gaoxing/UNIVPLMDataIntegration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🍒 fix(Login): 修复token黑名单导致无法登陆的问题

Browse Source
This commit is contained in:
喵你个汪呀 2025-08-28 10:32:06 +08:00
parent 3f37395e15
commit 0eb4e6c351
9 changed files with 1656 additions and 1607 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Admin.NET/Admin.NET.Core/Admin.NET.Core.csproj
View File

@ -90,5 +90,4 @@
<PackageReference Include="Microsoft.AspNetCore.SignalR.StackExchangeRedis" Version="9.0.8" /> <PackageReference Include="Microsoft.AspNetCore.SignalR.StackExchangeRedis" Version="9.0.8" />
<PackageReference Include="My.Extensions.Localization.Json" Version="3.4.0" /> <PackageReference Include="My.Extensions.Localization.Json" Version="3.4.0" />
</ItemGroup> </ItemGroup>
</Project> </Project>

47
Admin.NET/Admin.NET.Core/Job/SysDailyJob.cs Normal file
View File

@ -0,0 +1,47 @@
// Admin.NET 项目的版权、商标、专利和其他相关权利均受相应法律法规的保护。使用本项目应遵守相关法律法规和许可证的要求。
//
// 本项目主要遵循 MIT 许可证和 Apache 许可证(版本 2.0)进行分发和使用。许可证位于源代码树根目录中的 LICENSE-MIT 和 LICENSE-APACHE 文件。
//
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动!任何基于本项目二次开发而产生的一切法律纠纷和责任,我们不承担任何责任!
namespace Admin.NET.Core;
/// <summary>
/// 系统每日作业任务(每天 00:00:00 执行)
/// </summary>
[JobDetail("job_daily", Description = "系统每日作业任务", GroupName = "default", Concurrent = false)]
[Daily(TriggerId = "trigger_daily", Description = "系统每日作业任务")]
public class SysDailyJob(IServiceScopeFactory serviceScopeFactory) : IJob
{
public async Task ExecuteAsync(JobExecutingContext context, CancellationToken stoppingToken)
{
using var serviceScope = serviceScopeFactory.CreateScope();
var db = serviceScope.ServiceProvider.GetRequiredService<ISqlSugarClient>().CopyNew();
var sysConfigService = serviceScope.ServiceProvider.GetRequiredService<SysConfigService>();
// 日志保留天数
var daysAgo = await sysConfigService.GetConfigValueByCode<int>(ConfigConst.SysLogRetentionDays);
// 删除访问日志
await db.Deleteable<SysLogVis>().Where(u => u.CreateTime < DateTime.Now.AddDays(-daysAgo)).ExecuteCommandAsync(stoppingToken);
// 删除操作日志
await db.Deleteable<SysLogOp>().Where(u => u.CreateTime < DateTime.Now.AddDays(-daysAgo)).ExecuteCommandAsync(stoppingToken);
// 删除差异日志
await db.Deleteable<SysLogDiff>().Where(u => u.CreateTime < DateTime.Now.AddDays(-daysAgo)).ExecuteCommandAsync(stoppingToken);
// 删除作业触发器运行记录
await db.Deleteable<SysJobTriggerRecord>().Where(u => u.CreatedTime < DateTime.Now.AddDays(-daysAgo)).ExecuteCommandAsync(stoppingToken);
var originColor = Console.ForegroundColor;
Console.ForegroundColor = ConsoleColor.Green;
var message = $"【定时任务】清理系统日志成功,清理 {daysAgo} 天前的日志数据 {DateTime.Now}";
Console.WriteLine(message);
Log.Information(message);
Console.ForegroundColor = originColor;
// 重置用户Token版本号
serviceScope.ServiceProvider.GetRequiredService<SysUserService>().ResetTokenVersion();
message = $"【启动任务】重置用户Token版本号 {DateTime.Now}";
Console.WriteLine(message);
Log.Information(message);
}
}

