diff --git a/Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs b/Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
index c0177273..293c7c70 100644
--- a/Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
+++ b/Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
@@ -1,313 +1,311 @@
-using Tiobon.Core.AuthHelper;
-using Tiobon.Core.AuthHelper.OverWrite;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-using System.IdentityModel.Tokens.Jwt;
+using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Tiobon.Core.AuthHelper;
+using Tiobon.Core.AuthHelper.OverWrite;
using Tiobon.Core.Common.Swagger;
-using MySqlX.XDevAPI.Common;
-namespace Tiobon.Core.Controllers
+namespace Tiobon.Core.Controllers;
+
+///
+/// 登录管理【无权限】
+///
+[Produces("application/json")]
+[Route("api/[controller]")]
+[ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)]
+[AllowAnonymous]
+public class AuthorizeController : BaseApiController
{
+ readonly ISysUserInfoServices _sysUserInfoServices;
+ readonly IGhrs_UserServices _ghrs_UserServices;
+ readonly PermissionRequirement _requirement;
+ private readonly IRoleModulePermissionServices _roleModulePermissionServices;
+ private readonly ILogger _logger;
+
///
- /// 登录管理【无权限】
+ /// 构造函数注入
///
- [Produces("application/json")]
- [Route("api/[controller]")]
- [ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)]
- [AllowAnonymous]
- public class AuthorizeController : BaseApiController
+ ///
+ ///
+ ///
+ ///
+ ///
+ public AuthorizeController(ISysUserInfoServices sysUserInfoServices, IGhrs_UserServices ghrs_UserServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices, ILogger logger)
{
- readonly ISysUserInfoServices _sysUserInfoServices;
- readonly IGhrs_UserServices _ghrs_UserServices;
- readonly PermissionRequirement _requirement;
- private readonly IRoleModulePermissionServices _roleModulePermissionServices;
- private readonly ILogger _logger;
-
- ///
- /// 构造函数注入
- ///
- ///
- ///
- ///
- ///
- ///
- public AuthorizeController(ISysUserInfoServices sysUserInfoServices, IGhrs_UserServices ghrs_UserServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices, ILogger logger)
- {
- this._sysUserInfoServices = sysUserInfoServices;
- this._ghrs_UserServices = ghrs_UserServices;
- _requirement = requirement;
- _roleModulePermissionServices = roleModulePermissionServices;
- _logger = logger;
- }
+ this._sysUserInfoServices = sysUserInfoServices;
+ this._ghrs_UserServices = ghrs_UserServices;
+ _requirement = requirement;
+ _roleModulePermissionServices = roleModulePermissionServices;
+ _logger = logger;
+ }
- #region 获取token的第1种方法
+ #region 获取token的第1种方法
+
+ ///
+ /// 获取JWT的方法1
+ ///
+ ///
+ ///
+ ///
+ [NonAction]
+ [HttpGet, Route("Token")]
+ public async Task> GetJwtStr(string name, string pass)
+ {
+ string jwtStr = string.Empty;
+ bool suc = false;
+ //这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
- ///
- /// 获取JWT的方法1
- ///
- ///
- ///
- ///
- [NonAction]
- [HttpGet, Route("Token")]
- public async Task> GetJwtStr(string name, string pass)
+ var user = await _sysUserInfoServices.GetUserRoleNameStr(name, MD5Helper.MD5Encrypt32(pass));
+ if (user != null)
{
- string jwtStr = string.Empty;
- bool suc = false;
- //这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
+ TokenModelJwt tokenModel = new TokenModelJwt { Uid = 1, Role = user };
- var user = await _sysUserInfoServices.GetUserRoleNameStr(name, MD5Helper.MD5Encrypt32(pass));
- if (user != null)
- {
- TokenModelJwt tokenModel = new TokenModelJwt { Uid = 1, Role = user };
+ jwtStr = JwtHelper.IssueJwt(tokenModel);
+ suc = true;
+ }
+ else
