Simon
/
Tiobon.Web.Core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

代码优化

Browse Source
master
xiaochanghai 1 year ago
parent 2fe37e1fef
commit 28ca041205
1 changed files with 248 additions and 250 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 498
      Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs

498
Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
Unescape View File

@ -1,313 +1,311 @@
using Tiobon.Core.AuthHelper; using System.IdentityModel.Tokens.Jwt;
using Tiobon.Core.AuthHelper.OverWrite;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims; using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Tiobon.Core.AuthHelper;
using Tiobon.Core.AuthHelper.OverWrite;
using Tiobon.Core.Common.Swagger; using Tiobon.Core.Common.Swagger;
using MySqlX.XDevAPI.Common;
namespace Tiobon.Core.Controllers namespace Tiobon.Core.Controllers;
/// <summary>
/// 登录管理【无权限】
/// </summary>
[Produces("application/json")]
[Route("api/[controller]")]
[ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)]
[AllowAnonymous]
public class AuthorizeController : BaseApiController
{ {
readonly ISysUserInfoServices _sysUserInfoServices;
readonly IGhrs_UserServices _ghrs_UserServices;
readonly PermissionRequirement _requirement;
private readonly IRoleModulePermissionServices _roleModulePermissionServices;
private readonly ILogger<AuthorizeController> _logger;
/// <summary> /// <summary>
/// 登录管理【无权限】 /// 构造函数注入
/// </summary> /// </summary>
[Produces("application/json")] /// <param name="sysUserInfoServices"></param>
[Route("api/[controller]")] /// <param name="ghrs_UserServices"></param>
[ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)] /// <param name="requirement"></param>
[AllowAnonymous] /// <param name="roleModulePermissionServices"></param>
public class AuthorizeController : BaseApiController /// <param name="logger"></param>
public AuthorizeController(ISysUserInfoServices sysUserInfoServices, IGhrs_UserServices ghrs_UserServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices, ILogger<AuthorizeController> logger)
{ {
readonly ISysUserInfoServices _sysUserInfoServices; this._sysUserInfoServices = sysUserInfoServices;
readonly IGhrs_UserServices _ghrs_UserServices; this._ghrs_UserServices = ghrs_UserServices;
readonly PermissionRequirement _requirement; _requirement = requirement;
private readonly IRoleModulePermissionServices _roleModulePermissionServices; _roleModulePermissionServices = roleModulePermissionServices;
private readonly ILogger<AuthorizeController> _logger; _logger = logger;
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="sysUserInfoServices"></param>
/// <param name="ghrs_UserServices"></param>
/// <param name="requirement"></param>
/// <param name="roleModulePermissionServices"></param>
/// <param name="logger"></param>
public AuthorizeController(ISysUserInfoServices sysUserInfoServices, IGhrs_UserServices ghrs_UserServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices, ILogger<AuthorizeController> logger)
{
this._sysUserInfoServices = sysUserInfoServices;
this._ghrs_UserServices = ghrs_UserServices;
_requirement = requirement;
_roleModulePermissionServices = roleModulePermissionServices;
_logger = logger;
}
#region 获取token的第1种方法 #region 获取token的第1种方法
/// <summary>
/// 获取JWT的方法1
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[NonAction]
[HttpGet, Route("Token")]
public async Task<ServiceResult<string>> GetJwtStr(string name, string pass)
{
string jwtStr = string.Empty;
bool suc = false;
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
/// <summary> var user = await _sysUserInfoServices.GetUserRoleNameStr(name, MD5Helper.MD5Encrypt32(pass));
/// 获取JWT的方法1 if (user != null)
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[NonAction]
[HttpGet, Route("Token")]
public async Task<ServiceResult<string>> GetJwtStr(string name, string pass)
{ {
string jwtStr = string.Empty; TokenModelJwt tokenModel = new TokenModelJwt { Uid = 1, Role = user };
bool suc = false;
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
var user = await _sysUserInfoServices.GetUserRoleNameStr(name, MD5Helper.MD5Encrypt32(pass)); jwtStr = JwtHelper.IssueJwt(tokenModel);
if (user != null) suc = true;
{ }
TokenModelJwt tokenModel = new TokenModelJwt { Uid = 1, Role = user }; else
jwtStr = "login fail!!!";
jwtStr = JwtHelper.IssueJwt(tokenModel); return new ServiceResult<string>()
suc = true; {
} Success = suc,
else Message = suc ? "获取成功" : "获取失败",
jwtStr = "login fail!!!"; Data = jwtStr
};
}
return new ServiceResult<string>()
/// <summary>
/// 获取JWT的方法2:给Nuxt提供
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[HttpGet]
[NonAction]
[Route("GetTokenNuxt")]
public ServiceResult<string> GetJwtStrForNuxt(string name, string pass)
{
string jwtStr = string.Empty;
bool suc = false;
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
//这里直接写死了
if (name == "admins" && pass == "admins")
{
TokenModelJwt tokenModel = new TokenModelJwt
{ {
Success = suc, Uid = 1,
Message = suc ? "获取成功" : "获取失败", Role = "Admin"
Data = jwtStr
}; };
jwtStr = JwtHelper.IssueJwt(tokenModel);
suc = true;
} }
