TEAMModelOS/TEAMModelBI/Filter/RequestAuditFilter.cs

using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Security.Claims;
using System;
using System.Threading.Tasks;
using TEAMModelOS.SDK.Extension;
using Microsoft.Extensions.Logging;
using TEAMModelOS.SDK;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using Azure.Core;
using TEAMModelOS.SDK.DI;
using Microsoft.Extensions.Primitives;
using System.Net.Http;
using System.Net;
using System.Net.Http.Json;
using Microsoft.Extensions.Options;
using TEAMModelOS.Models;

namespace TEAMModelOS.Filter
{
    public class RequestAuditFilter : IAsyncActionFilter
    {
        //private readonly ILogger _logger;
        private readonly IHttpClientFactory _httpClient;
        private readonly DingDing _dingding;
        private readonly Option _option; private string p = "bi";
        public RequestAuditFilter(/*ILoggerFactory loggerFactory*/IHttpClientFactory httpClient, DingDing dingding, IOptionsSnapshot<Option> option)
        {
            //  _logger = loggerFactory.CreateLogger<RequestAuditFilter>();
            _httpClient = httpClient;
            _dingding=dingding;
            _option = option?.Value;
        }
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            try
            {
                string id = string.Empty, name = string.Empty, picture = string.Empty, school = string.Empty, scope = string.Empty, roles = string.Empty;
                //============== 这里是执行方法之前获取数据 ====================

                // 获取控制器、路由信息
                //var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;

                // 获取请求的方法
                //var method = actionDescriptor.MethodInfo;

                // 获取 HttpContext 和 HttpRequest 对象
                var httpContext = context.HttpContext;
                string ua = httpContext.GetUserAgent();
                var httpRequest = httpContext.Request;

                // 获取客户端 Ipv4 地址
                var remoteIPv4 = httpContext.GetRemoteIpAddressToIPv4();

                // 获取请求的 Url 地址
                // var requestUrl = httpRequest.GetRequestUrlAddress();


                // 获取来源 Url 地址
                var refererUrl = httpRequest.GetRefererUrlAddress();

                // 获取请求参数（写入日志，需序列化成字符串后存储）
                var parameters = context.ActionArguments;

                // 获取操作人（必须授权访问才有值）"userId" 为你存储的 claims type，jwt 授权对应的是 payload 中存储的键名
                //var userId = httpContext.User?.FindFirstValue("userId");
                var authtoken = context.HttpContext.GetXAuth("AuthToken");
                string tokenSha = string.Empty, client = string.Empty;
                if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out StringValues Authorization) && Authorization.Any())
                {
                    try
                    {
                        var jwt = new JwtSecurityTokenHandler().ReadJwtToken(Authorization.ToString().Replace("Bearer ", ""));
                        client= roles = jwt.Claims.FirstOrDefault(claim => claim.Type.Equals("roles"))?.Value;
                        tokenSha= ShaHashHelper.GetSHA1(Authorization.ToString());
                    }
                    catch (Exception ex)
                    {
                        // await _dingding.SendBotMsg($"{ex.Message}\n{ex.StackTrace}\n{Authorization}\n{httpRequest.PathBase}{httpRequest.Path}", GroupNames.成都开发測試群組);
                    }
                }
                if (context.HttpContext.Request.Headers.TryGetValue("X-Auth-IdToken", out StringValues XAuthIdToken)  && XAuthIdToken.Any())
                {
                    try
                    {
                        var jwt = new JwtSecurityTokenHandler().ReadJwtToken(XAuthIdToken.ToString());
                        id = jwt.Payload.Sub;
                        name = jwt.Claims.FirstOrDefault(claim => claim.Type.Equals("name"))?.Value;
                        if (string.IsNullOrEmpty(tokenSha))
                        {
                            tokenSha= ShaHashHelper.GetSHA1(XAuthIdToken.ToString());
                        }
                        scope="teacher";
                    }
                    catch (Exception ex)
                    {
                        await _dingding.SendBotMsg($"{ex.Message}\n{ex.StackTrace}\n{XAuthIdToken}\n{httpRequest.PathBase}{httpRequest.Path}", GroupNames.成都开发測試群組);
                    }
                }

                if (context.HttpContext.Request.Headers.TryGetValue("X-Auth-School", out StringValues XAuthSchool) && XAuthSchool.Any())
                {
                    try
                    {
                        school = XAuthSchool.ToString();
                    }
                    catch (Exception ex) { }
                }
                if (context.HttpContext.Request.Headers.TryGetValue("X-Auth-ApiToken", out StringValues XAutApiToken) && XAutApiToken.Any())
                {
                    try
                    {
                        var jwt = new JwtSecurityTokenHandler().ReadJwtToken(XAutApiToken);
                        id = jwt.Payload.Sub;