+ jwtStr = "login fail!!!";
- jwtStr = JwtHelper.IssueJwt(tokenModel);
- suc = true;
- }
- else
- jwtStr = "login fail!!!";
+ return new ServiceResult()
+ {
+ Success = suc,
+ Message = suc ? "获取成功" : "获取失败",
+ Data = jwtStr
+ };
+ }
- return new ServiceResult()
+
+ ///
+ /// 获取JWT的方法2:给Nuxt提供
+ ///
+ ///
+ ///
+ ///
+ [HttpGet]
+ [NonAction]
+ [Route("GetTokenNuxt")]
+ public ServiceResult GetJwtStrForNuxt(string name, string pass)
+ {
+ string jwtStr = string.Empty;
+ bool suc = false;
+ //这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
+ //这里直接写死了
+ if (name == "admins" && pass == "admins")
+ {
+ TokenModelJwt tokenModel = new TokenModelJwt
{
- Success = suc,
- Message = suc ? "获取成功" : "获取失败",
- Data = jwtStr
+ Uid = 1,
+ Role = "Admin"
};
+
+ jwtStr = JwtHelper.IssueJwt(tokenModel);
+ suc = true;
}
+ else
+ jwtStr = "login fail!!!";
+ //var result = new
+ //{
+ // data = new { success = suc, token = jwtStr }
+ //};
- ///
- /// 获取JWT的方法2:给Nuxt提供
- ///
- ///
- ///
- ///
- [HttpGet]
- [NonAction]
- [Route("GetTokenNuxt")]
- public ServiceResult GetJwtStrForNuxt(string name, string pass)
+ return new ServiceResult()
{
- string jwtStr = string.Empty;
- bool suc = false;
- //这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
- //这里直接写死了
- if (name == "admins" && pass == "admins")
- {
- TokenModelJwt tokenModel = new TokenModelJwt
- {
- Uid = 1,
- Role = "Admin"
- };
+ Success = suc,
+ Message = suc ? "获取成功" : "获取失败",
+ Data = jwtStr
+ };
+ }
+
+ #endregion
- jwtStr = JwtHelper.IssueJwt(tokenModel);
- suc = true;
- }
- else
- jwtStr = "login fail!!!";
- //var result = new
- //{
- // data = new { success = suc, token = jwtStr }
- //};
+ ///
+ /// 获取JWT的方法3:整个系统主要方法
+ ///
+ ///
+ ///
+ ///
+ [NonAction]
+ [HttpGet, Route("JWTToken3.0")]
+ public async Task> GetJwtToken3(string name = "", string pass = "")
+ {
+ string jwtStr = string.Empty;
- return new ServiceResult()
+ if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pass))
+ return Failed("用户名或密码不能为空");
+
+ pass = MD5Helper.MD5Encrypt32(pass);
+
+ var user = await _sysUserInfoServices.Query(d =>
+ d.LoginName == name && d.LoginPWD == pass && d.IsDeleted == false);
+ if (user.Count > 0)
+ {
+ var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
+ //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
+ var claims = new List
{
- Success = suc,
- Message = suc ? "获取成功" : "获取失败",
- Data = jwtStr
+ new Claim(ClaimTypes.Name, user.FirstOrDefault().Id.ToString()),
+ new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id.ToString()),
+ new Claim("TenantId", user.FirstOrDefault().TenantId.ToString()),
+ new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
+ new Claim(ClaimTypes.Expiration,
+ DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
- }
+ claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
- #endregion
+ // ids4和jwt切换
+ // jwt
+ if (!Permissions.IsUseIds4)
+ {
+ var data = await _roleModulePermissionServices.RoleModuleMaps();
+ var list = (from item in data
+ where item.IsDeleted == false
+ orderby item.Id
+ select new PermissionItem
+ {
+ Url = item.Module?.LinkUrl,
+ Role = item.Role?.Name.ObjToString(),
+ }).ToList();
+
+ _requirement.Permissions = list;
+ }
- ///
- /// 获取JWT的方法3:整个系统主要方法
- ///
- ///
- ///
- ///
- [NonAction]
- [HttpGet, Route("JWTToken3.0")]
- public async Task> GetJwtToken3(string name = "", string pass = "")
- {
- string jwtStr = string.Empty;
+ var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
+ return Success(token, "获取成功");
+ }
+ else
+ return Failed("认证失败");
+ }
- if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pass))