else
jwtStr = "login fail!!!";
//var result = new
//{
// data = new { success = suc, token = jwtStr }
//};
/// <summary> return new ServiceResult<string>()
/// 获取JWT的方法2:给Nuxt提供
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[HttpGet]
[NonAction]
[Route("GetTokenNuxt")]
public ServiceResult<string> GetJwtStrForNuxt(string name, string pass)
{ {
string jwtStr = string.Empty; Success = suc,
bool suc = false; Message = suc ? "获取成功" : "获取失败",
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作 Data = jwtStr
//这里直接写死了 };
if (name == "admins" && pass == "admins") }
{
TokenModelJwt tokenModel = new TokenModelJwt #endregion
{
Uid = 1,
Role = "Admin"
};
jwtStr = JwtHelper.IssueJwt(tokenModel);
suc = true;
}
else
jwtStr = "login fail!!!";
//var result = new /// <summary>
//{ /// 获取JWT的方法3:整个系统主要方法
// data = new { success = suc, token = jwtStr } /// </summary>
//}; /// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[NonAction]
[HttpGet, Route("JWTToken3.0")]
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtToken3(string name = "", string pass = "")
{
string jwtStr = string.Empty;
return new ServiceResult<string>() if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pass))
return Failed<TokenInfoViewModel>("用户名或密码不能为空");
pass = MD5Helper.MD5Encrypt32(pass);
var user = await _sysUserInfoServices.Query(d =>
d.LoginName == name && d.LoginPWD == pass && d.IsDeleted == false);
if (user.Count > 0)
{
var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim>
{ {
Success = suc, new Claim(ClaimTypes.Name, user.FirstOrDefault().Id.ToString()),
Message = suc ? "获取成功" : "获取失败", new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id.ToString()),
Data = jwtStr new Claim("TenantId", user.FirstOrDefault().TenantId.ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
}; };
} claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
#endregion
// ids4和jwt切换
// jwt
if (!Permissions.IsUseIds4)
{
var data = await _roleModulePermissionServices.RoleModuleMaps();
var list = (from item in data
where item.IsDeleted == false
orderby item.Id
select new PermissionItem
{
Url = item.Module?.LinkUrl,
Role = item.Role?.Name.ObjToString(),
}).ToList();
_requirement.Permissions = list;
}
/// <summary> var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
/// 获取JWT的方法3:整个系统主要方法 return Success(token, "获取成功");
/// </summary> }
/// <param name="name"></param> else
/// <param name="pass"></param> return Failed<TokenInfoViewModel>("认证失败");
/// <returns></returns> }
[NonAction]
[HttpGet, Route("JWTToken3.0")]
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtToken3(string name = "", string pass = "")
{
string jwtStr = string.Empty;
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pass)) [NonAction]
return Failed<TokenInfoViewModel>("用户名或密码不能为空"); [HttpGet, Route("GetJwtTokenSecret")]
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtTokenSecret(string name = "", string pass = "")
{
var rlt = await GetJwtToken3(name, pass);
return rlt;
}
/// <summary>
/// 请求刷新Token(以旧换新)
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
[HttpGet, Route("RefreshToken")]
public async Task<ServiceResult<TokenInfoViewModel>> RefreshToken(string token = "")
{
string jwtStr = string.Empty;
pass = MD5Helper.MD5Encrypt32(pass); if (string.IsNullOrEmpty(token))
return Failed<TokenInfoViewModel>("token无效,请重新登录!");
var tokenModel = JwtHelper.SerializeJwt(token);
if (tokenModel != null && JwtHelper.customSafeVerify(token) && tokenModel.Uid > 0)
{
var user = await _sysUserInfoServices.QueryById(tokenModel.Uid);
var value = User.Claims.SingleOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
if (value != null && user.CriticalModifyTime > value.ObjToDate())
return Failed<TokenInfoViewModel>("很抱歉,授权已失效,请重新授权!");
var user = await _sysUserInfoServices.Query(d => if (user != null && !(value != null && user.CriticalModifyTime > value.ObjToDate()))
d.LoginName == name && d.LoginPWD == pass && d.IsDeleted == false);
if (user.Count > 0)
{ {
var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(name, pass); var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(user.LoginName, user.LoginPWD);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色 //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim> var claims = new List<Claim>
{ {
new Claim(ClaimTypes.Name, user.FirstOrDefault().Id.ToString()), new Claim(ClaimTypes.Name, user.LoginName),
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id.ToString()), new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ObjToString()),
new Claim("TenantId", user.FirstOrDefault().TenantId.ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()), new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration, new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString()) DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
}; };
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s))); claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
// ids4和jwt切换 var refreshToken = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
// jwt return Success(refreshToken, "获取成功");
if (!Permissions.IsUseIds4)
{