878
Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
View File

@ -1,439 +1,441 @@
// Admin.NET 项目的版权、商标、专利和其他相关权利均受相应法律法规的保护。使用本项目应遵守相关法律法规和许可证的要求。 // Admin.NET 项目的版权、商标、专利和其他相关权利均受相应法律法规的保护。使用本项目应遵守相关法律法规和许可证的要求。
// //
// 本项目主要遵循 MIT 许可证和 Apache 许可证(版本 2.0)进行分发和使用。许可证位于源代码树根目录中的 LICENSE-MIT 和 LICENSE-APACHE 文件。 // 本项目主要遵循 MIT 许可证和 Apache 许可证(版本 2.0)进行分发和使用。许可证位于源代码树根目录中的 LICENSE-MIT 和 LICENSE-APACHE 文件。
// //
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动!任何基于本项目二次开发而产生的一切法律纠纷和责任,我们不承担任何责任! // 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动!任何基于本项目二次开发而产生的一切法律纠纷和责任,我们不承担任何责任!
using Furion.SpecificationDocument; using Furion.SpecificationDocument;
using Lazy.Captcha.Core; using Lazy.Captcha.Core;
namespace Admin.NET.Core.Service; namespace Admin.NET.Core.Service;
/// <summary> /// <summary>
/// 系统登录授权服务 🧩 /// 系统登录授权服务 🧩
/// </summary> /// </summary>
[ApiDescriptionSettings(Order = 500, Description = "登录授权")] [ApiDescriptionSettings(Order = 500, Description = "登录授权")]
[AppApiDescription("登录授权")] [AppApiDescription("登录授权")]
public class SysAuthService : IDynamicApiController, ITransient public class SysAuthService : IDynamicApiController, ITransient
{ {
private readonly UserManager _userManager; private readonly UserManager _userManager;
private readonly SqlSugarRepository<SysUser> _sysUserRep; private readonly SqlSugarRepository<SysUser> _sysUserRep;
private readonly SysConfigService _sysConfigService; private readonly SysConfigService _sysConfigService;
private readonly SysCacheService _sysCacheService; private readonly SysCacheService _sysCacheService;
private readonly IHttpContextAccessor _httpContextAccessor; private readonly IHttpContextAccessor _httpContextAccessor;
private readonly ICaptcha _captcha; private readonly ICaptcha _captcha;
private readonly IEventPublisher _eventPublisher; private readonly IEventPublisher _eventPublisher;
public SysAuthService(UserManager userManager, public SysAuthService(UserManager userManager,
SqlSugarRepository<SysUser> sysUserRep, SqlSugarRepository<SysUser> sysUserRep,
SysConfigService sysConfigService, SysConfigService sysConfigService,
SysCacheService sysCacheService, SysCacheService sysCacheService,
IHttpContextAccessor httpContextAccessor, IHttpContextAccessor httpContextAccessor,
ICaptcha captcha, ICaptcha captcha,
IEventPublisher eventPublisher) IEventPublisher eventPublisher)
{ {
_userManager = userManager; _userManager = userManager;
_sysUserRep = sysUserRep; _sysUserRep = sysUserRep;
_sysConfigService = sysConfigService; _sysConfigService = sysConfigService;
_sysCacheService = sysCacheService; _sysCacheService = sysCacheService;
_httpContextAccessor = httpContextAccessor; _httpContextAccessor = httpContextAccessor;
_captcha = captcha; _captcha = captcha;
_eventPublisher = eventPublisher; _eventPublisher = eventPublisher;
} }
/// <summary> /// <summary>
/// 账号密码登录 🔖 /// 账号密码登录 🔖
/// </summary> /// </summary>
/// <param name="input"></param> /// <param name="input"></param>
/// <returns></returns> /// <returns></returns>
[DisplayName("账号密码登录")] [DisplayName("账号密码登录")]
[AllowAnonymous] [AllowAnonymous]
public virtual async Task<LoginOutput> Login([Required] LoginInput input) public virtual async Task<LoginOutput> Login([Required] LoginInput input)
{ {
// 判断密码错误次数缓存30分钟 // 判断密码错误次数缓存30分钟
var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{input.Account}"; var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{input.Account}";
var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes); var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes);
var passwordMaxErrorTimes = await _sysConfigService.GetConfigValueByCode<int>(ConfigConst.SysPasswordMaxErrorTimes); var passwordMaxErrorTimes = await _sysConfigService.GetConfigValueByCode<int>(ConfigConst.SysPasswordMaxErrorTimes);
// 若未配置或误配置为0、负数, 则默认密码错误次数最大为5次 // 若未配置或误配置为0、负数, 则默认密码错误次数最大为5次
if (passwordMaxErrorTimes < 1) passwordMaxErrorTimes = 5; if (passwordMaxErrorTimes < 1) passwordMaxErrorTimes = 5;
if (passwordErrorTimes > passwordMaxErrorTimes) throw Oops.Oh(ErrorCodeEnum.D1027); if (passwordErrorTimes > passwordMaxErrorTimes) throw Oops.Oh(ErrorCodeEnum.D1027);
// 判断是否开启验证码并校验 // 判断是否开启验证码并校验
input.TenantId = input.TenantId <= 0 ? SqlSugarConst.DefaultTenantId : input.TenantId; input.TenantId = input.TenantId <= 0 ? SqlSugarConst.DefaultTenantId : input.TenantId;
var tenant = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId); var tenant = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId);
