예제 #1
0
        public IActionResult GetUserAuthInfo()
        {
            var result = new ResponseModel(ResponseCode.Success, "获取平台身份认证信息成功!");

            try
            {
                //获取消息头传入的token
                var token = Tools.GetHeaderValue(HttpContext.Request.Headers, "Authorization");
                if (!token.IsNullOrEmpty())
                {
                    token = token.Replace("Bearer ", "").Trim();
                    //登录的应用平台
                    string sourse = "";
                    //登录账户
                    string account = "";
                    //通过token获取请求账户及来源
                    if (_jwt.ValidateToken(token, out Dictionary <string, string> clims))
                    {
                        foreach (var item in clims)
                        {
                            if (item.Key == "sourse")
                            {
                                sourse = item.Value;
                                continue;
                            }
                            else if (item.Key == "account")
                            {
                                account = item.Value;
                                continue;
                            }
                        }
                    }
                    if (!sourse.IsNullOrEmpty() && !account.IsNullOrEmpty())
                    {
                        //从缓存中获取认证的人员信息
                        //Source_key
                        var    authUserinfo_key = $"auth:{sourse}:{account}";
                        string userJson         = CacheManager.Create().Get <string>(authUserinfo_key);
                        if (!userJson.IsNullOrEmpty())
                        {
                            result.data = Strings.JsonToModel <AuthInfo>(userJson);
                        }
                        else
                        {
                            result.msg  = "获取人员信息失败";
                            result.code = ResponseCode.Error.ToInt32();
                        }
                    }
                    else
                    {
                        result.msg  = "token认证信息不合法";
                        result.code = ResponseCode.Error.ToInt32();
                    }
                }
            }
            catch (Exception ex)
            {
                result.msg  = "获取平台身份认证信息失败:" + ex.Message;
                result.code = ResponseCode.Error.ToInt32();
                Logger.Instance.Error(result.msg, ex);
            }
            return(Json(result));
        }
예제 #2
0
        /// <summary>
        /// 权限验证
        /// </summary>
        /// <param name="context"></param>
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            //验证请求是否是Options
            if (context.HttpContext.Request.Method == HttpMethod.Options.ToString())
            {
                context.Result = new JsonResult(new ResponseModel(ResponseCode.Success, "接口Options请求成功"));
            }
            else
            {
                //检查是否有不验证权限的特性标识AllowAnonymousAttribute
                //如果有则不验证权限
                var methodinfo = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor).MethodInfo;

                var allowanony = methodinfo.GetCustomAttributes(true).Any(a => a.GetType().Equals(typeof(AllowAnonymousAttribute)));
                if (allowanony)
                {
                    //找到到允许不授权AllowAnonymous的特性标识,可以直接访问接口
                    return;
                }
                //自定义授权
                var ripAuth = methodinfo.GetCustomAttributes(typeof(RIPAuthorityAttribute), true).FirstOrDefault() as RIPAuthorityAttribute;

                //获取访问令牌信息
                var headers = context.HttpContext.Request.Headers;
                //登录token
                string token = Tools.GetHeaderValue(headers, "Authorization");;
                if (!token.IsNullOrEmpty())
                {
                    token = token.Replace("Bearer ", "").Trim();
                    if (_jwt.ValidateToken(token, out Dictionary <string, string> Clims))
                    {
                        foreach (var item in Clims)
                        {
                            context.HttpContext.Items.Add(item.Key, item.Value);
                        }
                        if (ripAuth != null && ripAuth.IsPublic)
                        {
                            //授权不为空 同时表示这个方法是登录就可以调用则直接允许通过
                            return;
                        }
                        //通过认证后,再检查是否具有授权这个人,访问这个接口?从缓存中获取到这个人员的授权信息
                        var actionObj = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor);
                        //这里是接口名称
                        var methodName = actionObj.MethodInfo.Name;
                        //获取到类型名
                        var className = actionObj.ControllerTypeInfo.FullName;
                        //todo:why-后续判断这个人是否具有访问这个接口的权限
                        //获取到用户登录信息
                        var model = CacheManager.Create().Get <UserModel>(_jwt.LoginAccount);
                        if (model != null)
                        {
                            //#TODO 后续需要实现菜单接口配置
                            return;

                            //超级管理员,可以访问所有的接口
                            if (model.is_super_admin == 1)
                            {
                                return;
                            }
                            //有效的用户信息
                            if (model.actions != null &&
                                model.actions.Exists(p => p.class_name == className && p.method == methodName))
                            {
                                //有正确的授权,可以访问
                                return;
                            }
                        }
                    }
                }
                context.Result = new JsonResult(new ResponseModel(ResponseCode.Forbidden, "对不起您没有访问权限,用户信息过期或无效!"));
            }
        }