Simon
/
Tiobon.Web.Core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

新增用户自动登录接口

Browse Source
master
xiaochanghai 1 year ago
parent 88253b30e9
commit 563a22cd93
10 changed files with 478 additions and 104 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 313
      Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
  2. 0
      Tiobon.Core.Api/Controllers/Ggra/Ghra_GradeController.cs
  3. 2
      Tiobon.Core.Api/Controllers/LoginController.cs
  4. 36
      Tiobon.Core.Api/Tiobon.Core.Model.xml
  5. 62
      Tiobon.Core.Api/Tiobon.Core.xml
  6. 3
      Tiobon.Core.Api/appsettings.json
  7. 151
      Tiobon.Core.Extensions/Authorizations/Policys/PermissionHandler.cs
  8. 6
      Tiobon.Core.Extensions/ServiceExtensions/AuthorizationSetup.cs
  9. 6
      Tiobon.Core.Model/Base/BasePoco.cs
  10. 3
      Tiobon.Core.Model/Models/Ghrs/Ghrs_User.cs

313
Tiobon.Core.Api/Controllers/Authorize/AuthorizeController.cs
Unescape View File

@ -0,0 +1,313 @@
using Tiobon.Core.AuthHelper;
using Tiobon.Core.AuthHelper.OverWrite;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Tiobon.Core.Common.Swagger;
using MySqlX.XDevAPI.Common;
namespace Tiobon.Core.Controllers
{
/// <summary>
/// 登录管理【无权限】
/// </summary>
[Produces("application/json")]
[Route("api/[controller]")]
[ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)]
[AllowAnonymous]
public class AuthorizeController : BaseApiController
{
readonly ISysUserInfoServices _sysUserInfoServices;
readonly IGhrs_UserServices _ghrs_UserServices;
readonly PermissionRequirement _requirement;
private readonly IRoleModulePermissionServices _roleModulePermissionServices;
private readonly ILogger<AuthorizeController> _logger;
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="sysUserInfoServices"></param>
/// <param name="ghrs_UserServices"></param>
/// <param name="requirement"></param>
/// <param name="roleModulePermissionServices"></param>
/// <param name="logger"></param>
public AuthorizeController(ISysUserInfoServices sysUserInfoServices, IGhrs_UserServices ghrs_UserServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices, ILogger<AuthorizeController> logger)
{
this._sysUserInfoServices = sysUserInfoServices;
this._ghrs_UserServices = ghrs_UserServices;
_requirement = requirement;
_roleModulePermissionServices = roleModulePermissionServices;
_logger = logger;
}
#region 获取token的第1种方法
/// <summary>
/// 获取JWT的方法1
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[NonAction]
[HttpGet, Route("Token")]
public async Task<ServiceResult<string>> GetJwtStr(string name, string pass)
{
string jwtStr = string.Empty;
bool suc = false;
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
var user = await _sysUserInfoServices.GetUserRoleNameStr(name, MD5Helper.MD5Encrypt32(pass));
if (user != null)
{
TokenModelJwt tokenModel = new TokenModelJwt { Uid = 1, Role = user };
jwtStr = JwtHelper.IssueJwt(tokenModel);
suc = true;
}
else
jwtStr = "login fail!!!";
return new ServiceResult<string>()
{
Success = suc,
Message = suc ? "获取成功" : "获取失败",
Data = jwtStr
};
}
/// <summary>
/// 获取JWT的方法2:给Nuxt提供
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[HttpGet]
[NonAction]
[Route("GetTokenNuxt")]
public ServiceResult<string> GetJwtStrForNuxt(string name, string pass)
{
string jwtStr = string.Empty;
bool suc = false;
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
//这里直接写死了
if (name == "admins" && pass == "admins")
{
TokenModelJwt tokenModel = new TokenModelJwt
{
Uid = 1,
Role = "Admin"
};
jwtStr = JwtHelper.IssueJwt(tokenModel);
suc = true;
}
else
jwtStr = "login fail!!!";
//var result = new
//{
// data = new { success = suc, token = jwtStr }
//};
return new ServiceResult<string>()
{
Success = suc,
Message = suc ? "获取成功" : "获取失败",
Data = jwtStr
};
}
#endregion
/// <summary>
/// 获取JWT的方法3:整个系统主要方法
/// </summary>
/// <param name="name"></param>
/// <param name="pass"></param>
/// <returns></returns>
[NonAction]
[HttpGet, Route("JWTToken3.0")]
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtToken3(string name = "", string pass = "")
{
string jwtStr = string.Empty;
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pass))
