-
Notifications
You must be signed in to change notification settings - Fork 89
/
AuthorizeController.cs
240 lines (232 loc) · 10.2 KB
/
AuthorizeController.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using UwlAPI.Tools.AuthHelper.JWT;
using UwlAPI.Tools.AuthHelper.Token;
using UwlAPI.Tools.Models.LoginViewModel;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Uwl.Common;
using Uwl.Common.Utility;
using Uwl.Data.Model.BaseModel;
using Uwl.Data.Server.UserServices;
using Uwl.Data.Model.Result;
using UwlAPI.Tools.AuthHelper.Policys;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Uwl.Common.Download;
using SignalRDemo.SignalrHubs;
using Uwl.Extends.EncryPtion;
using Uwl.Common.RabbitMQ;
using Uwl.QuartzNet.JobCenter.Center;
using Uwl.Common.Cache.RedisCache;
namespace UwlAPI.Tools.Controllers
{
/// <summary>
/// 登录或者获取Token接口不加//[Authorize(Policy = "Admin")]权限,加了类似,你把钥匙上了锁
/// </summary>
//次特性是必须带jwtToken才可以请求,如果在获取Token的控制器上加了此特性需要在获取Token的方法上添加[AllowAnonymous]//对获取token得方法加允许匿名标注
[AllowAnonymous]//对获取token得方法加允许匿名标注//不受授权控制,任何人都可访问
//[Produces("application/json")]
[Route("api/Login")]
public class AuthorizeController : Controller
{
private JwtSettings _jwtSettings;
private IUserServer _userserver;
private IRedisCacheManager _redisCacheManager;
private readonly IRabbitMQ _rabbitMQ;
private readonly PermissionRequirement _requirement;
private readonly IHostingEnvironment _hostingEnvironment;
/// <summary>
/// 构造函数
/// </summary>
/// <param name="_jwtSettingsAccesser"></param>
/// <param name="userServer"></param>
/// <param name="redisCacheManager"></param>
/// <param name="rabbitMQ">消息队列</param>
/// <param name="permissionRequirement"></param>
/// <param name="hostingEnvironment"></param>
/// <param name="schedulerCenter"></param>
public AuthorizeController(IOptions<JwtSettings> _jwtSettingsAccesser,
IUserServer userServer, IRedisCacheManager redisCacheManager, IRabbitMQ rabbitMQ,
PermissionRequirement permissionRequirement, IHostingEnvironment hostingEnvironment, ISchedulerCenter schedulerCenter)
{
this._jwtSettings = _jwtSettingsAccesser.Value;
this._userserver = userServer;
this._redisCacheManager = redisCacheManager;
this._requirement = permissionRequirement;
this._hostingEnvironment = hostingEnvironment;
this._rabbitMQ = rabbitMQ;
}
#region 获取Token No.1
/// <summary>
/// 官方的方式获取Token
/// </summary>
/// <param name="loginViewModel"></param>
/// <returns></returns>
[HttpPost]
[Route("Token")]
[AllowAnonymous]//对获取token得方法加允许匿名标注//不受授权控制,任何人都可访问
public async Task<string> Token([FromBody] LoginViewModel loginViewModel)
{
if (ModelState.IsValid)
{
SysUser user = await _userserver.CheckUser(loginViewModel.User, loginViewModel.Password);
//判断用户名密码是否正确,如果不正确返回Token !(loginViewModel.User=="avery"&& loginViewModel.Password=="123")
if (user == null)
{
return "账号或者密码错误";
}
else
{
#region MyRegion
var Ip = HttpContext.GetClientIP();
//var claim = new Claim[]
//{
// new Claim(ClaimTypes.Name,user.Account),
// new Claim(ClaimTypes.Role,user.Account),
//};
////设置对称秘钥
//var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecretKey));
////生成签名证书(秘钥,加密算法)
//var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
