public Br <UserTokenModel> Auth(AuthModel user)
{
var result = svc.Auth(user);
var token = AuthorizeUtils.Serialize(result);
HttpContext.Response.Headers.Add("Jwt-Token", token);
HttpContext.Response.Headers.Add("Access-Control-Expose-Headers", "Jwt-Token");
result.Permissions = per.GetPermission(result.UserId);
return(new Br <UserTokenModel>(result));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.HttpContext.Request.Headers.TryGetValue("Jwt-Token", out StringValues token);
if (!token.Any())
{
var errorBr = new Br <string>("拒绝访问", 403, "没有身份认证");
filterContext.Result = new JsonResult(errorBr);
return;
}
var isValid = AuthorizeUtils.Validate(token);
if (!isValid)
{
var errorBr = new Br <string>("拒绝访问", 403, "身份认证失败");
filterContext.Result = new JsonResult(errorBr);
return;
}
filterContext.HttpContext.Items["curUserInfo"] = AuthorizeUtils.GetCurUser <UserTokenModel>(token);
base.OnActionExecuting(filterContext);
}