return Failed<TokenInfoViewModel>("用户名或密码不能为空");
pass = MD5Helper.MD5Encrypt32(pass);
var user = await _sysUserInfoServices.Query(d =>
d.LoginName == name && d.LoginPWD == pass && d.IsDeleted == false);
if (user.Count > 0)
{
var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.FirstOrDefault().Id.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id.ToString()),
new Claim("TenantId", user.FirstOrDefault().TenantId.ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
// ids4和jwt切换
// jwt
if (!Permissions.IsUseIds4)
{
var data = await _roleModulePermissionServices.RoleModuleMaps();
var list = (from item in data
where item.IsDeleted == false
orderby item.Id
select new PermissionItem
{
Url = item.Module?.LinkUrl,
Role = item.Role?.Name.ObjToString(),
}).ToList();
_requirement.Permissions = list;
}
var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
return Success(token, "获取成功");
}
else
return Failed<TokenInfoViewModel>("认证失败");
}
[NonAction]
[HttpGet, Route("GetJwtTokenSecret")]
public async Task<ServiceResult<TokenInfoViewModel>> GetJwtTokenSecret(string name = "", string pass = "")
{
var rlt = await GetJwtToken3(name, pass);
return rlt;
}
/// <summary>
/// 请求刷新Token(以旧换新)
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
[HttpGet, Route("RefreshToken")]
public async Task<ServiceResult<TokenInfoViewModel>> RefreshToken(string token = "")
{
string jwtStr = string.Empty;
if (string.IsNullOrEmpty(token))
return Failed<TokenInfoViewModel>("token无效,请重新登录!");
var tokenModel = JwtHelper.SerializeJwt(token);
if (tokenModel != null && JwtHelper.customSafeVerify(token) && tokenModel.Uid > 0)
{
var user = await _sysUserInfoServices.QueryById(tokenModel.Uid);
var value = User.Claims.SingleOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
if (value != null && user.CriticalModifyTime > value.ObjToDate())
return Failed<TokenInfoViewModel>("很抱歉,授权已失效,请重新授权!");
if (user != null && !(value != null && user.CriticalModifyTime > value.ObjToDate()))
{
var userRoles = await _sysUserInfoServices.GetUserRoleNameStr(user.LoginName, user.LoginPWD);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.LoginName),
new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ObjToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration,
DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
var refreshToken = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
return Success(refreshToken, "获取成功");
}
}
return Failed<TokenInfoViewModel>("认证失败!");
}
#region 用户登录
/// <summary>
/// 用户登录
/// </summary>
/// <param name="loginRequest"></param>
/// <returns></returns>
[HttpPost, Route("Login")]
public async Task<dynamic> Login([FromBody] SwaggerLoginRequest loginRequest)
{
if (loginRequest is null)
return new { result = false };
try
{
var result = await GetJwtToken3(loginRequest.name, loginRequest.pwd);
if (result.Success)
{
HttpContext.SuccessSwagger();
HttpContext.SuccessSwaggerJwt(result.Data.token);
return new { result = true };
}
}
catch (Exception ex)
{
_logger.LogWarning(ex, "Swagger登录异常");
}
return new { result = false };
}
/// <summary>
/// 用户自动登录
/// </summary>
/// <param name="Id"></param>
/// <returns></returns>
[HttpGet("AutoLogin/{Id}")]
public async Task<ServiceResult<string>> AutoLogin(long? Id)
{
if (Id is null)
return Failed<string>("无效的用户ID");
try
{
var user = await _ghrs_UserServices.Query(d => d.UserId == Id);
if (user.Count > 0)
{
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List<Claim> {
new Claim(ClaimTypes.Name, user.FirstOrDefault().UserId.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().UserId.ToString()),
new Claim("TenantId", "0"),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.Now.DateToTimeStamp()),
new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
var result = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
if (result.success)
{
HttpContext.SuccessSwagger();
HttpContext.SuccessSwaggerJwt(result.token);
return Success<string>(result.token);
}
}
}
catch (Exception E)
{
_logger.LogWarning(E, E.Message);
return Failed<string>(E.Message);
}
return Failed<string>("自动登录失败");
}
#endregion
}
}