if (tenant == null) if (tenant == null)
{ {
await App.GetRequiredService<SysTenantService>().CacheTenant(); // 重新生成租户列表缓存 await App.GetRequiredService<SysTenantService>().CacheTenant(); // 重新生成租户列表缓存
tenant = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId); tenant = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId);
if (tenant == null) throw Oops.Oh(ErrorCodeEnum.D0007); if (tenant == null) throw Oops.Oh(ErrorCodeEnum.D0007);
} }
if (tenant.Captcha == true && !_captcha.Validate(input.CodeId.ToString(), input.Code)) if (tenant.Captcha == true && !_captcha.Validate(input.CodeId.ToString(), input.Code))
throw Oops.Oh(ErrorCodeEnum.D0008); throw Oops.Oh(ErrorCodeEnum.D0008);
// 获取并验证账号 // 获取并验证账号
var user = await GetLoginUser(input.TenantId, account: input.Account); var user = await GetLoginUser(input.TenantId, account: input.Account);
// 是否开启域登录验证 // 是否开启域登录验证
if (await _sysConfigService.GetConfigValueByCode<bool>(ConfigConst.SysDomainLogin)) if (await _sysConfigService.GetConfigValueByCode<bool>(ConfigConst.SysDomainLogin))
{ {
var userLdap = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserLdap>>().GetFirstAsync(u => u.UserId == user.Id && u.TenantId == user.TenantId); var userLdap = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserLdap>>().GetFirstAsync(u => u.UserId == user.Id && u.TenantId == user.TenantId);
if (userLdap == null) if (userLdap == null)
{ {
VerifyPassword(input.Password, keyPasswordErrorTimes, passwordErrorTimes, user); VerifyPassword(input.Password, keyPasswordErrorTimes, passwordErrorTimes, user);
} }
else if (!await App.GetRequiredService<SysLdapService>().AuthAccount(user.TenantId, userLdap.Account, CryptogramHelper.Decrypt(input.Password))) else if (!await App.GetRequiredService<SysLdapService>().AuthAccount(user.TenantId, userLdap.Account, CryptogramHelper.Decrypt(input.Password)))
{ {
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000); throw Oops.Oh(ErrorCodeEnum.D1000);
} }
} }
else else
VerifyPassword(input.Password, keyPasswordErrorTimes, passwordErrorTimes, user); VerifyPassword(input.Password, keyPasswordErrorTimes, passwordErrorTimes, user);
// 登录成功则清空密码错误次数 // 登录成功则清空密码错误次数
_sysCacheService.Remove(keyPasswordErrorTimes); _sysCacheService.Remove(keyPasswordErrorTimes);
return await CreateToken(user); return await CreateToken(user);
} }
/// <summary> /// <summary>
/// 获取登录用户 /// 获取登录用户
/// </summary> /// </summary>
/// <param name="tenantId"></param> /// <param name="tenantId"></param>
/// <param name="account"></param> /// <param name="account"></param>
/// <param name="phone"></param> /// <param name="phone"></param>
/// <returns></returns> /// <returns></returns>
[NonAction] [NonAction]
public async Task<SysUser> GetLoginUser(long tenantId, string account = null, string phone = null) public async Task<SysUser> GetLoginUser(long tenantId, string account = null, string phone = null)
{ {
//// 若没有传值租户Id则从请求页URL参数中获取租户Id空则默认租户 //// 若没有传值租户Id则从请求页URL参数中获取租户Id空则默认租户
//if (tenantId < 1) //if (tenantId < 1)
//{ //{
// var tenantidStr = _httpContextAccessor.HttpContext.Request.Query["tenantid"].ToString(); // var tenantidStr = _httpContextAccessor.HttpContext.Request.Query["tenantid"].ToString();
// tenantId = string.IsNullOrWhiteSpace(tenantidStr) ? SqlSugarConst.DefaultTenantId : long.Parse(tenantidStr); // tenantId = string.IsNullOrWhiteSpace(tenantidStr) ? SqlSugarConst.DefaultTenantId : long.Parse(tenantidStr);
//} //}
// 判断账号是否存在 // 判断账号是否存在
var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).IgnoreTenant() var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).IgnoreTenant()
//.WhereIF(tenantId > 0, u => u.TenantId == tenantId) //.WhereIF(tenantId > 0, u => u.TenantId == tenantId)
.WhereIF(!string.IsNullOrWhiteSpace(account), u => u.Account.Equals(account)) .WhereIF(!string.IsNullOrWhiteSpace(account), u => u.Account.Equals(account))
.WhereIF(!string.IsNullOrWhiteSpace(phone), u => u.Phone.Equals(phone)) .WhereIF(!string.IsNullOrWhiteSpace(phone), u => u.Phone.Equals(phone))
.FirstAsync(); .FirstAsync();
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009); _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
// 判断账号是否被冻结 // 判断账号是否被冻结
if (user.Status != StatusEnum.Enable) throw Oops.Oh(ErrorCodeEnum.D1017); if (user.Status != StatusEnum.Enable) throw Oops.Oh(ErrorCodeEnum.D1017);
// 判断租户是否存在及状态 // 判断租户是否存在及状态
var tenant = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().GetFirstAsync(u => u.Id == user.TenantId); var tenant = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().GetFirstAsync(u => u.Id == user.TenantId);
