/// <summary>
/// 跳过授权验证
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
private bool SkipValidateAuthorize(HttpActionContext actionContext)
{
string ip = Utils.GetClientIp();
return(actionContext.ActionDescriptor.GetCustomAttributes <IgnoreAuthorizeAttribute>().Any() ||
actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <IgnoreAuthorizeAttribute>().Any() ||
WhiteListHelper.IsWhiteIp(ip));
}
/// <summary>
/// 验证内部接口访问权限
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
private bool ValidateInnerService(HttpActionContext actionContext)
{
string ip = Utils.GetClientIp();
if (actionContext.ActionDescriptor.GetCustomAttributes <InnerServiceAttribute>().Any() ||
actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <InnerServiceAttribute>().Any())
{
return(WhiteListHelper.IsWhiteIp(ip));
}
return(false);
}
public Task Invoke(HttpContext httpContext)
{
if (!WhiteListHelper.IsPass(httpContext))
{
HttpRequest request = httpContext.Request;
//UserInfoHelper userhelp = new UserInfoHelper();
if (request.Headers.TryGetValue("X-Token", out var apiKeyHeaderValues))
{
string[] StrArr = apiKeyHeaderValues.ToString().Split('.');
string Second = Base64UrlEncoder.Decode(StrArr[1]);
JObject JSecond = JObject.Parse(Second);
var str = JSecond.Value <string>("sub");
string userdomain = JObject.Parse(str).Value <string>("usercode");
//if (userhelp.GetUserInfo(userdomain, out string json))
//{
// if (!httpContext.Session.TryGetValue(userdomain, out byte[] data))
// {
// httpContext.Session.SetString(userdomain, json);
// }
// // var content = httpContext.Session.GetString(apiKeyHeaderValues.ToString());
//}
//else
//{
// httpContext.Response.ContentType = "application/json";
// httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
// var a = new
// {
// success = false,
// msg = "此用户不存在!",
// cause = "此用户不存在"
// };
// httpContext.Response.WriteAsync(JsonConvert.SerializeObject(a));
// return Task.FromResult(0);
//}
}
else
{
httpContext.Response.ContentType = "application/json";
httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
var a = new
{
success = false,
msg = "此请求未包含JWT令牌,禁止访问!!",
cause = "此请求未包含JWT令牌,禁止访问!"
};
httpContext.Response.WriteAsync(JsonConvert.SerializeObject(a));
return(Task.FromResult(0));
}
}
return(_next(httpContext));
}
