public async Task <MessageModel <JwtTokenOutDto> > JwtToken(JwtTokenInDto dto)
{
string jwt = string.Empty;
dto.Pass = MD5Helper.MD5Encrypt32(dto.Pass);
var user = (await _userAppService.Queryable(x => x.LoginName == dto.Name && x.LoginPwd == dto.Pass)).ToList();
if (user.Count > 0)
{
//基于角色授权
var userRoles = await _userAppService.GetUserRoleNameStr(dto.Name, dto.Pass);
//如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, dto.Name),
new Claim(JwtRegisteredClaimNames.Jti, user.FirstOrDefault().Id),
new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())
};
claims.AddRange(userRoles.Split(',').Select(s => new Claim(ClaimTypes.Role, s)));
if (!Permissions.IsUseIds4)
{
var data = await _role2Module2PermissionAppService.RoleModuleMaps();
//角色,权限 关系列表
var list = (from item in data
select new PermissionItem
{
Url = item.ModuleEntity?.LinkUrl,
Role = item.RoleEntity?.Name,
}).ToList();
_requirement.Permissions = list;
}
var token = JwtTokenHelper.BuildJwtToken(claims.ToArray(), _requirement);
return(new MessageModel <JwtTokenOutDto>()
{
success = true,
msg = "获取成功",
response = token
});
}
else
{
return(await Task.FromResult(new MessageModel <JwtTokenOutDto>()
{
success = false,
msg = "认证失败",
}));
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
//请求执行方法
var httpContext = _accessor.HttpContext;
// 获取系统中所有的角色和菜单的关系集合
if (!requirement.Permissions.Any())
{
var data = await _role2Module2PermissionAppService.RoleModuleMaps();
var list = new List <PermissionItem>();
list = (from item in data
select new PermissionItem
{
Url = item.ModuleEntity?.LinkUrl,
Role = item.RoleEntity?.Name,
}).ToList();
requirement.Permissions = list;
}
if (httpContext != null)
{
//请求地址
var questUrl = httpContext.Request.Path.Value.ToLower();
// 整体结构类似认证中间件UseAuthentication的逻辑,具体查看开源地址
// https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Core/src/AuthenticationMiddleware.cs
httpContext.Features.Set <IAuthenticationFeature>(new AuthenticationFeature
{
OriginalPath = httpContext.Request.Path,
OriginalPathBase = httpContext.Request.PathBase
});
// Give any IAuthenticationRequestHandler schemes a chance to handle the request
// 主要作用是: 判断当前是否需要进行远程验证,如果是就进行远程验证
var handlers = httpContext.RequestServices.GetRequiredService <IAuthenticationHandlerProvider>();
foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
{
if (await handlers.GetHandlerAsync(httpContext, scheme.Name) is IAuthenticationRequestHandler handler && await handler.HandleRequestAsync())
{
context.Fail();
return;
}
}
//判断请求是否拥有凭据,即有没有登录
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
//result?.Principal不为空即登录成功
if (result?.Principal != null)
{
httpContext.User = result.Principal;
// 获取当前用户的角色信息
var currentUserRoles = new List <string>();
// jwt
currentUserRoles = (from item in httpContext.User.Claims
where item.Type == requirement.ClaimType
select item.Value).ToList();
var isMatchRole = false;
var permisssionRoles = requirement.Permissions.Where(w => currentUserRoles.Contains(w.Role));
foreach (var item in permisssionRoles)
{
try
{
if (Regex.Match(questUrl, item.Url.ToLower())?.Value == questUrl)
{
isMatchRole = true;
break;
}
}
catch (Exception)
{
// ignored
}
}
//验证权限
if (currentUserRoles.Count <= 0 || !isMatchRole)
{
context.Fail();
return;
}
var isExp = false;
// jwt
isExp = (httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration)?.Value) != null && DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration)?.Value) >= DateTime.Now;
if (isExp)
{
context.Succeed(requirement);
}
else
{
context.Fail();
return;
}
return;
}
}
//判断没有登录时,是否访问登录的url,并且是Post请求,并且是form表单提交类型,否则为失败
if (!(questUrl.Equals(requirement.LoginPath.ToLower(), StringComparison.Ordinal) && (!httpContext.Request.Method.Equals("POST") || !httpContext.Request.HasFormContentType)))
{
context.Fail();
return;
}
}
}