if (tenant?.Status != StatusEnum.Enable) throw Oops.Oh(ErrorCodeEnum.Z1003); if (tenant?.Status != StatusEnum.Enable) throw Oops.Oh(ErrorCodeEnum.Z1003);
return user; return user;
} }
/// <summary> /// <summary>
/// 验证用户密码 /// 验证用户密码
/// </summary> /// </summary>
/// <param name="password"></param> /// <param name="password"></param>
/// <param name="keyPasswordErrorTimes"></param> /// <param name="keyPasswordErrorTimes"></param>
/// <param name="passwordErrorTimes"></param> /// <param name="passwordErrorTimes"></param>
/// <param name="user"></param> /// <param name="user"></param>
private void VerifyPassword(string password, string keyPasswordErrorTimes, int passwordErrorTimes, SysUser user) private void VerifyPassword(string password, string keyPasswordErrorTimes, int passwordErrorTimes, SysUser user)
{ {
// 国密SM2解密前端密码传输SM2加密后的 // 国密SM2解密前端密码传输SM2加密后的
try try
{ {
password = CryptogramHelper.SM2Decrypt(password); password = CryptogramHelper.SM2Decrypt(password);
} }
catch catch
{ {
throw Oops.Oh(ErrorCodeEnum.D0010); throw Oops.Oh(ErrorCodeEnum.D0010);
} }
if (CryptogramHelper.CryptoType == CryptogramEnum.MD5.ToString()) if (CryptogramHelper.CryptoType == CryptogramEnum.MD5.ToString())
{ {
if (user.Password.Equals(MD5Encryption.Encrypt(password))) return; if (user.Password.Equals(MD5Encryption.Encrypt(password))) return;
} }
else else
{ {
if (CryptogramHelper.Decrypt(user.Password).Equals(password)) return; if (CryptogramHelper.Decrypt(user.Password).Equals(password)) return;
} }
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000); throw Oops.Oh(ErrorCodeEnum.D1000);
} }
/// <summary> /// <summary>
/// 验证锁屏密码 🔖 /// 验证锁屏密码 🔖
/// </summary> /// </summary>
/// <param name="password"></param> /// <param name="password"></param>
/// <returns></returns> /// <returns></returns>
[DisplayName("验证锁屏密码")] [DisplayName("验证锁屏密码")]
public virtual async Task<bool> UnLockScreen([Required, FromQuery] string password) public virtual async Task<bool> UnLockScreen([Required, FromQuery] string password)
{ {
// 账号是否存在 // 账号是否存在
var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId); var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId);
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009); _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{user.Account}"; var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{user.Account}";
var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes); var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes);
// 是否开启域登录验证 // 是否开启域登录验证
if (await _sysConfigService.GetConfigValueByCode<bool>(ConfigConst.SysDomainLogin)) if (await _sysConfigService.GetConfigValueByCode<bool>(ConfigConst.SysDomainLogin))
{ {
var userLdap = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserLdap>>().GetFirstAsync(u => u.UserId == user.Id && u.TenantId == user.TenantId); var userLdap = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserLdap>>().GetFirstAsync(u => u.UserId == user.Id && u.TenantId == user.TenantId);
if (userLdap == null) if (userLdap == null)
{ {
VerifyPassword(password, keyPasswordErrorTimes, passwordErrorTimes, user); VerifyPassword(password, keyPasswordErrorTimes, passwordErrorTimes, user);
} }
else if (!await App.GetRequiredService<SysLdapService>().AuthAccount(user.TenantId.Value, userLdap.Account, CryptogramHelper.Decrypt(password))) else if (!await App.GetRequiredService<SysLdapService>().AuthAccount(user.TenantId.Value, userLdap.Account, CryptogramHelper.Decrypt(password)))
{ {
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000); throw Oops.Oh(ErrorCodeEnum.D1000);
} }
} }
else else
VerifyPassword(password, keyPasswordErrorTimes, passwordErrorTimes, user); VerifyPassword(password, keyPasswordErrorTimes, passwordErrorTimes, user);
return true; return true;
} }
/// <summary> /// <summary>
/// 手机号登录 🔖 /// 手机号登录 🔖
/// </summary> /// </summary>
/// <param name="input"></param> /// <param name="input"></param>
/// <returns></returns> /// <returns></returns>
[DisplayName("手机号登录")] [DisplayName("手机号登录")]
[AllowAnonymous] [AllowAnonymous]
public virtual async Task<LoginOutput> LoginPhone([Required] LoginPhoneInput input) public virtual async Task<LoginOutput> LoginPhone([Required] LoginPhoneInput input)
{ {
// 校验短信验证码 // 校验短信验证码
App.GetRequiredService<SysSmsService>().VerifyCode(new SmsVerifyCodeInput { Phone = input.Phone, Code = input.Code }); App.GetRequiredService<SysSmsService>().VerifyCode(new SmsVerifyCodeInput { Phone = input.Phone, Code = input.Code });
