public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
//不管是否设置检查权限,都必须是已认证身份,否则返回401
if (context.HttpContext.User.IsNull() || context.HttpContext.User.Claims.IsNullOrEmpty())
{
context.Result = _401or403(context.HttpContext, 401);
}
if (!context.HttpContext.User.IsCissyAuthenticated())
{
context.Result = _401or403(context.HttpContext, 401);
}
if (this.CissyAuthority.IsNotNull() && this.CissyAuthority.Power != 0)
{
AuthorityContext ac = context.HttpContext.GetAuthorityContext();
if (ac.IsNotNull())
{
var AskScopeAuthority = ac.AskScopeAuthority;
if (AskScopeAuthority.IsNotNullAndEmpty())
{
if (AskScopeAuthority.TryGetValue(this.CissyAuthority.PermitId, out int k))
{
if (k.Contains(this.CissyAuthority.Power))
{
ac.OK = true;
}
}
}
}
else
{
context.Result = _401or403(context.HttpContext, 401);
}
}
await Task.CompletedTask;
}
public static AuthorityContext GetAuthorityContext(this HttpContext httpContext)
{
AuthorityContext context = default;
if (httpContext.Items.TryGetValue(AuthorityContext.AuthorityContextKey, out object ac))
{
context = ac as AuthorityContext;
}
return(context);
}
public async Task InvokeAsync(HttpContext context)
{
string token = string.Empty;
if (Option.AuthenticationType == AuthenticationTypes.Cookie)
{
token = context.Request.Cookies[AuthenticationHelper.BuildCookieName(Option.Scheme)];
}
else if (Option.AuthenticationType == AuthenticationTypes.Token)
{
string tokenAuthentication = context.Request.Headers["Authorization"];
if (tokenAuthentication != null && tokenAuthentication.Contains(Option.Scheme))
{
token = tokenAuthentication.Trim().Split(" ")[1];
}
}
if (token.IsNotNullAndEmpty())
{
DefaultJwtPrincipalBuilder builder = new DefaultJwtPrincipalBuilder(this.AppConfig.AuthSecret);
var claimsPrincipal = builder.GetPrincipal(Option.Scheme, token);
if (claimsPrincipal.IsNotNull())
{
context.User = claimsPrincipal;
AuthorityContext ac = new AuthorityContext();
ac.User = claimsPrincipal;
var cl = claimsPrincipal.Claims.FirstOrDefault(m => m.Type == CissyClaimTypes.Permits);
if (cl.IsNotNull())//开始构建权限上下文
{
//step1,收集当前身份具有的权限集
string[] vs = cl.Value.Split(AuthoritySeparators.Top, StringSplitOptions.RemoveEmptyEntries);
foreach (string v in vs)
{
string[] ms = v.Split(AuthoritySeparators.FirstLevel);
if (!ac.AuthorityScopes.TryGetValue(ms[0], out Dictionary <int, int> dic))
{
dic = new Dictionary <int, int>();
ac.AuthorityScopes[ms[0]] = dic;
}
dic[int.Parse(ms[1])] = int.Parse(ms[2]);
}
//step2,搜索权限请求范围
var scope = _getAuthorityScope(context);
scope = scope.IsNullOrEmpty() ? AuthoritySeparators.DefaultScope : scope.Trim();
ac.AskScope = scope;
}
context.Items[AuthorityContext.AuthorityContextKey] = ac;
}
}
await _next.Invoke(context);
}