                        if (string.IsNullOrEmpty(tokenSha))
                        {
                            tokenSha= jwt.Payload.Jti;
                        }
                        client="Open";
                    }
                    catch (Exception ex)
                    {

                        await _dingding.SendBotMsg($"{ex.Message}\n{ex.StackTrace}\n{XAutApiToken}\n{httpRequest.PathBase}{httpRequest.Path}", GroupNames.成都开发測試群組);
                    }
                }
                if (!string.IsNullOrWhiteSpace(authtoken))
                {
                    try
                    {
                        var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authtoken);
                        id = jwt.Payload.Sub;
                        school = $"{jwt.Payload.Azp}".Equals("true")|| $"{jwt.Payload.Azp}".Equals("false") ? "" : $"{jwt.Payload.Azp}";
                        name = jwt.Claims.FirstOrDefault(claim => claim.Type.Equals("name"))?.Value;
                        scope = jwt.Claims.FirstOrDefault(claim => claim.Type.Equals("scope"))?.Value;
                        if (string.IsNullOrEmpty(tokenSha))
                        {
                            tokenSha= ShaHashHelper.GetSHA1(authtoken);
                        }
                    }
                    catch (Exception ex)
                    {
                        await _dingding.SendBotMsg($"{ex.Message}\n{ex.StackTrace}\n{authtoken}\n{httpRequest.PathBase}{httpRequest.Path}", GroupNames.成都开发測試群組);
                    }
                }
                string secChUaPlatform = string.Empty;
                if (httpContext.Request.Headers.TryGetValue("Sec-Ch-Ua-Platform", out var values))
                {
                    secChUaPlatform = values.FirstOrDefault();
                }
                if (string.IsNullOrEmpty(tokenSha))

                {
                    tokenSha= ShaHashHelper.GetSHA1($"{ua}{remoteIPv4}{httpRequest.Host}{secChUaPlatform}");
                }
                // 请求时间
                var requestedTime = DateTimeOffset.Now.GetGMTTime(8).ToUnixTimeMilliseconds();
                //============== 这里是执行方法之后获取数据 ====================
                var actionContext = await next();
                // 获取返回的结果
                // var returnResult = actionContext.Result;

                // 判断是否请求成功，没有异常就是请求成功
                // var isRequestSucceed = actionContext.Exception == null;

                // 获取调用堆栈信息，提供更加简单明了的调用和异常堆栈
                // var stackTrace = EnhancedStackTrace.Current();
                // string region = await _searcher.SearchIpAsync(remoteIPv4);
                //同一个账号，同一IP，同一接口,UA标识（UA标识随意切换则表示可能会存在DDOS）,时间段
                //_logger.LogInformation(new{ ua=httpContext.GetUserAgent(), ip=remoteIPv4,time=requestedTime,path =$"{httpRequest.PathBase}{httpRequest.Path}",host= $"{httpRequest.Host}", param=parameters,id ,name ,school,succeed =isRequestSucceed }.ToJsonString());

                var data = new
                {
                    //ua =ua,
                    ip = remoteIPv4,
                    time = requestedTime,
                    path = $"{httpRequest.PathBase}{httpRequest.Path}",
                    host = $"{httpRequest.Host}",
                    param = parameters,
                    id = id,
                    name = name,
                    school = school,
                    client = client,
                    tid = tokenSha,
                    scope = scope,
                    // referer = refererUrl,
                    //platform = secChUaPlatform,
                    p = p,
                    l = _option.Location.Contains("China", StringComparison.OrdinalIgnoreCase) ? "China" : "Global"
                    //idToken=XAuthIdToken
                };
                var httpclient = _httpClient.CreateClient();
                httpclient.Timeout=  TimeSpan.FromSeconds(10);
#if DEBUG
                var response = await httpclient.PostAsJsonAsync("http://cdhabook.teammodel.cn:8806/api/http-log", data);
                //if (response.StatusCode==HttpStatusCode.OK) 
                //{
                //    string result =   await response.Content.ReadAsStringAsync();

                //}
#else
            _=  httpclient.PostAsJsonAsync("http://cdhabook.teammodel.cn:8806/api/http-log",data);
#endif
                //   _ = _httpTrigger.RequestHttpTrigger(data, "China", "http-log");
            }
            catch (Exception ex)
            {
                await _dingding.SendBotMsg($"HTTP日志访问错误：{ex.Message}\n{ex.StackTrace}", GroupNames.成都开发測試群組);
                var actionContext = await next();
            }

        }

    }

}