// 获取并验证账号 // 获取并验证账号
var user = await GetLoginUser(input.TenantId, phone: input.Phone); var user = await GetLoginUser(input.TenantId, phone: input.Phone);
return await CreateToken(user); return await CreateToken(user);
} }
/// <summary> /// <summary>
/// 生成Token令牌 🔖 /// 生成Token令牌 🔖
/// </summary> /// </summary>
/// <param name="user"></param> /// <param name="user"></param>
/// <param name="loginMode"></param> /// <param name="loginMode"></param>
/// <returns></returns> /// <returns></returns>
[NonAction] [NonAction]
public async Task<LoginOutput> CreateToken(SysUser user, LoginModeEnum loginMode = LoginModeEnum.PC) public async Task<LoginOutput> CreateToken(SysUser user, LoginModeEnum loginMode = LoginModeEnum.PC)
{ {
// 单用户登录 // 单用户登录
await App.GetRequiredService<SysOnlineUserService>().SingleLogin(user.Id, loginMode); await App.GetRequiredService<SysOnlineUserService>().SingleLogin(user.Id, loginMode);
// 生成Token令牌 // 生成Token令牌
var tokenExpire = await _sysConfigService.GetTokenExpire(); var tokenExpire = await _sysConfigService.GetTokenExpire();
var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object> var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
{ {
{ ClaimConst.UserId, user.Id }, { ClaimConst.UserId, user.Id },
{ ClaimConst.TokenVersion, user.TokenVersion }, { ClaimConst.TokenVersion, user.TokenVersion },
}, tokenExpire); }, tokenExpire);
// 缓存用户Session // 缓存用户Session
_userManager.SetSession(new() _userManager.SetSession(new()
{ {
UserId = user.Id, UserId = user.Id,
TenantId = user.TenantId, TenantId = user.TenantId,
Account = user.Account, Account = user.Account,
RealName = user.RealName, RealName = user.RealName,
AccountType = user.AccountType, AccountType = user.AccountType,
OrgId = user.OrgId, OrgId = user.OrgId,
OrgName = user.SysOrg?.Name, OrgName = user.SysOrg?.Name,
OrgType = user.SysOrg?.Type, OrgType = user.SysOrg?.Type,
OrgLevel = user.SysOrg?.Level, OrgLevel = user.SysOrg?.Level,
TokenVersion = user.TokenVersion, TokenVersion = user.TokenVersion,
}, TimeSpan.FromMinutes(tokenExpire)); }, TimeSpan.FromMinutes(tokenExpire));
// 生成刷新Token令牌 // 生成刷新Token令牌
var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire(); var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire();
var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire); var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
// 设置响应报文头 // 设置响应报文头
_httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken); _httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken);
// Swagger Knife4UI-AfterScript登录脚本 // Swagger Knife4UI-AfterScript登录脚本
// ke.global.setAllHeader('Authorization', 'Bearer ' + ke.response.headers['access-token']); // ke.global.setAllHeader('Authorization', 'Bearer ' + ke.response.headers['access-token']);
// 更新用户登录信息 // 更新用户登录信息
user.LastLoginIp = _httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true); user.TokenVersion += 1;
(user.LastLoginAddress, double? longitude, double? latitude) = CommonHelper.GetIpAddress(user.LastLoginIp); user.LastLoginIp = _httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true);
user.LastLoginTime = DateTime.Now; (user.LastLoginAddress, double? longitude, double? latitude) = CommonHelper.GetIpAddress(user.LastLoginIp);
user.LastLoginDevice = CommonHelper.GetClientDeviceInfo(_httpContextAccessor.HttpContext?.Request?.Headers?.UserAgent); user.LastLoginTime = DateTime.Now;
await _sysUserRep.AsUpdateable(user).UpdateColumns(u => new user.LastLoginDevice = CommonHelper.GetClientDeviceInfo(_httpContextAccessor.HttpContext?.Request?.Headers?.UserAgent);
{ await _sysUserRep.AsUpdateable(user).UpdateColumns(u => new
u.LastLoginIp, {
u.LastLoginAddress, u.TokenVersion,
u.LastLoginTime, u.LastLoginIp,
u.LastLoginDevice, u.LastLoginAddress,
}).ExecuteCommandAsync(); u.LastLoginTime,
u.LastLoginDevice,
// 缓存用户Token版本 }).ExecuteCommandAsync();
_sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}");
// 缓存用户Token版本
// 发布系统登录事件 _sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}");
await _eventPublisher.PublishAsync(UserEventTypeEnum.Login, user);
// 发布系统登录事件
return new LoginOutput await _eventPublisher.PublishAsync(UserEventTypeEnum.Login, user);
{
AccessToken = accessToken, return new LoginOutput
RefreshToken = refreshToken {
}; AccessToken = accessToken,
} RefreshToken = refreshToken
};
/// <summary> }
/// 获取当前登陆用户信息 🔖
/// </summary> /// <summary>
/// <returns></returns> /// 获取当前登陆用户信息 🔖
[DisplayName("获取当前登陆用户信息")] /// </summary>
