bjquanjiang
/
pinganxiaoyuan
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
平安校园
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 Commits
1 Branch
127 MiB
Tree: 2fa3db5726
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fa3db5726'
${ noResults }
pinganxiaoyuan/SafeCampus.API/SafeCampus.Web.Core/Handlers/JwtHandler.cs

JwtHandler.cs 5.1 KiB
Raw Normal View History

init
3 months ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. 

  2. // 

  3. 

  4. 

  5. 

  6. 

  7. 

  8. 

  9. 

  10. 

  11. using MoYu.Authorization;

  12. using MoYu.DataEncryption;

  13. using MoYu.Logging.Extensions;

  14. using System.Security.Claims;

  15. 

  16. namespace SafeCampus.Web.Core;

  17. 

  18. public class JwtHandler : AppAuthorizeHandler

  19. {

  20.     /// <summary>

  21.     ///     重写 Handler 添加自动刷新

  22.     /// </summary>

  23.     /// <param name="context"></param>

  24.     /// <param name="httpContext"></param>

  25.     /// <returns></returns>

  26.     public override async Task HandleAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)

  27.     {

  28.         var expire = App.GetConfig<int>("JWTSettings:ExpiredTime");//获取过期时间(分钟)

  29.         var currentHttpContext = context.GetCurrentHttpContext();

  30.         //自动刷新Token

  31.         if (JWTEncryption.AutoRefreshToken(context, currentHttpContext, expire, expire * 2))

  32.         {

  33.             //判断token是否有效

  34.             if (CheckTokenFromRedis(currentHttpContext, expire))

  35.             {

  36.                 await AuthorizeHandleAsync(context);

  37.             }

  38.             else

  39.             {

  40.                 currentHttpContext.Response.StatusCode = 401;//返回401给授权筛选器用

  41.             }

  42.         }

  43.         else

  44.         {

  45.             context.Fail();// 授权失败

  46.             if (currentHttpContext == null)

  47.                 return;

  48.             currentHttpContext.SignoutToSwagger();

  49.         }

  50.     }

  51. 

  52.     /// <summary>

  53.     ///     检查token有效性

  54.     /// </summary>

  55.     /// <param name="context">DefaultHttpContext</param>

  56.     /// <param name="expire">token有效期/分钟</param>

  57.     /// <returns></returns>

  58.     private bool CheckTokenFromRedis(DefaultHttpContext context, int expire)

  59.     {

  60.         var token = JWTEncryption.GetJwtBearerToken(context);//获取当前token

  61.         var userId = App.User?.FindFirstValue(ClaimConst.USER_ID);//获取用户ID

  62.         var simpleCacheService = App.GetService<ISimpleCacheService>();//获取redis实例

  63.         var tokenInfos = simpleCacheService.HashGetOne<List<TokenInfo>>(CacheConst.CACHE_USER_TOKEN, userId);//获取token信息

  64.         if (tokenInfos == null)//如果还是空

  65.         {

  66.             return false;

  67.         }

  68. 

  69.         var tokenInfo = tokenInfos.Where(it => it.Token == token).FirstOrDefault();//获取redis中token值是当前token的对象

  70.         if (tokenInfo != null)

  71.         {

  72.             // 自动刷新token返回新的Token

  73.             var accessToken = context.Response.Headers["access-token"].ToString();

  74.             if (!string.IsNullOrEmpty(accessToken))//如果有新的刷新token

  75.             {

  76.                 "返回新的刷新token".LogDebug<JwtHandler>();

  77.                 tokenInfo.Token = accessToken;//新的token

  78.                 tokenInfo.TokenTimeout = DateTime.Now.AddMinutes(expire);//新的过期时间

  79.                 simpleCacheService.HashAdd(CacheConst.CACHE_USER_TOKEN, userId, tokenInfos);//更新token信息到redis

  80.             }

  81.         }

  82.         else

  83.         {

  84.             return false;

  85.         }

  86. 

  87.         return true;

  88.     }

  89. 

  90.     /// <summary>

  91.     ///     授权判断逻辑,授权通过返回 true,否则返回 false

  92.     /// </summary>

  93.     /// <param name="context"></param>

  94.     /// <param name="httpContext"></param>

  95.     /// <returns></returns>

  96.     public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)

  97.     {

  98.         // 这里写您的授权判断逻辑,授权通过返回 true,否则返回 false

  99. 

  100.         // 此处已经自动验证 Jwt Token的有效性了,无需手动验证

  101.         return await CheckAuthorizationAsync(httpContext);

  102.     }

  103. 

  104.     /// <summary>

  105.     ///     检查权限

  106.     /// </summary>

  107.     /// <param name="httpContext"></param>

  108.     /// <returns></returns>

  109.     private static async Task<bool> CheckAuthorizationAsync(DefaultHttpContext httpContext)

  110.     {

  111.         //超级管理员都能访问

  112.         if (UserManager.SuperAdmin) return true;

  113.         // 获取超级管理员特性

  114.         var isSuperAdmin = httpContext.GetMetadata<SuperAdminAttribute>();

  115.         if (isSuperAdmin != null)//如果是超级管理员才能访问的接口

  116.         {

  117.             //获取忽略超级管理员特性

  118.             var ignoreSuperAdmin = httpContext.GetMetadata<IgnoreSuperAdminAttribute>();

  119.             if (ignoreSuperAdmin == null && !UserManager.SuperAdmin)//如果只能超级管理员访问并且用户不是超级管理员

  120.                 return false;//直接没权限

  121.         }

  122. 

  123.         //获取角色授权特性

  124.         var isRolePermission = httpContext.GetMetadata<RolePermissionAttribute>();

  125.         if (isRolePermission != null)

  126.         {

  127.             //获取忽略角色授权特性

  128.             var ignoreRolePermission = httpContext.GetMetadata<IgnoreRolePermissionAttribute>();

  129.             if (ignoreRolePermission == null)

  130.             {

  131.                 // 路由名称

  132.                 var routeName = httpContext.Request.Path.Value;

  133.                 //获取用户信息

  134.                 var userInfo = await App.GetService<ISysUserService>().GetUserById(UserManager.UserId);

  135.                 if (!userInfo.PermissionCodeList.Contains(routeName))//如果当前路由信息不包含在角色授权路由列表中则认证失败

  136.                     return false;

  137.             }

  138.         }

  139. 

  140.         return true;

  141.     }

  142. }