/// <summary>
/// 创建一个token字符串,结构为tokenclaims的加密形式
/// </summary>
/// <param name="usr">用户名</param>
/// <param name="role">用户权限</param>
/// <param name="overTime">token超时时间段 秒</param>
/// <returns></returns>
public static string MakeToken(string iss, string usr, string role, long overTime)
{
TokenClaims Claim = GetTokenClaims(iss, usr, role, overTime);
var token = EncodeToken(Claim);
return(token);
}
/// <summary>
/// 加密token结构为
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
private static string EncodeToken(TokenClaims token)
{
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var tokenStr = encoder.Encode(token, TokenConfig.JwtKey);
return(tokenStr);
}
/// <summary>
/// 获取token并填充到httpheader中
/// </summary>
/// <returns></returns>
private void FillTokenToReqHeader()
{
lock (_syncToken)
{
string tokencache = CheckCacheToken();
if (tokencache == null)
{
string tokenStr = MakeToken();
HttpClientSingle.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("auth", tokenStr);
TokenClaims claim = TokenCache.SetTokenCache(CacheName, tokenStr);
}
}
}
/// <summary>
/// 解密token为token结构
/// </summary>
/// <param name="encodetokenStr"></param>
/// <returns></returns>
public static TokenClaims DecodeToken(string encodetokenStr)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var json = decoder.Decode(encodetokenStr, TokenConfig.JwtKey, verify: true);//token为之前生成的字符串
TokenClaims claim = serializer.Deserialize <TokenClaims>(json);
return(claim);
}
catch (Exception ex)
{
ToolFactory.LogHelper.Error("解密token发生异常", ex);
throw ex;
}
}
/// <summary>
/// 验证客户端发来的token是否有效
/// </summary>
/// <param name="header"></param>
/// <returns></returns>
public static ValidTokenResult ValidClientToken(string tokenStr)
{
if (string.IsNullOrWhiteSpace(tokenStr))
{
return(new ValidTokenResult()
{
Success = false, Message = "请求的token为空"
});
}
TokenClaims tcParam = TokenBuilder.DecodeToken(tokenStr);
if (tcParam.Iss != Iss)
{
ToolFactory.LogHelper.Info("token验证失败,token发行者与当前系统不匹配:iss" + tcParam.Iss);
return(new ValidTokenResult()
{
Success = false, Message = "用户权限验证失败,token发行者与当前系统不匹配"
});
}
if (!ValidTokenAuth(tcParam.Role))
{
ToolFactory.LogHelper.Info("token验证失败,用户权限验证失败,角色没有权限调用该接口:role" + tcParam.Role);
return(new ValidTokenResult()
{
Success = false, Message = "用户权限验证失败,角色没有权限调用该接口"
});
}
if (TokenIsTimeLoss(tcParam.Exp))
{
ToolFactory.LogHelper.Info("token验证失败,token过时,token:" + tokenStr);
return(new ValidTokenResult()
{
Success = false, Message = "请求的token过时"
});
}
else
{
return(new ValidTokenResult()
{
Success = true
});
}
}