public virtual async Task<LoginUserOutput> GetUserInfo() /// <returns></returns>
{ [DisplayName("获取当前登陆用户信息")]
var user = await _sysUserRep.GetByIdAsync(_userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401); public virtual async Task<LoginUserOutput> GetUserInfo()
// 机构 {
var org = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysOrg>>().GetByIdAsync(user.OrgId); var user = await _sysUserRep.GetByIdAsync(_userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401);
// 职位 // 机构
var pos = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysPos>>().GetByIdAsync(user.PosId); var org = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysOrg>>().GetByIdAsync(user.OrgId);
// 角色集合 // 职位
var roles = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserRole>>().AsQueryable() var pos = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysPos>>().GetByIdAsync(user.PosId);
.LeftJoin<SysRole>((u, a) => u.RoleId == a.Id) // 角色集合
.Where(u => u.UserId == user.Id) var roles = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserRole>>().AsQueryable()
.Select((u, a) => new RoleDto { Id = a.Id, Name = a.Name, Code = a.Code }).ToListAsync(); .LeftJoin<SysRole>((u, a) => u.RoleId == a.Id)
// 接口集合 .Where(u => u.UserId == user.Id)
var apis = (await App.GetRequiredService<SysRoleService>().GetUserApiList())[0]; .Select((u, a) => new RoleDto { Id = a.Id, Name = a.Name, Code = a.Code }).ToListAsync();
// 个性化水印文字(若系统水印为空则不显示) // 接口集合
var watermarkText = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().AsQueryable().Where(u => u.Id == user.TenantId).Select(u => u.Watermark).FirstAsync(); var apis = (await App.GetRequiredService<SysRoleService>().GetUserApiList())[0];
if (!string.IsNullOrWhiteSpace(watermarkText)) // 个性化水印文字(若系统水印为空则不显示)
watermarkText += $"-{user.RealName}"; // $"-{user.RealName}-{_httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true)}-{DateTime.Now}"; var watermarkText = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().AsQueryable().Where(u => u.Id == user.TenantId).Select(u => u.Watermark).FirstAsync();
if (!string.IsNullOrWhiteSpace(watermarkText))
return new LoginUserOutput watermarkText += $"-{user.RealName}"; // $"-{user.RealName}-{_httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true)}-{DateTime.Now}";
{
Id = user.Id, return new LoginUserOutput
TenantId = user.TenantId, {
Account = user.Account, Id = user.Id,
RealName = user.RealName, TenantId = user.TenantId,
Phone = user.Phone, Account = user.Account,
IdCardNum = user.IdCardNum, RealName = user.RealName,
Email = user.Email, Phone = user.Phone,
AccountType = user.AccountType, IdCardNum = user.IdCardNum,
Avatar = user.Avatar, Email = user.Email,
Address = user.Address, AccountType = user.AccountType,
Signature = user.Signature, Avatar = user.Avatar,
OrgId = user.OrgId, Address = user.Address,
OrgName = org?.Name, Signature = user.Signature,
OrgType = org?.Type, OrgId = user.OrgId,
PosName = pos?.Name, OrgName = org?.Name,
Apis = apis, OrgType = org?.Type,
Roles = roles, PosName = pos?.Name,
WatermarkText = watermarkText, Apis = apis,
LastChangePasswordTime = user.LastChangePasswordTime Roles = roles,
}; WatermarkText = watermarkText,
} LastChangePasswordTime = user.LastChangePasswordTime
};
///// <summary> }
///// 获取刷新Token 🔖
///// </summary> ///// <summary>
///// <param name="accessToken"></param> ///// 获取刷新Token 🔖
///// <returns></returns> ///// </summary>
//[DisplayName("获取刷新Token")] ///// <param name="accessToken"></param>
//public string GetRefreshToken([FromQuery] string accessToken) ///// <returns></returns>
//{ //[DisplayName("获取刷新Token")]
// var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult(); //public string GetRefreshToken([FromQuery] string accessToken)
// return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire); //{
//} // var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult();
// return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
/// <summary> //}
/// 退出系统 🔖
/// </summary> /// <summary>
[DisplayName("退出系统")] /// 退出系统 🔖
public async Task Logout() /// </summary>
{ [DisplayName("退出系统")]
var httpContext = _httpContextAccessor.HttpContext ?? throw Oops.Oh(ErrorCodeEnum.D1016); public async Task Logout()
{
var userId = httpContext.User.FindFirst(ClaimConst.UserId)?.Value; var httpContext = _httpContextAccessor.HttpContext ?? throw Oops.Oh(ErrorCodeEnum.D1016);
var version = httpContext.User.FindFirst(ClaimConst.TokenVersion)?.Value;