0
Tiobon.Core.Api/Controllers/Ghra_GradeController.cs → Tiobon.Core.Api/Controllers/Ggra/Ghra_GradeController.cs
Unescape View File

2
Tiobon.Core.Api/Controllers/LoginController.cs
Unescape View File

@ -12,7 +12,7 @@ namespace Tiobon.Core.Controllers
/// 登录管理【无权限】
/// </summary>
[Produces("application/json")]
[Route("api/Login"), ApiExplorerSettings(GroupName = Grouping.GroupName_Auth)]
[Route("api/Login"), ApiExplorerSettings(GroupName = Grouping.GroupName_Other)]
[AllowAnonymous]
public class LoginController : BaseApiController
{

36
Tiobon.Core.Api/Tiobon.Core.Model.xml
Unescape View File

@ -9,67 +9,67 @@
表主键
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.SortNo">
<member name="P:Tiobon.Core.Model.BasePoco1.SortNo">
<summary>
序号
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.IsEnable">
<member name="P:Tiobon.Core.Model.BasePoco1.IsEnable">
<summary>
1:有效,0:未生效
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.IsDefault">
<member name="P:Tiobon.Core.Model.BasePoco1.IsDefault">
<summary>
是否默认
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.OperateLogID">
<member name="P:Tiobon.Core.Model.BasePoco1.OperateLogID">
<summary>
操作日志ID
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.CreateBy">
<member name="P:Tiobon.Core.Model.BasePoco1.CreateBy">
<summary>
创建人
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.CreateTime">
<member name="P:Tiobon.Core.Model.BasePoco1.CreateTime">
<summary>
创建时间
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.CreateProg">
<member name="P:Tiobon.Core.Model.BasePoco1.CreateProg">
<summary>
创建程序
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.CreateIP">
<member name="P:Tiobon.Core.Model.BasePoco1.CreateIP">
<summary>
创建IP
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.UpdateBy">
<member name="P:Tiobon.Core.Model.BasePoco1.UpdateBy">
<summary>
最后修改人
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.UpdateTime">
<member name="P:Tiobon.Core.Model.BasePoco1.UpdateTime">
<summary>
最后修改时间
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.UpdateProg">
<member name="P:Tiobon.Core.Model.BasePoco1.UpdateProg">
<summary>
最后修改程序
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.UpdateIP">
<member name="P:Tiobon.Core.Model.BasePoco1.UpdateIP">
<summary>
最后修改IP
</summary>
</member>
<member name="P:Tiobon.Core.Model.BasePoco.RemarkSz">
<member name="P:Tiobon.Core.Model.BasePoco1.RemarkSz">
<summary>
备注
</summary>
@ -156,7 +156,7 @@
</member>
<member name="T:Tiobon.Core.Model.Models.Ghrs_UserBase">
<summary>
Ghrs_User (Dto.Base)
系统用户 (Dto.Base)
</summary>
</member>
<member name="P:Tiobon.Core.Model.Models.Ghrs_UserBase.UserId">
@ -335,7 +335,7 @@
</member>
<member name="T:Tiobon.Core.Model.Models.EditGhrs_UserInput">
<summary>
Ghrs_User (Dto.EditInput)
系统用户 (Dto.EditInput)
</summary>
</member>
<member name="T:Tiobon.Core.Model.Models.InsertGhra_GradeInput">
@ -345,7 +345,7 @@
</member>
<member name="T:Tiobon.Core.Model.Models.InsertGhrs_UserInput">
<summary>
Ghrs_User (Dto.InsertInput)
系统用户 (Dto.InsertInput)
</summary>
</member>
<member name="T:Tiobon.Core.Model.Models.AccessTrendLog">
@ -651,7 +651,7 @@
</member>
<member name="T:Tiobon.Core.Model.Models.Ghrs_User">
<summary>
Ghrs_User (Model)
系统用户 (Model)
</summary>
</member>
<member name="P:Tiobon.Core.Model.Models.Ghrs_User.UserId">
@ -1679,7 +1679,7 @@
</member>
<member name="T:Tiobon.Core.Model.Models.Ghrs_UserDto">
<summary>
Ghrs_User(Dto.View)
系统用户(Dto.View)
</summary>
</member>
<member name="F:Tiobon.Core.Model.AuthorityScopeEnum.NONE">