- return Failed("用户名或密码不能为空");
+ [NonAction]
+ [HttpGet, Route("GetJwtTokenSecret")]
+ public async Task> GetJwtTokenSecret(string name = "", string pass = "")
+ {
+ var rlt = await GetJwtToken3(name, pass);
+ return rlt;
+ }
+
+ ///
+ /// 请求刷新Token(以旧换新)
+ ///
+ ///
+ ///
+ [HttpGet, Route("RefreshToken")]
+ public async Task> RefreshToken(string token = "")
+ {
+ string jwtStr = string.Empty;
- pass = MD5Helper.MD5Encrypt32(pass);
+ if (string.IsNullOrEmpty(token))
+ return Failed("token无效,请重新登录!");
+ var tokenModel = JwtHelper.SerializeJwt(token);
+ if (tokenModel != null && JwtHelper.customSafeVerify(token) && tokenModel.Uid > 0)
+ {
+ var user = await _sysUserInfoServices.QueryById(tokenModel.Uid);
+ var value = User.Claims.SingleOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
+ if (value != null && user.CriticalModifyTime > value.ObjToDate())
+ return Failed("很抱歉,授权已失效,请重新授权!");
- var user = await _sysUserInfoServices.Query(d =>
- d.LoginName == name && d.LoginPWD == pass && d.IsDeleted == false);
- if (user.Count > 0)
+ if (user != null && !(value != null && user.CriticalModifyTime > value.ObjToDate()))
{
- var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
+ var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(user.LoginName, user.LoginPWD);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List
{
- new Claim(ClaimTypes.Name, user.FirstOrDefault().Id.ToString()),
- new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id.ToString()),
- new Claim("TenantId", user.FirstOrDefault().TenantId.ToString()),
+ new Claim(ClaimTypes.Name, user.LoginName),
+ new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ObjToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
+ //用户标识
+ var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
+ identity.AddClaims(claims);
- // ids4和jwt切换
- // jwt
- if (!Permissions.IsUseIds4)
- {
- var data = await _roleModulePermissionServices.RoleModuleMaps();
- var list = (from item in data
- where item.IsDeleted == false
- orderby item.Id
- select new PermissionItem
- {
- Url = item.Module?.LinkUrl,
- Role = item.Role?.Name.ObjToString(),
- }).ToList();
-
- _requirement.Permissions = list;
- }
-
- var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
- return Success(token, "获取成功");
+ var refreshToken = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
+ return Success(refreshToken, "获取成功");
}
- else
- return Failed("认证失败");
}
- [NonAction]
- [HttpGet, Route("GetJwtTokenSecret")]
- public async Task> GetJwtTokenSecret(string name = "", string pass = "")
- {
- var rlt = await GetJwtToken3(name, pass);
- return rlt;
- }
+ return Failed("认证失败!");
+ }
- ///
- /// 请求刷新Token(以旧换新)
- ///
- ///
- ///
- [HttpGet, Route("RefreshToken")]
- public async Task> RefreshToken(string token = "")
- {
- string jwtStr = string.Empty;
+ #region 用户登录
+ ///
+ /// 用户登录
+ ///
+ ///
+ ///
+ [HttpPost, Route("Login")]
+ public async Task Login([FromBody] SwaggerLoginRequest loginRequest)
+ {
+ if (loginRequest is null)
+ return new { result = false };
- if (string.IsNullOrEmpty(token))
- return Failed("token无效,请重新登录!");
- var tokenModel = JwtHelper.SerializeJwt(token);
- if (tokenModel != null && JwtHelper.customSafeVerify(token) && tokenModel.Uid > 0)
+ try
+ {
+ var result = await GetJwtToken3(loginRequest.name, loginRequest.pwd);
+ if (result.Success)
{
- var user = await _sysUserInfoServices.QueryById(tokenModel.Uid);
- var value = User.Claims.SingleOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
- if (value != null && user.CriticalModifyTime > value.ObjToDate())
- return Failed("很抱歉,授权已失效,请重新授权!");
-
