public static int ForceLoadUserGrantRight(int appId, int userId, string scope, out IEnumerable <int>[] value)
{
value = new List <int> [2];
try
{
Tauth_Token daToken = new Tauth_Token();
if (!daToken.SelectByAppId_UserId(appId, userId))
{
Log.Info("未找到授权记录");
return(-1);
}
string[] scopeArray = null;
if (scope.Contains(","))
{
scopeArray = scope.Split(',');
}
else
{
scopeArray = new string[] { scope };
}
var scopeRights = ScopeRightProvider.GetScopeApis(scopeArray);
//如果作用域不包含任何权限(仅OpenID),返回已经授权过
if (scopeRights == null || scopeRights.Count <= 0)
{
Log.Info("授权作用域不包含任何权限");
return(1);
}
Log.Info("授权作用域包含权限数量{0}", scopeRights.Count);
var tmp = new List <int>();
foreach (var sr in scopeRights)
{
tmp.Add(sr.Api_Id);
}
value[0] = tmp;
//value[0] = scopeRights.Select(it => it.Api_Id);
Tauth_Token_RightCollection daRightCollection = new Tauth_Token_RightCollection();
daRightCollection.ListEffectiveByTokenId(daToken.Token_Id);
List <TokenRightApi> apis = MapProvider.Map <TokenRightApi>(daRightCollection.DataTable);
Log.Info("已经获得的权限有{0}个", apis?.Count);
var tmp2 = new List <int>();
foreach (var a in apis)
{
tmp2.Add(a.Api_Id);
}
value[1] = tmp2;
return(0);
}
catch (Exception ex)
{
Log.Error("检查是否已授权出现错误", ex);
return(-1);
}
}
public ActionResult Apis()
{
OAuth2.Token.UserToken userToken = Token.UserToken.FromCipherToken(Package.Token);
Tauth_Token daToken = new Tauth_Token();
if (!daToken.SelectByAppId_UserId(userToken.AppId, Package.UserId))
{
return(FailResult("未找到授权访问令牌,Token无效", (int)ApiStatusCode.OPERATOR_FORBIDDEN));
}
Tauth_Token_RightCollection daRightCollection = new Tauth_Token_RightCollection();
daRightCollection.ListEffectiveByTokenId(daToken.Token_Id);
List <ScopeApiResult> list = MapProvider.Map <ScopeApiResult>(daRightCollection.DataTable);
if (list == null || list.Count <= 0)
{
return(Json(FuncResult.SuccessResult(list)));
}
var apis = from scope in list where scope.Status == 1 select scope.Api_Url;
return(Json(FuncResult.SuccessResult(apis)));
}
public bool OAuthAccess()
{
var app = OAuthAppCache.Instance.Find(it => it.APP_CODE.Equals(this._appid));
if (app == null)
{
Alert("无效的应用编号");
return(false);
}
Tauth_Code daCode = new Tauth_Code();
if (!daCode.SelectByAppId_GrantCode(app.APP_ID, this._auth_code))
{
Alert("无效的授权码");
return(false);
}
if (daCode.Status == 1)
{
Alert("该授权码已被使用,不能重复使用");
return(false);
}
if (daCode.Expire_Time < DateTime.Now)
{
Alert("授权码已过期");
return(false);
}
daCode.Status = 1;
if (!daCode.Update())
{
Alert("授权码验证失败");
return(false);
}
int user_id = daCode.User_Id;
var fac = UserModuleFactory.GetUserModuleInstance();
IUser user = fac?.GetUserByID(user_id);
if (user == null)
{
Alert("用户不存在");
return(false);
}
string open_id = xUtils.EncryptOpenId(app.APP_ID, user_id, app.UID_ENCRYPT_KEY);
this.OAuthUser.Open_Id = open_id;
this.OAuthUser.Token = xUtils.EncryptAccessToken(user_id, user.UserCode, app.APP_ID);
this.OAuthUser.Refresh_Token = xUtils.EncryptAccessToken(user_id, user.UserCode, app.APP_ID, 2592000);
BeginTransaction();
Tauth_Token daToken = new Tauth_Token();
daToken.ReferenceTransactionFrom(Transaction);
bool exist = daToken.SelectByAppId_UserId(app.APP_ID, user_id);
daToken.App_Id = app.APP_ID;
daToken.Expire_Time = DateTime.Now.AddSeconds(this.OAuthUser.Expire_In);
daToken.Refresh_Timeout = DateTime.Now.AddDays(this.OAuthUser.Refresh_Expire_In);
daToken.Refresh_Token = this.OAuthUser.Refresh_Token;
daToken.Token_Code = this.OAuthUser.Token;
daToken.Scope_Id = daCode.Scope_Id;
daToken.User_Id = user_id;
daToken.Grant_Id = daCode.Auth_Id;
if (exist)
{
if (!daToken.Update())
{
Rollback();
Alert("TOKEN生成失败");
return(false);
}
}
else
{
if (!daToken.Insert())
{
Rollback();
Alert("TOKEN生成失败");
return(false);
}
}
if (!UpdateTokenRights(daToken.Token_Id, daToken.Refresh_Timeout, daCode.Right_Json))
{
Rollback();
return(false);
}
Commit();
return(true);
}
public bool Refresh()
{
var app = OAuthAppCache.Instance.Find(it => it.APP_CODE == this._appid);
if (app == null)
{
Alert((ResultType)ResponseCode.应用ID无效, "未知的应用ID");
return(false);
}
var DecryptRes = xUtils.DecryptAccessToken(this._refresh_token);
if (!DecryptRes.Success)
{
Alert((ResultType)ResponseCode.无效操作, DecryptRes.Message);
return(false);
}
UserToken token = DecryptRes.Content;
if (token.Expire_Time < DateTime.Now)
{
Alert((ResultType)ResponseCode.令牌已过期, "令牌已过期,请重新发起用户授权");
return(false);
}
Tauth_Token daToken = new Tauth_Token();
if (!daToken.SelectByAppId_UserId(app.APP_ID, token.UserId))
{
Alert((ResultType)ResponseCode.Token错误, "未找到授权记录,无效的刷新令牌");
return(false);
}
if (!daToken.Refresh_Token.Equals(this._refresh_token))
{
Alert((ResultType)ResponseCode.无效操作, "无效的刷新令牌");
return(false);
}
if (daToken.Refresh_Timeout < DateTime.Now)
{
Alert((ResultType)ResponseCode.令牌已过期, "令牌已过期,请重新发起用户授权");
return(false);
}
var fac = UserModuleFactory.GetUserModuleInstance();
IUser user = fac?.GetUserByID(daToken.User_Id);
if (user == null)
{
Alert("用户不存在");
return(false);
}
string newToken = xUtils.EncryptAccessToken(token.UserId, user.UserCode, app.APP_ID);
daToken.Token_Code = newToken;
daToken.Expire_Time = DateTime.Now.AddSeconds(this.OAuthUser.Expire_In);
if (!daToken.Update())
{
Alert((ResultType)ResponseCode.务器错误, "Token刷新失败,请重试");
return(false);
}
this.OAuthUser.Open_Id = xUtils.EncryptOpenId(app.APP_ID, token.UserId, app.UID_ENCRYPT_KEY);
this.OAuthUser.Token = newToken;
this.OAuthUser.Refresh_Token = this._refresh_token;
this.OAuthUser.Refresh_Expire_In = (int)(daToken.Refresh_Timeout - DateTime.Now).TotalDays;
return(true);
}