62
Tiobon.Core.Api/Tiobon.Core.xml
Unescape View File

@ -4,6 +4,66 @@
<name>Tiobon.Core.Api</name>
</assembly>
<members>
<member name="T:Tiobon.Core.Controllers.AuthorizeController">
<summary>
登录管理【无权限】
</summary>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.#ctor(Tiobon.Core.IServices.ISysUserInfoServices,Tiobon.Core.IServices.IGhrs_UserServices,Tiobon.Core.AuthHelper.PermissionRequirement,Tiobon.Core.IServices.IRoleModulePermissionServices,Microsoft.Extensions.Logging.ILogger{Tiobon.Core.Controllers.AuthorizeController})">
<summary>
构造函数注入
</summary>
<param name="sysUserInfoServices"></param>
<param name="ghrs_UserServices"></param>
<param name="requirement"></param>
<param name="roleModulePermissionServices"></param>
<param name="logger"></param>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.GetJwtStr(System.String,System.String)">
<summary>
获取JWT的方法1
</summary>
<param name="name"></param>
<param name="pass"></param>
<returns></returns>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.GetJwtStrForNuxt(System.String,System.String)">
<summary>
获取JWT的方法2:给Nuxt提供
</summary>
<param name="name"></param>
<param name="pass"></param>
<returns></returns>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.GetJwtToken3(System.String,System.String)">
<summary>
获取JWT的方法3:整个系统主要方法
</summary>
<param name="name"></param>
<param name="pass"></param>
<returns></returns>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.RefreshToken(System.String)">
<summary>
请求刷新Token(以旧换新)
</summary>
<param name="token"></param>
<returns></returns>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.Login(Tiobon.Core.Controllers.SwaggerLoginRequest)">
<summary>
用户登录
</summary>
<param name="loginRequest"></param>
<returns></returns>
</member>
<member name="M:Tiobon.Core.Controllers.AuthorizeController.AutoLogin(System.Nullable{System.Int64})">
<summary>
用户自动登录
</summary>
<param name="Id"></param>
<returns></returns>
</member>
<member name="T:Tiobon.Core.Controllers.BaseController`5">
<summary>
增删改查基础服务
@ -374,7 +434,7 @@
</member>
<member name="T:Tiobon.Core.Api.Controllers.Ghrs_UserController">
<summary>
Ghrs_User(Controller)
系统用户(Controller)
</summary>
</member>
<member name="T:Tiobon.Core.Api.Controllers.Systems.CacheManageController">

3
Tiobon.Core.Api/appsettings.json
Unescape View File

@ -191,7 +191,8 @@
"Secret": "sdfsdfsrty45634kkhllghtdgdfss345t678fs", //16+
"SecretFile": "C:\\my-file\\Tiobon.core.audience.secret.txt", //Secret
"Issuer": "Tiobon.Core", //
"Audience": "wr" //
"Audience": "wr", //
"ExpirationHour": 72 //
},
"Mongo": {
"ConnectionString": "mongodb://nosql.data",

