public OptResult Login(LoginVM vmLogin)
{
OptResult rst = null;
if (vmLogin == null)
{
rst = OptResult.Build(ResultCode.ParamError, "参数不能为空");
return(rst);
}
rst = _usrSrv.Login(vmLogin.username, vmLogin.pwd);
if (rst.code == ResultCode.Success)
{
//生成JWT
var payload = new TokenData
{
iss = rst.data.user_id,
iat = (int)(DateTime.UtcNow - DateTimeExtension.GetMinUtcTime()).TotalSeconds
};
string token = JWT.JsonWebToken.Encode(payload, ApiContext.JwtSecretKey, JWT.JwtHashAlgorithm.HS256);
rst = OptResult.Build(ResultCode.Success, "用户登录成功,并已生成token", new { token = token, usrid = rst.data.user_id });
}
return(rst);
}
OptResult ValidateToken(HttpActionContext actionContext)
{
OptResult rst = null;
var tokenHeader = actionContext.Request.Headers.Where(kvp => kvp.Key == "token").FirstOrDefault();
if (string.IsNullOrEmpty(tokenHeader.Key) || tokenHeader.Value == null || tokenHeader.Value.Count() < 1)
{
rst = OptResult.Build(ResultCode.Tokenless);
return(rst);
}
var tokenString = tokenHeader.Value.First();
if (string.IsNullOrEmpty(tokenString))
{
rst = OptResult.Build(ResultCode.Tokenless);
return(rst);
}
try
{
var tokenObj = JWT.JsonWebToken.DecodeToObject <TokenData>(tokenString, ApiContext.JwtSecretKey);
int expires = ApiContext.TokenExpire * 60;//失效时间
if ((DateTime.UtcNow - DateTimeExtension.GetMinUtcTime()).TotalSeconds - tokenObj.iat > expires)
{
rst = OptResult.Build(ResultCode.TokenExpired);
return(rst);
}
//TODO
//////这里应该校验一下token所指用户是否还存在,并从数据库获取token指定用户详细信息;暂未实现
////rst = _usrSrv.Find(tokenObj.iss);
////if (rst.code != ResultCode.Success)
////{
//// return rst;
////}
//var usr = rst.data;
//token校验成功后,把token信息写入HttpActionContext
actionContext.ActionArguments.Add("token", tokenObj);
}
catch (Exception ex)
{
//记录日志——异步
Task.Run(() =>
{
_logHelper.LogInfo(string.Format("{0}token验证失败:{0}\ttoken:{1}{0}\texception:{2}", Environment.NewLine, tokenString, ex.ToString()));
});
rst = OptResult.Build(ResultCode.TokenIllegal);
return(rst);
}
rst = OptResult.Build(ResultCode.Success);
return(rst);
}