if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(version) || string.IsNullOrWhiteSpace(_userManager.Account)) var userId = httpContext.User.FindFirst(ClaimConst.UserId)?.Value;
throw Oops.Oh(ErrorCodeEnum.D1011); var version = httpContext.User.FindFirst(ClaimConst.TokenVersion)?.Value;
if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(version) || string.IsNullOrWhiteSpace(_userManager.Account))
// 写入Token黑名单 throw Oops.Oh(ErrorCodeEnum.D1011);
var tokenExpire = await _sysConfigService.GetTokenExpire();
_sysCacheService.Set($"{CacheConst.KeyTokenBlacklist}:{userId}:{version}", _userManager.Account, TimeSpan.FromMinutes(tokenExpire)); // 写入Token黑名单
var tokenExpire = await _sysConfigService.GetTokenExpire();
// 发布系统退出事件 _sysCacheService.Set($"{CacheConst.KeyTokenBlacklist}:{userId}:{version}", _userManager.Account, TimeSpan.FromMinutes(tokenExpire));
await _eventPublisher.PublishAsync(UserEventTypeEnum.Logout, _userManager);
_userManager.RemoveSession(_userManager.UserId); // 发布系统退出事件
await _eventPublisher.PublishAsync(UserEventTypeEnum.Logout, _userManager);
// 退出Swagger/设置无效Token响应头 _userManager.RemoveSession(_userManager.UserId);
_httpContextAccessor.HttpContext.SignoutToSwagger();
} // 退出Swagger/设置无效Token响应头
_httpContextAccessor.HttpContext.SignoutToSwagger();
/// <summary> }
/// 获取验证码 🔖
/// </summary> /// <summary>
/// <returns></returns> /// 获取验证码 🔖
[SuppressMonitor] /// </summary>
[DisplayName("获取验证码")] /// <returns></returns>
[AllowAnonymous] [SuppressMonitor]
public CaptchaOutput GetCaptcha() [DisplayName("获取验证码")]
{ [AllowAnonymous]
var codeId = YitIdHelper.NextId().ToString(); public CaptchaOutput GetCaptcha()
var captcha = _captcha.Generate(codeId); {
var expirySeconds = App.GetOptions<CaptchaOptions>()?.ExpirySeconds ?? 60; var codeId = YitIdHelper.NextId().ToString();
return new CaptchaOutput { Id = codeId, Img = captcha.Base64, ExpirySeconds = expirySeconds }; var captcha = _captcha.Generate(codeId);
} var expirySeconds = App.GetOptions<CaptchaOptions>()?.ExpirySeconds ?? 60;
return new CaptchaOutput { Id = codeId, Img = captcha.Base64, ExpirySeconds = expirySeconds };
/// <summary> }
/// Swagger登录检查 🔖
/// </summary> /// <summary>
/// <returns></returns> /// Swagger登录检查 🔖
[Route("/api/swagger/checkUrl"), NonUnify] /// </summary>
[ApiDescriptionSettings(Description = "Swagger登录检查", DisableInherite = true)] /// <returns></returns>
[AllowAnonymous] [Route("/api/swagger/checkUrl"), NonUnify]
public int SwaggerCheckUrl() [ApiDescriptionSettings(Description = "Swagger登录检查", DisableInherite = true)]
{ [AllowAnonymous]
return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? 200 : 401; public int SwaggerCheckUrl()
} {
return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? 200 : 401;
/// <summary> }
/// Swagger登录提交 🔖
/// </summary> /// <summary>
/// <param name="auth"></param> /// Swagger登录提交 🔖
/// <returns></returns> /// </summary>
[Route("/api/swagger/submitUrl"), NonUnify] /// <param name="auth"></param>
[ApiDescriptionSettings(Description = "Swagger登录提交", DisableInherite = true)] /// <returns></returns>
[AllowAnonymous] [Route("/api/swagger/submitUrl"), NonUnify]
public async Task<int> SwaggerSubmitUrl([FromForm] SpecificationAuth auth) [ApiDescriptionSettings(Description = "Swagger登录提交", DisableInherite = true)]
{ [AllowAnonymous]
try public async Task<int> SwaggerSubmitUrl([FromForm] SpecificationAuth auth)
{ {
// 关闭默认租户验证码验证 try
var tenantList = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant); {
var tenant = tenantList.FirstOrDefault(u => u.Id == SqlSugarConst.DefaultTenantId); // 关闭默认租户验证码验证
var tmpCaptcha = tenant.Captcha; var tenantList = _sysCacheService.Get<List<SysTenant>>(CacheConst.KeyTenant);
tenant.Captcha = false; var tenant = tenantList.FirstOrDefault(u => u.Id == SqlSugarConst.DefaultTenantId);
_sysCacheService.Set(CacheConst.KeyTenant, tenantList); var tmpCaptcha = tenant.Captcha;
tenant.Captcha = false;
await Login(new LoginInput _sysCacheService.Set(CacheConst.KeyTenant, tenantList);
{
Account = auth.UserName, await Login(new LoginInput
Password = CryptogramHelper.SM2Encrypt(auth.Password), {
TenantId = SqlSugarConst.DefaultTenantId Account = auth.UserName,
}); Password = CryptogramHelper.SM2Encrypt(auth.Password),
TenantId = SqlSugarConst.DefaultTenantId
// 恢复默认租户验证码状态 });
tenant.Captcha = tmpCaptcha;
_sysCacheService.Set(CacheConst.KeyTenant, tenantList); // 恢复默认租户验证码状态
tenant.Captcha = tmpCaptcha;
return 200; _sysCacheService.Set(CacheConst.KeyTenant, tenantList);
}
catch (Exception) return 200;
{ }
return 401; catch (Exception)
} {
} return 401;
}
}
} }