////生成token [注意]需要nuget添加Microsoft.AspNetCore.Authentication.JwtBearer包,并引用System.IdentityModel.Tokens.Jwt命名空间
//var token = new JwtSecurityToken(_jwtSettings.Issuer, _jwtSettings.Audience, claim, DateTime.Now, DateTime.Now.AddDays(1), creds);
#endregion
TokenModelJWT tokenModel = new TokenModelJWT()
{
Uid = user.Id,
Role = "Admin",
};
var token = JwtHelper.IssueJWT(tokenModel);
try
{
//var ss= DateTime.Now;
//_redisCacheManager.Set("Id", new { Id = 12 },ss.TimeOfDay);
//_log.Add("创建TOken", "用户登陆", Ip,EnumTypes.其他分类);
return token;
}
catch (Exception ex)
{
throw;
}
}
}
return "账号或者密码错误";
}
#endregion
#region 自定义中间件获取Token No.2
/// <summary>
/// 第二种方式获取Token
/// </summary>
/// <param name="loginViewModel"></param>
/// <returns></returns>
[HttpPost]
[Route("CustomGetToken")]
public IActionResult GetJWTStr([FromBody] LoginViewModel loginViewModel)
{
if (ModelState.IsValid)
{
SysUser user = new SysUser(); //await _userserver.CheckUser(loginViewModel.User, loginViewModel.Password);
//判断用户名密码是否正确,如果不正确返回Token !(loginViewModel.User=="avery"&& loginViewModel.Password=="123")
if (user == null)
{
return Json(new OperationResult(ResultType.Error, "账号或者密码错误"));
}
else
{
var Ip = HttpContext.GetClientIP();
TokenModelJWT tokenModel = new TokenModelJWT()
{
Uid = user.Id,
Role = "Admin",
};
try
{
string jwtstr = JwtHelper.IssueJWT(tokenModel);
return Ok(new { token = jwtstr });
}
catch (Exception ex)
{
return Json("" + ex.Message);
}
}
}
return BadRequest();
}
#endregion
#region 获取Token No.3
/// <summary>
/// 自定义策略授权JWT,控制到Action级别权限
/// </summary>
/// <param name="loginViewModel"></param>
/// <returns></returns>
[HttpPost]
[Route("TokenThree")]
public async Task<MessageModel<dynamic>> TokenAssig([FromBody] LoginViewModel loginViewModel)
{
var data = new MessageModel<dynamic>();
try
{
if (ModelState.IsValid)
{
loginViewModel.Password = loginViewModel.Password.ToMD5();
var Ip = HttpContext.GetClientIP();
await Console.Out.WriteLineAsync(string.Format("客户端请求IP:{0}", Ip));
SysUser Info = await _userserver.CheckUser(loginViewModel.User, loginViewModel.Password);
if (Info == null)
{
data.msg = "账号或者密码错误";
return data;
}
else
{
try
{
//_schedulerCenter.AddScheduleJobAsync<SysSchedule>(new SysSchedule());
var RoleName = await _userserver.GetUserRoleByUserId(Info.Id);
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name,Info.Name),//设置用户名称
new Claim(JwtRegisteredClaimNames.Jti,Info.Id.ToString()),//设置用户ID
new Claim(ClaimTypes.Expiration,DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString()),//设置过期时间
new Claim("Id",Info.Id.ToString()),
new Claim("userName",Info.Name)
};
claims.AddRange(RoleName.Split(',').Select(x => new Claim(ClaimTypes.Role, x)));//将用户角色填充到claims中
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);//用户标识
identity.AddClaims(claims);
var token = JwtToken.BuildJwtToken(claims.ToArray(), _requirement);
data.response = token;
data.msg = "Token获取成功";
data.success = true;
return data;
}
catch (Exception ex)
{
data.msg = "获取角色信息失败" + ex.Message;
return data;
}
}
}
else
{
data.msg = "获取角色信息失败";
return data;
}
}
catch (Exception ex)
{
data.msg = "获取角色信息失败" + ex.Message;
return data;
}
}
#endregion
}
}