public OptResult Login(LoginVM vmLogin) { OptResult rst = null; if (vmLogin == null) { rst = OptResult.Build(ResultCode.ParamError, "参数不能为空"); return(rst); } rst = _usrSrv.Login(vmLogin.username, vmLogin.pwd); if (rst.code == ResultCode.Success) { //生成JWT var payload = new TokenData { iss = rst.data.user_id, iat = (int)(DateTime.UtcNow - DateTimeExtension.GetMinUtcTime()).TotalSeconds }; string token = JWT.JsonWebToken.Encode(payload, ApiContext.JwtSecretKey, JWT.JwtHashAlgorithm.HS256); rst = OptResult.Build(ResultCode.Success, "用户登录成功,并已生成token", new { token = token, usrid = rst.data.user_id }); } return(rst); }
OptResult ValidateToken(HttpActionContext actionContext) { OptResult rst = null; var tokenHeader = actionContext.Request.Headers.Where(kvp => kvp.Key == "token").FirstOrDefault(); if (string.IsNullOrEmpty(tokenHeader.Key) || tokenHeader.Value == null || tokenHeader.Value.Count() < 1) { rst = OptResult.Build(ResultCode.Tokenless); return(rst); } var tokenString = tokenHeader.Value.First(); if (string.IsNullOrEmpty(tokenString)) { rst = OptResult.Build(ResultCode.Tokenless); return(rst); } try { var tokenObj = JWT.JsonWebToken.DecodeToObject <TokenData>(tokenString, ApiContext.JwtSecretKey); int expires = ApiContext.TokenExpire * 60;//失效时间 if ((DateTime.UtcNow - DateTimeExtension.GetMinUtcTime()).TotalSeconds - tokenObj.iat > expires) { rst = OptResult.Build(ResultCode.TokenExpired); return(rst); } //TODO //////这里应该校验一下token所指用户是否还存在,并从数据库获取token指定用户详细信息;暂未实现 ////rst = _usrSrv.Find(tokenObj.iss); ////if (rst.code != ResultCode.Success) ////{ //// return rst; ////} //var usr = rst.data; //token校验成功后,把token信息写入HttpActionContext actionContext.ActionArguments.Add("token", tokenObj); } catch (Exception ex) { //记录日志——异步 Task.Run(() => { _logHelper.LogInfo(string.Format("{0}token验证失败:{0}\ttoken:{1}{0}\texception:{2}", Environment.NewLine, tokenString, ex.ToString())); }); rst = OptResult.Build(ResultCode.TokenIllegal); return(rst); } rst = OptResult.Build(ResultCode.Success); return(rst); }