2024-06-15 13:02:35 +08:00
|
|
|
|
// Admin.NET 项目的版权、商标、专利和其他相关权利均受相应法律法规的保护。使用本项目应遵守相关法律法规和许可证的要求。
|
|
|
|
|
|
//
|
|
|
|
|
|
// 本项目主要遵循 MIT 许可证和 Apache 许可证(版本 2.0)进行分发和使用。许可证位于源代码树根目录中的 LICENSE-MIT 和 LICENSE-APACHE 文件。
|
|
|
|
|
|
//
|
|
|
|
|
|
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动!任何基于本项目二次开发而产生的一切法律纠纷和责任,我们不承担任何责任!
|
|
|
|
|
|
|
|
|
|
|
|
using Admin.NET.Core;
|
|
|
|
|
|
using Admin.NET.Core.Service;
|
|
|
|
|
|
using Furion.Authorization;
|
|
|
|
|
|
using Furion.DataEncryption;
|
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
2025-04-06 01:55:21 +08:00
|
|
|
|
using SqlSugar;
|
2024-06-15 13:02:35 +08:00
|
|
|
|
using System;
|
2024-10-29 03:31:25 +08:00
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.Linq;
|
2024-06-15 13:02:35 +08:00
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
|
|
|
|
|
|
namespace Admin.NET.Web.Core
|
|
|
|
|
|
{
|
|
|
|
|
|
public class JwtHandler : AppAuthorizeHandler
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IServiceProvider _serviceProvider;
|
|
|
|
|
|
|
|
|
|
|
|
public JwtHandler(IServiceProvider serviceProvider)
|
|
|
|
|
|
{
|
|
|
|
|
|
_serviceProvider = serviceProvider;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
2025-04-10 15:25:20 +08:00
|
|
|
|
/// 令牌/Token校验核心逻辑
|
2024-06-15 13:02:35 +08:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="context"></param>
|
|
|
|
|
|
/// <param name="httpContext"></param>
|
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
|
public override async Task HandleAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
|
|
|
|
|
|
{
|
|
|
|
|
|
using var serviceScope = _serviceProvider.CreateScope();
|
|
|
|
|
|
var sysCacheService = serviceScope.ServiceProvider.GetRequiredService<SysCacheService>();
|
2025-02-04 16:33:49 +08:00
|
|
|
|
|
2025-04-10 15:25:20 +08:00
|
|
|
|
var sysConfigService = serviceScope.ServiceProvider.GetRequiredService<SysConfigService>();
|
|
|
|
|
|
var tokenExpire = await sysConfigService.GetTokenExpire();
|
|
|
|
|
|
var refreshTokenExpire = await sysConfigService.GetRefreshTokenExpire();
|
|
|
|
|
|
if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext(), tokenExpire, refreshTokenExpire))
|
|
|
|
|
|
{
|
|
|
|
|
|
await AuthorizeHandleAsync(context);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
context.Fail(new AuthorizationFailureReason(this, "登录已过期,请重新登录。"));
|
2025-08-24 14:49:41 +08:00
|
|
|
|
context.StatusCode(StatusCodes.Status401Unauthorized);
|
2025-04-10 15:25:20 +08:00
|
|
|
|
var currentHttpContext = context.GetCurrentHttpContext();
|
|
|
|
|
|
// 跳过签名 SignatureAuthentication 引发的失败
|
|
|
|
|
|
if (currentHttpContext.Items.ContainsKey(SignatureAuthenticationDefaults.AuthenticateFailMsgKey)) return;
|
|
|
|
|
|
currentHttpContext.SignoutToSwagger();
|
|
|
|
|
|
return;
|
2025-05-29 13:20:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 验证Token黑名单
|
2025-08-24 10:56:04 +08:00
|
|
|
|
var userId = httpContext.User.FindFirst(ClaimConst.UserId)?.Value;
|
2025-08-24 15:03:29 +08:00
|
|
|
|
var version = httpContext.User.FindFirst(ClaimConst.TokenVersion)?.Value;
|
2025-08-29 19:51:41 +08:00
|
|
|
|
if (sysCacheService.ExistKey($"{CacheConst.KeyTokenBlacklist}{userId}:{version}"))
|
2025-05-29 13:20:28 +08:00
|
|
|
|
{
|
|
|
|
|
|
context.Fail(new AuthorizationFailureReason(this, "令牌已失效,请重新登录。"));
|
2025-08-24 14:49:41 +08:00
|
|
|
|
context.StatusCode(StatusCodes.Status401Unauthorized);
|
2025-05-29 13:20:28 +08:00
|
|
|
|
context.GetCurrentHttpContext().SignoutToSwagger();
|
|
|
|
|
|
return;
|
2025-04-10 15:25:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-09-03 19:52:29 +08:00
|
|
|
|
// 刷新 用户状态
|
|
|
|
|
|
if (sysCacheService.NotExistKey($"{CacheConst.KeyUserManager}{userId}"))
|
2025-08-29 19:51:41 +08:00
|
|
|
|
{
|
|
|
|
|
|
var sysAuthService = serviceScope.ServiceProvider.GetRequiredService<SysAuthService>();
|
2025-09-03 19:52:29 +08:00
|
|
|
|
await sysAuthService.RefreshUserManager(long.Parse(userId!));
