// Admin.NET 项目的版æƒã€å•†æ ‡ã€ä¸“利和其他相关æƒåˆ©å‡å—相应法律法规的ä¿æŠ¤ã€‚使用本项目应éµå®ˆç›¸å…³æ³•å¾‹æ³•è§„和许å¯è¯çš„è¦æ±‚。
//
// 本项目主è¦éµå¾ª MIT 许å¯è¯å’Œ Apache 许å¯è¯ï¼ˆç‰ˆæœ¬ 2.0)进行分å‘和使用。许å¯è¯ä½äºŽæºä»£ç æ ‘æ ¹ç›®å½•ä¸çš„ LICENSE-MIT å’Œ LICENSE-APACHE 文件。
//
// ä¸å¾—利用本项目从事å±å®³å›½å®¶å®‰å…¨ã€æ‰°ä¹±ç¤¾ä¼šç§©åºã€ä¾µçŠ¯ä»–人åˆæ³•æƒç›Šç‰æ³•å¾‹æ³•è§„ç¦æ¢çš„活动ï¼ä»»ä½•åŸºäºŽæœ¬é¡¹ç›®äºŒæ¬¡å¼€å‘è€Œäº§ç”Ÿçš„ä¸€åˆ‡æ³•å¾‹çº çº·å’Œè´£ä»»ï¼Œæˆ‘ä»¬ä¸æ‰¿æ‹…任何责任ï¼
using Admin.NET.Core;
using Admin.NET.Core.Service;
using Furion;
using Furion.Authorization;
using Furion.DataEncryption;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using System;
using System.Threading.Tasks;
namespace Admin.NET.Web.Core
{
public class JwtHandler : AppAuthorizeHandler
{
private readonly IServiceProvider _serviceProvider;
public JwtHandler(IServiceProvider serviceProvider)
{
_serviceProvider = serviceProvider;
}
/// <summary>
/// 自动刷新Token
/// </summary>
/// <param name="context"></param>
/// <param name="httpContext"></param>
/// <returns></returns>
public override async Task HandleAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
{
// var serviceProvider = context.GetCurrentHttpContext().RequestServices;
using var serviceScope = _serviceProvider.CreateScope();
// 若当å‰è´¦å·å˜åœ¨é»‘åå•ä¸åˆ™æŽˆæƒå¤±è´¥
var sysCacheService = serviceScope.ServiceProvider.GetRequiredService<SysCacheService>();
if (sysCacheService.ExistKey($"{CacheConst.KeyBlacklist}{context.User.FindFirst(ClaimConst.UserId)?.Value}"))
{
context.Fail();
context.GetCurrentHttpContext().SignoutToSwagger();
return;
}
var sysConfigService = serviceScope.ServiceProvider.GetRequiredService<SysConfigService>();
var tokenExpire = await sysConfigService.GetTokenExpire();
var refreshTokenExpire = await sysConfigService.GetRefreshTokenExpire();
if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext(), tokenExpire, refreshTokenExpire))
{
await AuthorizeHandleAsync(context);
}
else
{
context.Fail(); // 授æƒå¤±è´¥
var currentHttpContext = context.GetCurrentHttpContext();
if (currentHttpContext == null)
return;
// 跳过由于 SignatureAuthentication 引å‘的失败
if (currentHttpContext.Items.ContainsKey(SignatureAuthenticationDefaults.AuthenticateFailMsgKey))
return;
currentHttpContext.SignoutToSwagger();
}
}
public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
{
// å·²è‡ªåŠ¨éªŒè¯ Jwt Token 有效性
return await CheckAuthorizeAsync(httpContext);
}
/// <summary>
/// æƒé™æ ¡éªŒæ ¸å¿ƒé€»è¾‘
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
private static async Task<bool> CheckAuthorizeAsync(DefaultHttpContext httpContext)
{
// 登录模å¼åˆ¤æ–PCã€APP
if (App.User.FindFirst(ClaimConst.LoginMode)?.Value == ((int)LoginModeEnum.APP).ToString())
return true;
// 排除超管
if (App.User.FindFirst(ClaimConst.AccountType)?.Value == ((int)AccountTypeEnum.SuperAdmin).ToString())
return true;
// 路由å称
var routeName = httpContext.Request.Path.StartsWithSegments("/api")
? httpContext.Request.Path.Value[5..].Replace("/", ":")
: httpContext.Request.Path.Value[1..].Replace("/", ":");
var serviceScope = httpContext.RequestServices.CreateScope();
var sysMenuService = serviceScope.ServiceProvider.GetRequiredService<SysMenuService>();
// 获å–用户拥有按钮æƒé™é›†åˆ
var ownBtnPermList = await sysMenuService.GetOwnBtnPermList();
if (ownBtnPermList.Exists(u => routeName.Equals(u, StringComparison.CurrentCultureIgnoreCase)))
return true;
// 获å–系统所有按钮æƒé™é›†åˆ
var allBtnPermList = await sysMenuService.GetAllBtnPermList();
return allBtnPermList.TrueForAll(u => !routeName.Equals(u, StringComparison.CurrentCultureIgnoreCase));
}
}
}