async protected Task <AuthUser> GetUserByToken(string token)
{
var data = Util.AESDecrypt(token, Encoding.UTF8.GetBytes(Configuration["login_aes:key"]), Encoding.UTF8.GetBytes(Configuration["login_aes:iv"])); //解密
var at = JsonConvert.DeserializeObject <(int UserId, Guid RandomId, long LoginTime)>(data);
var user = await AuthUser.FindAsync(at.UserId);
if (user.Status == AuthUserStatus.禁用)
{
return(null);
}
//if (user?.LoginTime.GetTime() != at.LoginTime) user = null;
//验证 token 内的登陆时间,与实际的登陆时间,不相等的话等于 token 失效
return(user);
}