var data = await _roleModulePermissionServices.RoleModuleMaps();
var list = (from item in data
where item.IsDeleted == false
orderby item.Id
select new PermissionItem
{
Url = item.Module?.LinkUrl,
Role = item.Role?.Name.ObjToString(),
}).ToList();
_requirement.Permissions = list;
}
var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
return Success(token, "获取成功");
} }
else
return Failed<TokenInfoViewModel>("认证失败");
} }
[NonAction] return Failed<TokenInfoViewModel>("认证失败!");
[HttpGet, Route("GetJwtTokenSecret")] }
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtTokenSecret(string name = "", string pass = "")
{
var rlt = await GetJwtToken3(name, pass);
return rlt;
}
/// <summary> #region 用户登录
/// 请求刷新Token(以旧换新) /// <summary>
/// </summary> /// 用户登录
/// <param name="token"></param> /// </summary>
/// <returns></returns> /// <param name="loginRequest"></param>
[HttpGet, Route("RefreshToken")] /// <returns></returns>
public async Task<ServiceResult<TokenInfoViewModel>> RefreshToken(string token = "") [HttpPost, Route("Login")]
{ public async Task<dynamic> Login([FromBody] SwaggerLoginRequest loginRequest)
string jwtStr = string.Empty; {
if (loginRequest is null)
return new { result = false };
if (string.IsNullOrEmpty(token)) try
return Failed<TokenInfoViewModel>("token无效,请重新登录!"); {
var tokenModel = JwtHelper.SerializeJwt(token); var result = await GetJwtToken3(loginRequest.name, loginRequest.pwd);
if (tokenModel != null && JwtHelper.customSafeVerify(token) && tokenModel.Uid > 0) if (result.Success)
{ {
var user = await _sysUserInfoServices.QueryById(tokenModel.Uid); HttpContext.SuccessSwagger();
var value = User.Claims.SingleOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value; HttpContext.SuccessSwaggerJwt(result.Data.token);
if (value != null && user.CriticalModifyTime > value.ObjToDate()) return new { result = true };
return Failed<TokenInfoViewModel>("很抱歉,授权已失效,请重新授权!");
if (user != null && !(value != null && user.CriticalModifyTime > value.ObjToDate()))
{
var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(user.LoginName, user.LoginPWD);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.LoginName),
new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ObjToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
var refreshToken = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
return Success(refreshToken, "获取成功");
}
} }
return Failed<TokenInfoViewModel>("认证失败!");
} }
catch (Exception ex)
#region 用户登录
/// <summary>
/// 用户登录
/// </summary>
/// <param name="loginRequest"></param>
/// <returns></returns>
[HttpPost, Route("Login")]
public async Task<dynamic> Login([FromBody] SwaggerLoginRequest loginRequest)
{ {
if (loginRequest is null) _logger.LogWarning(ex, "Swagger登录异常");
return new { result = false }; }
try return new { result = false };
{ }
var result = await GetJwtToken3(loginRequest.name, loginRequest.pwd);
if (result.Success)
{
HttpContext.SuccessSwagger();
HttpContext.SuccessSwaggerJwt(result.Data.token);
return new { result = true };
}
}
catch (Exception ex)
{
_logger.LogWarning(ex, "Swagger登录异常");
}
return new { result = false }; /// <summary>
} /// 用户自动登录
/// </summary>
/// <param name="Id"></param>
/// <returns></returns>
[HttpGet("AutoLogin/{Id}")]
public async Task<ServiceResult<string>> AutoLogin(long? Id)
{
if (Id is null)
return Failed<string>("无效的用户ID");
/// <summary> try
/// 用户自动登录
/// </summary>
/// <param name="Id"></param>
/// <returns></returns>
[HttpGet("AutoLogin/{Id}")]
public async Task<ServiceResult<string>> AutoLogin(long? Id)
{ {
if (Id is null) var user = await _ghrs_UserServices.Query(d => d.UserId == Id);
return Failed<string>("无效的用户ID"); if (user.Count > 0)
try
{ {
var user = await _ghrs_UserServices.Query(d => d.UserId == Id); //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
if (user.Count > 0) var claims = new List<Claim> {
new Claim(ClaimTypes.Name, user.FirstOrDefault().UserId.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().UserId.ToString()),
new Claim("TenantId", "0"),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
var result = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
if (result.success)
{ {
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色 HttpContext.SuccessSwagger();
var claims = new List<Claim> { HttpContext.SuccessSwaggerJwt(result.token);
new Claim(ClaimTypes.Name, user.FirstOrDefault().UserId.ToString()), return Success<string>(result.token);
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().UserId.ToString()),
new Claim("TenantId", "0"),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
var result = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
if (result.success)
{
HttpContext.SuccessSwagger();
HttpContext.SuccessSwaggerJwt(result.token);
return Success<string>(result.token);
}
} }
} }
catch (Exception E)
{
_logger.LogWarning(E, E.Message);
return Failed<string>(E.Message);
}
return Failed<string>("自动登录失败");
} }
catch (Exception E)
#endregion {
_logger.LogWarning(E, E.Message);
return Failed<string>(E.Message);
}
return Failed<string>("自动登录失败");
} }
#endregion
} }
Write Preview
Loading…
Cancel
Save