|
2025-08-29 19:51:41 +08:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-08-28 10:32:06 +08:00
|
|
|
|
if (!string.IsNullOrWhiteSpace(userId))
|
2025-04-06 01:55:21 +08:00
|
|
|
|
{
|
|
|
|
|
|
// 查库并缓存用户Token版本
|
|
|
|
|
|
var user = await serviceScope.ServiceProvider.GetRequiredService<ISqlSugarClient>().Queryable<SysUser>().FirstAsync(u => u.Id == long.Parse(userId));
|
2025-04-07 13:37:46 +08:00
|
|
|
|
if (user == null || user.Status == StatusEnum.Disable)
|
2025-04-07 10:14:04 +08:00
|
|
|
|
{
|
2025-04-07 13:37:46 +08:00
|
|
|
|
context.Fail(new AuthorizationFailureReason(this, "账号不存在或已被停用,请联系管理员。"));
|
2025-08-24 14:49:41 +08:00
|
|
|
|
context.StatusCode(StatusCodes.Status401Unauthorized);
|
2025-04-07 10:14:04 +08:00
|
|
|
|
context.GetCurrentHttpContext().SignoutToSwagger();
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2025-04-06 01:55:21 +08:00
|
|
|
|
sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}");
|
2024-06-15 13:02:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-10-29 03:31:25 +08:00
|
|
|
|
// 验证租户有效期
|
2025-09-03 11:12:21 +08:00
|
|
|
|
var tenantId = LazyHelper.GetService<UserManager>().Value.TenantId?.ToString();
|
2024-10-29 03:31:25 +08:00
|
|
|
|
if (!string.IsNullOrWhiteSpace(tenantId))
|
|
|
|
|
|
{
|
|
|
|
|
|
var tenant = sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == long.Parse(tenantId));
|
|
|
|
|
|
if (tenant != null && tenant.ExpirationTime != null && DateTime.Now > tenant.ExpirationTime)
|
|
|
|
|
|
{
|
2025-04-04 03:26:02 +08:00
|
|
|
|
context.Fail(new AuthorizationFailureReason(this, "租户已过期,请联系管理员。"));
|
2025-08-24 14:49:41 +08:00
|
|
|
|
context.StatusCode(StatusCodes.Status401Unauthorized);
|
2024-10-29 03:31:25 +08:00
|
|
|
|
context.GetCurrentHttpContext().SignoutToSwagger();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2024-06-15 13:02:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
|
|
|
|
|
|
{
|
|
|
|
|
|
// 已自动验证 Jwt Token 有效性
|
|
|
|
|
|
return await CheckAuthorizeAsync(httpContext);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 权限校验核心逻辑
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="httpContext"></param>
|
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
|
private static async Task<bool> CheckAuthorizeAsync(DefaultHttpContext httpContext)
|
|
|
|
|
|
{
|
2025-09-02 20:59:29 +08:00
|
|
|
|
var userManager = LazyHelper.GetService<UserManager>().Value;
|
2024-06-15 13:02:35 +08:00
|
|
|
|
|
2025-08-31 20:08:47 +08:00
|
|
|
|
// 排除超管权限判断
|
|
|
|
|
|
if (userManager?.AccountType == AccountTypeEnum.SuperAdmin) return true;
|
2025-01-21 11:46:04 +08:00
|
|
|
|
|
2024-08-11 04:08:29 +08:00
|
|
|
|
// 当前接口路由
|
2024-06-15 13:02:35 +08:00
|
|
|
|
var path = httpContext.Request.Path.ToString();
|
2024-06-20 03:04:31 +08:00
|
|
|
|
|
2024-10-21 02:15:46 +08:00
|
|
|
|
// 移动端接口权限判断
|
2025-08-31 20:08:47 +08:00
|
|
|
|
if (userManager?.LoginMode == LoginModeEnum.APP)
|
2024-10-21 02:15:46 +08:00
|
|
|
|
{
|
2025-08-31 20:08:47 +08:00
|
|
|
|
var appPermissions = userManager.AppPermissions ?? [];
|
|
|
|
|
|
return appPermissions.Exists(u => path.EndsWith(u, StringComparison.CurrentCultureIgnoreCase));
|
2024-10-21 02:15:46 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-08-13 00:22:16 +08:00
|
|
|
|
// 获取当前用户按钮权限集合和接口黑名单
|
2025-08-31 20:08:47 +08:00
|
|
|
|
var unauthorizedPermissions = userManager?.UnauthorizedPermissions ?? [];
|
|
|
|
|
|
var permissions = userManager?.Permissions ?? [];
|
2024-08-13 00:22:16 +08:00
|
|
|
|
|
|
|
|
|
|
// 若当前路由在按钮权限集合里面则放行
|
2025-08-31 20:08:47 +08:00
|
|
|
|
if (permissions.Exists(u => path.EndsWith(u, StringComparison.CurrentCultureIgnoreCase)))
|
2024-08-13 00:22:16 +08:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
// 若当前路由在已接口黑名单里面则禁止
|
2025-08-31 20:08:47 +08:00
|
|
|
|
return unauthorizedPermissions.TrueForAll(u => !path.EndsWith(u, StringComparison.CurrentCultureIgnoreCase));
|
2024-06-15 13:02:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
