Merge pull request 'v2 优化TokenVersion机制' (#305) from Junong/Admin.NET.Pro:v2 into v2

Reviewed-on: https://code.adminnet.top/Admin.NET/Admin.NET.Pro/pulls/305
2025-04-07 11:23:33 +08:00 · 2025-04-07 11:23:33 +08:00 · 7f0fa0678d
commit 7f0fa0678d
parent 0d91913ff3 8dc9f846e1
3 changed files with 22 additions and 12 deletions
--- a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
+++ b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
@ -352,8 +352,8 @@ public class SysAuthService : IDynamicApiController, ITransient
        //    .Where(u => u.Id == _userManager.UserId)
        //    .ExecuteCommandAsync();
-        // 更新用户Token版本缓存
+        //// 更新用户Token版本缓存  退出系统不用更新系统缓存，更新后其他已登录机全都要重新登录。
-        _sysCacheService.Set($"{CacheConst.KeyUserToken}{_userManager.UserId}", $"{_userManager.TokenVersion + 1}");
+        //_sysCacheService.Set($"{CacheConst.KeyUserToken}{_userManager.UserId}", $"{_userManager.TokenVersion + 1}");
        // 发布系统退出事件
        await _eventPublisher.PublishAsync(UserEventTypeEnum.Logout, _userManager);
--- a/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs
+++ b/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs
@ -140,7 +140,8 @@ public class SysUserService : IDynamicApiController, ITransient
        if (await query.AnyAsync(u => u.Account == input.Account)) throw Oops.Oh(ErrorCodeEnum.D1003);
        if (!string.IsNullOrWhiteSpace(input.Phone) && await query.AnyAsync(u => u.Phone == input.Phone)) throw Oops.Oh(ErrorCodeEnum.D1032);
-        input.TokenVersion++;
+        ////更新用户普通信息时不因更新TokenVersion
        //input.TokenVersion++;
        var user = input.Adapt<SysUser>();
        await _sysUserRep.AsUpdateable(user).IgnoreColumns(true).IgnoreColumns(u => new { u.Password, u.Status, u.TenantId }).ExecuteCommandAsync();
@ -287,14 +288,17 @@ public class SysUserService : IDynamicApiController, ITransient
    {
        var user = await _sysUserRep.GetByIdAsync(input.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D0009);
        // 若账号的角色发生变化,才更新
        var roles = await _sysUserRoleService.GetUserRoleIdList(input.UserId);
        if(!roles.SequenceEqual(input.RoleIdList))
        {
            await _sysUserRoleService.GrantUserRole(input);
            // 强制下线账号和失效Token
            await OfflineAndExpireToken(user);
            // 发布更新用户角色事件
            await _eventPublisher.PublishAsync(UserEventTypeEnum.UpdateRole, input);
        }
    }
    /// <summary>
    /// 修改用户密码 🔖
@ -461,8 +465,8 @@ public class SysUserService : IDynamicApiController, ITransient
    /// <param name="user"></param>
    private async Task OfflineAndExpireToken(SysUser user)
    {
-        // 更新Token版本缓存
+        // 更新Token版本缓存，当角色、机构、密码、重置、删除、状态改变时，Token版本清0
-        _sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion + 1}");
+        _sysCacheService.Remove($"{CacheConst.KeyUserToken}{user.Id}");
        // 强制下线账号
        await _sysOnlineUserService.ForceOfflineByUserId(user.Id);
--- a/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
+++ b/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
@ -49,6 +49,12 @@ namespace Admin.NET.Web.Core
            {
                // 查库并缓存用户Token版本
                var user = await serviceScope.ServiceProvider.GetRequiredService<ISqlSugarClient>().Queryable<SysUser>().FirstAsync(u => u.Id == long.Parse(userId));
                if (user == null || user.IsDelete)
                {
                    context.Fail(new AuthorizationFailureReason(this, "账户失效或被禁止"));
                    context.GetCurrentHttpContext().SignoutToSwagger();
                    return;
                }
                sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}");
                tokenVersion2 = user.TokenVersion.ToString();
            }