151
Tiobon.Core.Extensions/Authorizations/Policys/PermissionHandler.cs
Unescape View File

@ -1,21 +1,16 @@
using Tiobon.Core.Common;
using Tiobon.Core.Common.Helper;
using Tiobon.Core.Common.HttpContextUser;
using Tiobon.Core.IServices;
using Tiobon.Core.Model;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using Tiobon.Core.Common;
using Tiobon.Core.Common.Helper;
using Tiobon.Core.Common.HttpContextUser;
using Tiobon.Core.Common.Swagger;
using Tiobon.Core.IServices;
using Tiobon.Core.Model;
using Tiobon.Core.Model.Models;
using Tiobon.Core.Services;
namespace Tiobon.Core.AuthHelper
{
@ -31,7 +26,7 @@ namespace Tiobon.Core.AuthHelper
private readonly IRoleModulePermissionServices _roleModulePermissionServices;
private readonly IHttpContextAccessor _accessor;
private readonly ISysUserInfoServices _userServices;
private readonly IGhrs_UserServices _ghrs_UserServices;
private readonly IUser _user;
/// <summary>
@ -40,14 +35,14 @@ namespace Tiobon.Core.AuthHelper
/// <param name="schemes"></param>
/// <param name="roleModulePermissionServices"></param>
/// <param name="accessor"></param>
/// <param name="userServices"></param>
/// <param name="ghrs_UserServices"></param>
/// <param name="user"></param>
public PermissionHandler(IAuthenticationSchemeProvider schemes,
IRoleModulePermissionServices roleModulePermissionServices, IHttpContextAccessor accessor,
ISysUserInfoServices userServices, IUser user)
IGhrs_UserServices ghrs_UserServices, IUser user)
{
_accessor = accessor;
_userServices = userServices;
_ghrs_UserServices = ghrs_UserServices;
_user = user;
Schemes = schemes;
_roleModulePermissionServices = roleModulePermissionServices;
@ -135,11 +130,11 @@ namespace Tiobon.Core.AuthHelper
//应该要先校验用户的信息 再校验菜单权限相关的
// JWT模式下校验当前用户状态
// IDS4也可以校验,可以通过服务或者接口形式
SysUserInfo user = new();
Ghrs_User user = new();
if (!Permissions.IsUseIds4)
{
//校验用户
user = await _userServices.QueryById(_user.ID, true);
user = await _ghrs_UserServices.QueryById(_user.ID, true);
if (user == null)
{
_user.MessageModel = new ApiResponse(StatusCode.CODE401, "用户不存在或已被删除").MessageModel;
@ -147,19 +142,19 @@ namespace Tiobon.Core.AuthHelper
return;
}
if (user.IsDeleted)
if (user.IsEnable == 0)
{
_user.MessageModel = new ApiResponse(StatusCode.CODE401, "用户已被删除,禁止登陆!").MessageModel;
context.Fail(new AuthorizationFailureReason(this, _user.MessageModel.Message));
return;
}
if (!user.Enable)
{
_user.MessageModel = new ApiResponse(StatusCode.CODE401, "用户已被禁用!禁止登陆!").MessageModel;
context.Fail(new AuthorizationFailureReason(this, _user.MessageModel.Message));
return;
}
//if (!user.Enable)
//{
// _user.MessageModel = new ApiResponse(StatusCode.CODE401, "用户已被禁用!禁止登陆!").MessageModel;
// context.Fail(new AuthorizationFailureReason(this, _user.MessageModel.Message));
// return;
//}
}
// 判断token是否过期,过期则重新登录
@ -190,63 +185,63 @@ namespace Tiobon.Core.AuthHelper
//校验签发时间
if (!Permissions.IsUseIds4)
{
var value = httpContext.User.Claims
.FirstOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
if (value != null)
{
if (user.CriticalModifyTime > value.ObjToDate())
{
_user.MessageModel = new ApiResponse(StatusCode.CODE401, "很抱歉,授权已失效,请重新授权")
.MessageModel;
context.Fail(new AuthorizationFailureReason(this, _user.MessageModel.Message));
return;
}
}
}
//if (!Permissions.IsUseIds4)
//{
// var value = httpContext.User.Claims
// .FirstOrDefault(s => s.Type == JwtRegisteredClaimNames.Iat)?.Value;
// if (value != null)
// {
// if (user.CriticalModifyTime > value.ObjToDate())
// {
// _user.MessageModel = new ApiResponse(StatusCode.CODE401, "很抱歉,授权已失效,请重新授权")
// .MessageModel;
// context.Fail(new AuthorizationFailureReason(this, _user.MessageModel.Message));
// return;
// }
// }
//}
// 获取当前用户的角色信息
var currentUserRoles = new List<string>();
currentUserRoles = (from item in httpContext.User.Claims
where item.Type == ClaimTypes.Role
select item.Value).ToList();
if (!currentUserRoles.Any())
{
currentUserRoles = (from item in httpContext.User.Claims
where item.Type == "role"
select item.Value).ToList();
}
//var currentUserRoles = new List<string>();
//currentUserRoles = (from item in httpContext.User.Claims
// where item.Type == ClaimTypes.Role
// select item.Value).ToList();
//if (!currentUserRoles.Any())
//{
// currentUserRoles = (from item in httpContext.User.Claims
// where item.Type == "role"
// select item.Value).ToList();
//}
//超级管理员 默认拥有所有权限
if (currentUserRoles.All(s => s != "SuperAdmin"))
{
var isMatchRole = false;
var permisssionRoles =
requirement.Permissions.Where(w => currentUserRoles.Contains(w.Role));
foreach (var item in permisssionRoles)
{
try
{
if (Regex.Match(questUrl, item.Url?.ObjToString().ToLower())?.Value == questUrl)
{
isMatchRole = true;
break;
}
}
catch (Exception)
{
// ignored
}
}
////超级管理员 默认拥有所有权限
//if (currentUserRoles.All(s => s != "SuperAdmin"))
//{
// var isMatchRole = false;
// var permisssionRoles =
// requirement.Permissions.Where(w => currentUserRoles.Contains(w.Role));
// foreach (var item in permisssionRoles)
// {
// try
// {
// if (Regex.Match(questUrl, item.Url?.ObjToString().ToLower())?.Value == questUrl)
// {
// isMatchRole = true;
// break;
// }
// }
// catch (Exception)
// {
// // ignored
// }
// }
//验证权限
if (currentUserRoles.Count <= 0 || !isMatchRole)
{
context.Fail();
return;
}
}
// //验证权限
// if (currentUserRoles.Count <= 0 || !isMatchRole)
// {
// context.Fail();
// return;
// }
//}
context.Succeed(requirement);

