public IDictionary <string, object> SaveGroup(IDictionary <string, object> parameters)
{
using (_dal)
{
long groupId = long.Parse(parameters["GroupId"].ToString());
string isModify = parameters["IsModify"].ToString();
if (isModify == "1")
{
string aesKey = parameters["AesKey"].ToString();
string aesIv = parameters["AesIv"].ToString();
string securityKey = parameters["SecurityKey"].ToString();
aesKey = RsaCryptoUtils.Decrypt(AesCryptoUtils.base64UrlDecode(aesKey), RsaCryptoUtils.GetPublicKey(), RsaCryptoUtils.GetPrivateKey(), 1024);
aesIv = RsaCryptoUtils.Decrypt(AesCryptoUtils.base64UrlDecode(aesIv), RsaCryptoUtils.GetPublicKey(), RsaCryptoUtils.GetPrivateKey(), 1024);
byte[] aesKeyByte = Encoding.UTF8.GetBytes(aesKey);
byte[] aesIvByte = Encoding.UTF8.GetBytes(aesIv);
securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte);
aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key"));
aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv"));
securityKey = AesCryptoUtils.Encrypt(securityKey, aesKeyByte, aesIvByte);
parameters["SecurityKey"] = securityKey;
}
parameters.Remove("IsModify");
parameters.Remove("AesIv");
parameters.Remove("AesKey");
if (groupId == 0)
{
return(_dal.InsertGroup(parameters));
}
else
{
return(_dal.UpdateGroup(parameters));
}
}
}
/// <summary>
/// 验证token,并获取其中的信息
/// </summary>
/// <param name="tokenStr"></param>
/// <returns></returns>
private ClaimsPrincipal ValidateToken(IDictionary <string, object> config, string tokenStr)
{
try
{
tokenStr = tokenStr.Substring(7);
string securityKey = (string)config["SecurityKey"];
byte[] aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key"));
byte[] aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv"));
securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte);
var jwtTokenHandler = new JwtSecurityTokenHandler();
var tokenParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey)), // 加密解密Token的密钥
// 是否验证发布者
ValidateIssuer = true,
// 发布者名称
ValidIssuer = (string)config["Issuer"],
// 是否验证订阅者
ValidateAudience = true,
// 订阅者名称
ValidAudience = (string)config["Audience"],
// 是否验证令牌有效期
ValidateLifetime = true,
//注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
ClockSkew = TimeSpan.FromMinutes((int)config["ClockSkew"])
};
SecurityToken securityToken;
return(jwtTokenHandler.ValidateToken(tokenStr, tokenParameters, out securityToken));
}
catch (SecurityTokenExpiredException e)
{
RequestDataHelper.GetHttpContext().Response.Headers.Add("Token-Expired", "true");
throw new CustomException(2, "token已过期");
}
catch (Exception e)
{
throw new CustomException(1, "无效token");
}
}
public override void Before(IDbHelper db, IDictionary <string, object> config, IEnumerable <KeyValuePair <string, object> > parameters, IDictionary <string, IList <IFormFile> > files, object bodyJson)
{
try
{
IDictionary <string, object> paramDic = (IDictionary <string, object>)parameters;
IDictionary <string, object> dic = this.GetOpenId(paramDic.GetValue <string>("code"));
string sessionKey = dic.GetValue <string>("session_key");
string iv = paramDic.GetValue <string>("iv");
_logger.LogInformation($"sessionKey={sessionKey}\niv={iv}\nencryptedData={paramDic.GetValue<string>("encryptedData")}");
string res = AesCryptoUtils.Decrypt(paramDic.GetValue <string>("encryptedData"), Convert.FromBase64String(sessionKey), Convert.FromBase64String(iv));
IDictionary <string, object> userInfo = JsonConvert.DeserializeObject <IDictionary <string, object> >(res);
//将用户信息合并到一个字典中
RequestDataHelper.MergeDictionary(ref paramDic, dic, userInfo);
}
catch (Exception e) {
_logger.LogError(e, "登录验证扩展异常");
throw;
}
}
private IDictionary <string, object> CreateToken(IDictionary <string, object> config, IDictionary <string, object> user)
{
var claims = new Claim[]
{
new Claim(ClaimTypes.Sid, user.GetValue <string>("Id")),
new Claim(ClaimTypes.Name, user.GetValue <string>("Nick")),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Sub, user.GetValue <string>("Nick")),
new Claim(JwtRegisteredClaimNames.NameId, user.GetValue <string>("OpenId")),
new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes((int)config["Expires"])).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
};
string securityKey = (string)config["SecurityKey"];
byte[] aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key"));
byte[] aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv"));
securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte);
// 和 Startup 中的配置一致
SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
JwtSecurityToken token = new JwtSecurityToken(
issuer: (string)config["Issuer"],
audience: (string)config["Audience"],
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddMinutes((int)config["Expires"]),
signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
);
string jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
IDictionary <string, object> result = new Dictionary <string, object>();
result["Token"] = jwtToken;
result["Nick"] = user.GetValue <string>("Nick");
result["AvatarUrl"] = user.GetValue <string>("AvatarUrl");
result["Tel"] = user.GetValue <string>("Tel");
result["Gender"] = user.GetValue <string>("Gender");
return(result);
}
