public CustomJwtTokenAuthMiddleware(INacosNamingService serv, RequestDelegate next, IAuthenticationSchemeProvider schemes, Appsettings appset, ICaching cache) { NacosServClient = serv; _cache = cache; _next = next; Schemes = schemes; List <PermissionItem> Permissions = _cache.Cof_AsyncGetICaching <List <PermissionItem> >("Permissions", GetPermitionData, 10).GetAwaiter().GetResult(); }
/// <summary> /// 网关授权 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> public async Task Invoke(HttpContext httpContext) { var questUrl = httpContext?.Request.Path.Value.ToLower(); if (string.IsNullOrEmpty(questUrl)) { return; } //白名单验证 if (CheckWhiteList(questUrl)) { await _next.Invoke(httpContext); return; } //黑名单验证 if (CheckBlackList(questUrl)) { return; } List <PermissionItem> Permissions = await _cache.Cof_AsyncGetICaching <List <PermissionItem> >("Permissions", GetPermitionData, 10); httpContext.Features.Set <IAuthenticationFeature>(new AuthenticationFeature { OriginalPath = httpContext.Request.Path, OriginalPathBase = httpContext.Request.PathBase }); //判断请求是否拥有凭据,即有没有登录 var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync(); if (defaultAuthenticate != null) { var Authresult = await httpContext.AuthenticateAsync(defaultAuthenticate.Name); if (Authresult?.Principal != null) { httpContext.User = Authresult.Principal; // 获取当前用户的角色信息 var currentUserRoles = (from item in httpContext.User.Claims where item.Type == "CofRole" select item.Value).ToList(); var isMatchRole = false; var permisssionRoles = Permissions.Where(w => currentUserRoles.Contains(w.Role)); foreach (var item in permisssionRoles) { try { if (Regex.IsMatch(questUrl, item.Url, RegexOptions.IgnoreCase)) { isMatchRole = true; break; } } catch (Exception) { // ignored } } //验证权限 if (currentUserRoles.Count <= 0 || !isMatchRole) { await httpContext.Cof_SendResponse(HttpStatusCode.ServiceUnavailable, "未授权此资源"); return; } } else { await httpContext.Cof_SendResponse(HttpStatusCode.Unauthorized, "请重新登录"); return; } } else { await httpContext.Cof_SendResponse(HttpStatusCode.Unauthorized, "系统鉴权出错"); return; } await _next.Invoke(httpContext); }