public Br <UserTokenModel> Auth(AuthModel user) { var result = svc.Auth(user); var token = AuthorizeUtils.Serialize(result); HttpContext.Response.Headers.Add("Jwt-Token", token); HttpContext.Response.Headers.Add("Access-Control-Expose-Headers", "Jwt-Token"); result.Permissions = per.GetPermission(result.UserId); return(new Br <UserTokenModel>(result)); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { filterContext.HttpContext.Request.Headers.TryGetValue("Jwt-Token", out StringValues token); if (!token.Any()) { var errorBr = new Br <string>("拒绝访问", 403, "没有身份认证"); filterContext.Result = new JsonResult(errorBr); return; } var isValid = AuthorizeUtils.Validate(token); if (!isValid) { var errorBr = new Br <string>("拒绝访问", 403, "身份认证失败"); filterContext.Result = new JsonResult(errorBr); return; } filterContext.HttpContext.Items["curUserInfo"] = AuthorizeUtils.GetCurUser <UserTokenModel>(token); base.OnActionExecuting(filterContext); }