|
|
using Furion;
|
|
|
using Furion.Authorization;
|
|
|
using Furion.DataEncryption;
|
|
|
using Myshipping.Core;
|
|
|
using Myshipping.Core.Service;
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
using System.Threading.Tasks;
|
|
|
using Furion.Logging;
|
|
|
using System.Diagnostics;
|
|
|
|
|
|
namespace Myshipping.Web.Core;
|
|
|
|
|
|
public class JwtHandler : AppAuthorizeHandler
|
|
|
{
|
|
|
#if DEBUG
|
|
|
public JwtHandler()
|
|
|
{
|
|
|
|
|
|
}
|
|
|
#else
|
|
|
private ISysMenuService _sysMenuService;
|
|
|
|
|
|
public JwtHandler(ISysMenuService sysMenuService)
|
|
|
{
|
|
|
|
|
|
_sysMenuService = sysMenuService;
|
|
|
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
/// 重写 Handler 添加自动刷新
|
|
|
/// </summary>
|
|
|
/// <param name="context"></param>
|
|
|
/// <returns></returns>
|
|
|
public override async Task HandleAsync(AuthorizationHandlerContext context)
|
|
|
{
|
|
|
// 自动刷新Token
|
|
|
if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext()))
|
|
|
{
|
|
|
await AuthorizeHandleAsync(context);
|
|
|
}
|
|
|
else context.Fail(); // 授权失败
|
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
|
/// 授权判断逻辑,授权通过返回 true,否则返回 false
|
|
|
/// </summary>
|
|
|
/// <param name="context"></param>
|
|
|
/// <param name="httpContext"></param>
|
|
|
/// <returns></returns>
|
|
|
public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
|
|
|
{
|
|
|
// 此处已经自动验证 Jwt Token的有效性了,无需手动验证
|
|
|
return await CheckAuthorzieAsync(httpContext);
|
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
|
/// 检查权限
|
|
|
/// </summary>
|
|
|
/// <param name="httpContext"></param>
|
|
|
/// <returns></returns>
|
|
|
private async Task<bool> CheckAuthorzieAsync(DefaultHttpContext httpContext)
|
|
|
{
|
|
|
// 管理员跳过判断
|
|
|
if (UserManager.IsSuperAdmin) return true;
|
|
|
|
|
|
// 路由名称
|
|
|
var routeName = httpContext.Request.Path.Value.Substring(1).Replace("/", ":");
|
|
|
|
|
|
//字典数据前端需要,允许获取
|
|
|
if (routeName == "sysDictType:tree") return true;
|
|
|
|
|
|
|
|
|
if (routeName == "sysUser:tree") return true;
|
|
|
|
|
|
//用户修改密码权限:默认通过,即不需要给角色授权,也具有此权限
|
|
|
if (routeName == "sysUser:updatePwd") return true;
|
|
|
|
|
|
Stopwatch sw = Stopwatch.StartNew();
|
|
|
#if DEBUG
|
|
|
var _sysMenuService = App.GetService<ISysMenuService>();
|
|
|
var allPermission = await _sysMenuService.GetAllPermission();
|
|
|
#else
|
|
|
var allPermission = await _sysMenuService.GetAllPermission();
|
|
|
#endif
|
|
|
httpContext.Response.Headers["CheckTimeCheckAuthorzie1"] = sw.ElapsedMilliseconds.ToString();
|
|
|
if (!allPermission.Contains(routeName))
|
|
|
{
|
|
|
sw.Stop();
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
// 获取用户权限集合(按钮或API接口)
|
|
|
var permissionList = await _sysMenuService.GetLoginPermissionList(UserManager.UserId);
|
|
|
httpContext.Response.Headers["CheckTimeCheckAuthorzie2"] = sw.ElapsedMilliseconds.ToString();
|
|
|
sw.Stop();
|
|
|
// 检查授权
|
|
|
return permissionList.Contains(routeName);
|
|
|
}
|
|
|
}
|