2
Admin.NET/Admin.NET.Core/Service/Dict/SysDictDataService.cs
View File

@ -35,7 +35,7 @@ public class SysDictDataService : IDynamicApiController, ITransient
{ {
return await _sysDictDataRep.AsQueryable() return await _sysDictDataRep.AsQueryable()
.Where(u => u.DictTypeId == input.DictTypeId) .Where(u => u.DictTypeId == input.DictTypeId)
.WhereIF(!string.IsNullOrEmpty(input.Value?.Trim()), u => u.Code.Contains(input.Value)) .WhereIF(!string.IsNullOrEmpty(input.Value?.Trim()), u => u.Code.Contains(input.Value))
.WhereIF(!string.IsNullOrEmpty(input.Code?.Trim()), u => u.Code.Contains(input.Code)) .WhereIF(!string.IsNullOrEmpty(input.Code?.Trim()), u => u.Code.Contains(input.Code))
.WhereIF(!string.IsNullOrEmpty(input.Label?.Trim()), u => u.Label.Contains(input.Label)) .WhereIF(!string.IsNullOrEmpty(input.Label?.Trim()), u => u.Label.Contains(input.Label))
.OrderBy(u => new { u.OrderNo, u.Code }) .OrderBy(u => new { u.OrderNo, u.Code })

12
Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs
View File

@ -468,6 +468,18 @@ public class SysUserService : IDynamicApiController, ITransient
return await _sysUserExtOrgService.GetUserExtOrgList(userId); return await _sysUserExtOrgService.GetUserExtOrgList(userId);
} }
/// <summary>
/// 重置用户Token版本
/// </summary>
[NonAction]
public void ResetTokenVersion()
{
_sysUserRep.AsUpdateable()
.Where(u => u.TokenVersion > int.MaxValue / 2)
.UpdateColumns(u => u.TokenVersion)
.ExecuteCommand();
}
/// <summary> /// <summary>
/// 强制下线账号和失效Token /// 强制下线账号和失效Token
/// </summary> /// </summary>

1270
Admin.NET/Admin.NET.Core/SqlSugar/SqlSugarSetup.cs
View File

File diff suppressed because it is too large Load Diff

2
Admin.NET/Admin.NET.Web.Core/Admin.NET.Web.Core.csproj
View File

@ -19,4 +19,4 @@
<ProjectReference Include="..\Admin.NET.Application\Admin.NET.Application.csproj" /> <ProjectReference Include="..\Admin.NET.Application\Admin.NET.Application.csproj" />
</ItemGroup> </ItemGroup>
</Project> </Project>

13
Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
View File

@ -70,10 +70,7 @@ namespace Admin.NET.Web.Core
return; return;
} }
// 验证Token版本号 if (!string.IsNullOrWhiteSpace(userId))
var tokenVersion1 = httpContext.User.FindFirst(ClaimConst.TokenVersion)?.Value;
var tokenVersion2 = sysCacheService.Get<string>($"{CacheConst.KeyUserToken}{userId}");
if (string.IsNullOrWhiteSpace(tokenVersion2) && !string.IsNullOrWhiteSpace(userId))
{ {
// 查库并缓存用户Token版本 // 查库并缓存用户Token版本
var user = await serviceScope.ServiceProvider.GetRequiredService<ISqlSugarClient>().Queryable<SysUser>().FirstAsync(u => u.Id == long.Parse(userId)); var user = await serviceScope.ServiceProvider.GetRequiredService<ISqlSugarClient>().Queryable<SysUser>().FirstAsync(u => u.Id == long.Parse(userId));
@ -85,14 +82,6 @@ namespace Admin.NET.Web.Core
return; return;
} }
sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}"); sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}");
tokenVersion2 = user.TokenVersion.ToString();
}
if (string.IsNullOrWhiteSpace(tokenVersion1) || tokenVersion1 != tokenVersion2)
{
context.Fail(new AuthorizationFailureReason(this, "令牌已失效,请重新登录。"));
context.StatusCode(StatusCodes.Status401Unauthorized);
context.GetCurrentHttpContext().SignoutToSwagger();
return;
} }
// 验证租户有效期 // 验证租户有效期

1038
Admin.NET/Admin.NET.Web.Core/Startup.cs
View File

File diff suppressed because it is too large Load Diff