public static ResourceDescriptor FromString(string str)
{
var arr = str.Split('\f');
if (arr.Length != 2)
{
return(null);
}
ResourceDescriptor resourceDescriptor = new ResourceDescriptor();
resourceDescriptor._expireDt = DateTime.Parse(arr[0]);
resourceDescriptor._resourceItemDescriptors = arr[1].Split('\v').Select(t => ResourceItemDescriptor.FromString(t)).Where(t => t != null).ToList();
return(resourceDescriptor);
}
/// <summary>
/// 申请操作token
/// </summary>
/// <param name="resourceDescriptor">欲操作资源描述</param>
/// <param name="regToken">登记客户端token</param>
/// <returns></returns>
public async Task <string> RegisterAsync(ResourceDescriptor resourceDescriptor, string regToken)
{
ResourceGrantInfo resourceGrantInfo = new ResourceGrantInfo
{
Token = Guid.NewGuid().ToString("N"),
CreateDt = DateTime.Now,
ExpireDt = resourceDescriptor.GetExpireDt(),
ResourceDescriptor = resourceDescriptor.ToString(),
UseTimes = 0
};
_dbContext.Set <ResourceGrantInfo>().Add(resourceGrantInfo);
await _dbContext.SaveChangesAsync();
return(resourceGrantInfo.Token);
}
/// <summary>
/// 检测token是否可以对资源进行操作
/// </summary>
/// <param name="token"></param>
/// <param name="resourceName">资源名称</param>
/// <param name="action">操作</param>
/// <returns></returns>
public async Task <bool> IsValidAsync(string token, string resourceName, string action)
{
var resourceGrantInfo = await _dbContext.Set <ResourceGrantInfo>().FirstOrDefaultAsync(t => t.Token == token);
if (resourceGrantInfo == null || resourceGrantInfo.ExpireDt < DateTime.Now)
{
return(false);
}
var resourceDescriptor = ResourceDescriptor.FromString(resourceGrantInfo.ResourceDescriptor);
if (resourceDescriptor == null || resourceDescriptor.GetExpireDt() < DateTime.Now)
{
return(false);
}
return(resourceDescriptor.IsValid(resourceName, action));
}
/// <summary>
/// 检测token是否可以对资源进行操作
/// </summary>
/// <param name="token"></param>
/// <param name="resourceName">资源名称</param>
/// <param name="action">操作</param>
/// <returns></returns>
public async Task <bool> IsValidAsync(string token, string resourceName, string action)
{
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_secretKey)),
ValidateIssuer = false, //是否验证Issuer
ValidateAudience = false, //是否验证Audience
ValidateLifetime = true, //是否验证失效时间
};
ClaimsPrincipal claimsPrincipal = null;
try
{
SecurityToken jwtToken;// = new JwtSecurityTokenHandler().ReadJwtToken( token );
claimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(token, tokenValidationParameters, out jwtToken);
}catch (Exception e)
{
return(false);
}
var resourceDescriptorStr = claimsPrincipal.Claims.FirstOrDefault(t => t.Type == "stm/auth/token")?.Value;
if (string.IsNullOrWhiteSpace(resourceDescriptorStr))
{
return(false);
}
var resourceDescriptor = ResourceDescriptor.FromString(resourceDescriptorStr);
if (resourceDescriptor == null || resourceDescriptor.GetExpireDt() < DateTime.Now)
{
return(false);
}
return(resourceDescriptor.IsValid(resourceName, action));
}
/// <summary>
/// 申请操作token
/// </summary>
/// <param name="resourceDescriptor">欲操作资源描述</param>
/// <param name="regToken">登记客户端token</param>
/// <returns></returns>
public async Task <string> RegisterAsync(ResourceDescriptor resourceDescriptor, string regToken)
{
var claims = new Claim[]
{
new Claim("stm/auth/token", resourceDescriptor.ToString())
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_secretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwttoken = new JwtSecurityToken(
null,
null,
claims,
DateTime.Now,
resourceDescriptor.GetExpireDt(),
creds
);
var token = new JwtSecurityTokenHandler().WriteToken(jwttoken);
return(token);
}