- if (user != null && !(value != null && user.CriticalModifyTime > value.ObjToDate()))
- {
- var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(user.LoginName, user.LoginPWD);
- //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
- var claims = new List
- {
- new Claim(ClaimTypes.Name, user.LoginName),
- new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ObjToString()),
- new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
- new Claim(ClaimTypes.Expiration,
- DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
- };
- claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
-
- //用户标识
- var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
- identity.AddClaims(claims);
-
- var refreshToken = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
- return Success(refreshToken, "获取成功");
- }
+ HttpContext.SuccessSwagger();
+ HttpContext.SuccessSwaggerJwt(result.Data.token);
+ return new { result = true };
}
-
- return Failed("认证失败!");
}
-
- #region 用户登录
- ///
- /// 用户登录
- ///
- ///
- ///
- [HttpPost, Route("Login")]
- public async Task Login([FromBody] SwaggerLoginRequest loginRequest)
+ catch (Exception ex)
{
- if (loginRequest is null)
- return new { result = false };
+ _logger.LogWarning(ex, "Swagger登录异常");
+ }
- try
- {
- var result = await GetJwtToken3(loginRequest.name, loginRequest.pwd);
- if (result.Success)
- {
- HttpContext.SuccessSwagger();
- HttpContext.SuccessSwaggerJwt(result.Data.token);
- return new { result = true };
- }
- }
- catch (Exception ex)
- {
- _logger.LogWarning(ex, "Swagger登录异常");
- }
+ return new { result = false };
+ }
- return new { result = false };
- }
+ ///
+ /// 用户自动登录
+ ///
+ ///
+ ///
+ [HttpGet("AutoLogin/{Id}")]
+ public async Task> AutoLogin(long? Id)
+ {
+ if (Id is null)
+ return Failed("无效的用户ID");
- ///
- /// 用户自动登录
- ///
- ///
- ///
- [HttpGet("AutoLogin/{Id}")]
- public async Task> AutoLogin(long? Id)
+ try
{
- if (Id is null)
- return Failed("无效的用户ID");
-
- try
+ var user = await _ghrs_UserServices.Query(d => d.UserId == Id);
+ if (user.Count > 0)
{
- var user = await _ghrs_UserServices.Query(d => d.UserId == Id);
- if (user.Count > 0)
+ //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
+ var claims = new List {
+ new Claim(ClaimTypes.Name, user.FirstOrDefault().UserId.ToString()),
+ new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().UserId.ToString()),
+ new Claim("TenantId", "0"),
+ new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
+ new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
+ };
+ var result = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
+
+ if (result.success)
{
- //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
- var claims = new List {
- new Claim(ClaimTypes.Name, user.FirstOrDefault().UserId.ToString()),
- new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().UserId.ToString()),
- new Claim("TenantId", "0"),
- new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
- new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
- };
- var result = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
-
- if (result.success)
- {
- HttpContext.SuccessSwagger();
- HttpContext.SuccessSwaggerJwt(result.token);
- return Success(result.token);
- }
+ HttpContext.SuccessSwagger();
+ HttpContext.SuccessSwaggerJwt(result.token);
+ return Success(result.token);
}
}
- catch (Exception E)
- {
- _logger.LogWarning(E, E.Message);
- return Failed(E.Message);
- }
- return Failed("自动登录失败");
}
-
- #endregion
+ catch (Exception E)
+ {
+ _logger.LogWarning(E, E.Message);
+ return Failed(E.Message);
+ }
+ return Failed("自动登录失败");
}
+
+ #endregion
}
\ No newline at end of file