//取得使用者資訊
public User GetUser(string Authorization)
{
var token = Authorization;
//var token = HttpContext.Current.Request.Headers["Authoriaztion"];
var split = token.Split('.');
var iv = split[0];
var encrypt = split[1];
var signature = split[2];
//檢查簽章是否正確
if (signature != TokenCrypto.ComputeHMACSHA256(iv + "." + encrypt, key.Substring(0, 64)))
{
return(null);
}
//使用 AES 解密 Payload
var base64 = TokenCrypto.AESDecrypt(encrypt, key.Substring(0, 16), iv);
var json = Encoding.UTF8.GetString(Convert.FromBase64String(base64));
var payload = JsonConvert.DeserializeObject <Payload>(json);
//檢查是否過期
if (payload.exp < Convert.ToInt32((DateTime.Now - new DateTime(1970, 1, 1)).TotalSeconds))
{
return(null);
}
return(payload.info);
}
//金鑰,從設定檔或資料庫取得
//public string key = "AAAAAAAAAA-BBBBBBBBBB-CCCCCCCCCC-DDDDDDDDDD-EEEEEEEEEE-FFFFFFFFFF-GGGGGGGGGG";
//產生 Token
public Token Create(User user)
{
var exp = 180; //過期時間(秒)
//稍微修改 Payload 將使用者資訊和過期時間分開
var payload = new Payload
{
info = user,
//Unix 時間戳
//exp = 60
exp = Convert.ToInt32((DateTime.Now.AddSeconds(exp) - new DateTime(1970, 1, 1)).TotalSeconds)
};
//序列化成json
var json = JsonConvert.SerializeObject(payload);
//序列化成byte
//byte型態才能轉Base64
var base64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(json)); //payload
//Guid.NewGuid()唯一的亂數
var iv = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 16);
//使用 AES 加密 Payload
var encrypt = TokenCrypto.AESEncrypt(base64, key.Substring(0, 16), iv);
//取得簽章
var signature = TokenCrypto.ComputeHMACSHA256(iv + "." + encrypt, key.Substring(0, 64));
return(new Token
{
//Token 為 iv + encrypt + signature,並用 . 串聯
access_token = iv + "." + encrypt + "." + signature,
//Refresh Token 使用 Guid 產生
refresh_token = Guid.NewGuid().ToString().Replace("-", ""),
expires_in = payload.exp,
});
}