obj["user_pwd"].ToString();
string user_name = obj["user_name"].ToString();
string user_email = obj["user_email"].ToString();
editUser.user_perm = user_perm;
if (user_name == "")
{
ret.ret = "no";
ret.err_code = "0006";
ret.message = "請輸入帳號名稱!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (GlobalClass.isEmail(user_email) == false)
{
ret.ret = "no";
ret.err_code = "0007";
ret.message = "請輸入正確EMail!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (user_pwd != "")
{
editUser.user_pwd = user_pwd;
}
editUser.user_name = user_name;
editUser.user_email = user_email;
}
conn.Update<user>(editUser);
conn.Execute("delete userDept where user_uid = @user_uid", new { user_uid = user_uid});
foreach (string dept_uid in depts)
{
if (dept_uid != "") {
userDept objUserDept = new userDept();
objUserDept.user_uid = user_uid;
objUserDept.dept_uid = dept_uid;
conn.Insert<userDept>(objUserDept);
}
}
ret.ret = "yes";
ret.user = new userWithDept(editUser);
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (method == "del")
{
string user_uid = obj["user_uid"].ToString();
user editUser = conn.QueryFirstOrDefault<user>("select * from users where user_ishidden = 'N' and user_uid = @user_uid ", new { user_uid = user_uid });
if (editUser == null)
{
ret.ret = "no";
ret.err_code = "0008";
ret.message = "沒有此用戶資料!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
editUser.user_ishidden = "Y";
conn.Update(editUser);
if (editUser.user_lastlogintime == "")
{
conn.Delete(editUser);
}
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (method == "get")
{
string user_uid = obj["user_uid"].ToString();
user editUser = conn.QueryFirstOrDefault<user>("select * from users where user_ishidden = 'N' and user_uid = @user_uid", new { user_uid = user_uid });
if (editUser == null)
{
ret.ret = "no";
ret.err_code = "0008";
ret.message = "沒有此用戶資料!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
ret.ret = "yes";
ret.user = new userWithDept(editUser);
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("elab_UserList")]
public ActionResult Elab_UserList(IFormCollection obj)
{
elabUserListResult ret = new elabUserListResult();
authToken token = new authToken(this._httpContextAccessor);
if (token.user_isLogin == false)
{
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "no";
ret.err_code = "99999";
ret.message = "非登入狀態!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (token.user_perm != "system")
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = "此帳號無此api使用權限!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
ret.userList = elabConn.Query<new_userdata>("select * from new_userdata where onjob = 0 order by usersn desc ").ToList();
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("userList")]
public ActionResult UserList(IFormCollection obj)
{
userListResult ret = new userListResult();
authToken token = new authToken(this._httpContextAccessor);
if (token.user_isLogin == false)
{
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "no";
ret.err_code = "99999";
ret.message = "非登入狀態!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (token.user_perm != "system")
{
ret.ret = "no";
ret.err_code = "90001";
ret.message = "此帳號無此api使用權限!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
ret.userList = conn.Query<user>("select * from users where user_ishidden = 'N' order by user_sn desc").ToList();
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("logout")]
public ActionResult Logout()
{
signinResult ret = new signinResult();
authToken _objToken = new authToken(this._httpContextAccessor);
if (_objToken.user_isLogin == true)
{
string token_key = _httpContextAccessor.HttpContext.Request.Cookies["token_key"];
conn.Execute("delete token where token_key = @token_key", new { token_key = token_key });
}
HttpContext.Response.Cookies.Delete("token_key");
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
[Route("signin")]
public ActionResult Signin(IFormCollection obj)
{
signinResult ret = new signinResult();
string input_ID = obj["id"].ToString();
string input_PWD = obj["pwd"].ToString();
string input_isRemember = obj["remember"].ToString();
string sys_ID = GlobalClass.appsettings("Admin:id");
string sys_PWD = GlobalClass.Sha256(GlobalClass.appsettings("Admin:pwd"));
if (input_ID == "")
{
ret.ret = "no";
ret.err_code = "0001";
ret.message = "帳號或密碼錯誤!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
//判斷是否為系統預設帳號
if (input_ID == sys_ID)
{
if (input_PWD != sys_PWD)
{
ret.ret = "no";
ret.err_code = "0001";
ret.message = "帳號或密碼錯誤!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
token adminToken = new token();
int intexpireMin = 20;
if (input_isRemember == "Y")
{
intexpireMin = 60 * 24 * 7;
}
string token_key = GlobalClass.CreateRandomCode(24);
adminToken.user_uid = GlobalClass.appsettings("Admin:uid");
adminToken.user_id = GlobalClass.appsettings("Admin:id");
adminToken.token_isremember = input_isRemember;
adminToken.token_key = token_key;
adminToken.token_createdate = DateTime.Now;
adminToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);
conn.Insert<token>(adminToken);
CookieOptions options = new CookieOptions();
options.Secure = true;
options.Expires = DateTime.Now.AddMinutes(intexpireMin);
HttpContext.Response.Cookies.Delete("token_key");
_httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
else
{
//非系統帳號
user webUser = conn.QueryFirstOrDefault<user>("select * from users where user_ishidden = 'N' and user_id = @user_id", new { user_id = input_ID });
if (webUser == null)
{
ret.ret = "no";
ret.err_code = "0002";
ret.message = "系統無此帳號!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (webUser.user_onjob == "N")
{
ret.ret = "no";
ret.err_code = "0003";
ret.message = "此帳號已經離職,無法登入";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
webUser.user_lastlogintime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss");
if (webUser.user_type == "Y")
{
if (input_PWD != webUser.user_pwd)
{
ret.ret = "no";
ret.err_code = "0004";
ret.message = "密碼錯誤!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
}
else
{
new_userdata elabUser = elabConn.QueryFirstOrDefault<new_userdata>("select * from new_userdata where userid = @userid", new { userid = webUser.user_id });
if (input_PWD != GlobalClass.Sha256(elabUser.userpw))
{
ret.ret = "no";
ret.err_code = "0004";
ret.message = "密碼錯誤!";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
if (elabUser.onjob == 1)
{
webUser.user_onjob = "N";
conn.Update(webUser);
ret.ret = "no";
ret.err_code = "0003";
ret.message = "此帳號已經離職,無法登入";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
}
token userToken = new token();
int intexpireMin = 20;
if (input_isRemember == "Y")
{
intexpireMin = 60 * 24 * 7;
}
string token_key = GlobalClass.CreateRandomCode(24);
userToken.user_uid = webUser.user_uid;
userToken.user_id = input_ID;
userToken.token_isremember = input_isRemember;
userToken.token_key = token_key;
userToken.token_createdate = DateTime.Now;
userToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);
conn.Insert<token>(userToken);
conn.Update<user>(webUser);
CookieOptions options = new CookieOptions();
options.Secure = true;
options.Expires = DateTime.Now.AddMinutes(intexpireMin);
HttpContext.Response.Cookies.Delete("token_key");
_httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);
ret.ret = "yes";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
ret.ret = "no";
ret.err_code = "9999";
ret.message = "無參數錯誤";
return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
}
public class signinResult
{
public string ret = "no";
public string err_code = "0000";
public string message = "";
}
public class userListResult
{
public string ret = "no";
public string err_code = "0000";
public string message = "";
public List<user> userList = new List<user>();
}
public class elabUserListResult
{
public string ret = "no";
public string err_code = "0000";
public string message = "";
public List<new_userdata> userList = new List<new_userdata>();
}
public class updateUserResult
{
public string ret = "no";
public string err_code = "0000";
public string message = "";
public userWithDept user = new userWithDept();
}
}
}
View Git Blame Copy Permalink