6
Tiobon.Core.Extensions/ServiceExtensions/AuthorizationSetup.cs
Unescape View File

@ -9,6 +9,7 @@ using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text;
using System.Security;
namespace Tiobon.Core.Extensions
{
@ -47,7 +48,8 @@ namespace Tiobon.Core.Extensions
var signingKey = new SymmetricSecurityKey(keyByteArray);
var Issuer = AppSettings.app(new string[] { "Audience", "Issuer" });
var Audience = AppSettings.app(new string[] { "Audience", "Audience" });
var ExpirationHourString = AppSettings.app(new string[] { "Audience", "ExpirationHour" });
var ExpirationHour = string.IsNullOrWhiteSpace(ExpirationHourString) ? 4 : Convert.ToInt32(ExpirationHourString);
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
// 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值
@ -61,7 +63,7 @@ namespace Tiobon.Core.Extensions
Issuer,//发行人
Audience,//听众
signingCredentials,//签名凭据
expiration: TimeSpan.FromSeconds(240 * 60)//接口的过期时间
expiration: TimeSpan.FromSeconds(240 * 60 * ExpirationHour)//接口的过期时间
);
#endregion
// 3、自定义复杂的策略授权

6
Tiobon.Core.Model/Base/BasePoco.cs
Unescape View File

@ -5,7 +5,7 @@ using Tiobon.Core.Model.Models.RootTkey.Interface;
namespace Tiobon.Core.Model
{
public class BasePoco : IBaseDeleteFilter
public class BasePoco : BasePoco1
{
/// <summary>
@ -14,7 +14,9 @@ namespace Tiobon.Core.Model
//public long Id { get; set; }
[SugarColumn(IsNullable = false, IsPrimaryKey = true, IsIdentity = false), Display(Name = "表主键")]
public long Id { get; set; }
}
public class BasePoco1 : IBaseDeleteFilter
{
/// <summary>
/// 序号
/// </summary>

3
Tiobon.Core.Model/Models/Ghrs/Ghrs_User.cs
Unescape View File

@ -25,12 +25,13 @@ namespace Tiobon.Core.Model.Models
/// 系统用户 (Model)
/// </summary>
[SugarTable("Ghrs_User", "Ghrs_User"), Entity(TableCnName = "系统用户", TableName = "Ghrs_User")]
public class Ghrs_User : BasePoco
public class Ghrs_User : BasePoco1
{
/// <summary>
/// UserId
/// </summary>
[SugarColumn(IsNullable = false, IsPrimaryKey = true, IsIdentity = false), Display(Name = "表主键")]
public int? UserId { get; set; }
/// <summary>

Write Preview
Loading…
Cancel
Save