2024-06-07 11:04:26 +08:00
|
|
|
|
using Infrastructure.Extensions;
|
2021-08-23 16:57:25 +08:00
|
|
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
|
|
using Newtonsoft.Json;
|
|
|
|
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
|
|
|
|
using System.Security.Claims;
|
|
|
|
|
|
using System.Text;
|
|
|
|
|
|
using ZR.Admin.WebApi.Extensions;
|
2023-06-07 22:28:06 +08:00
|
|
|
|
using ZR.Model.System.Dto;
|
2022-04-10 16:52:10 +08:00
|
|
|
|
using ZR.Service.System;
|
2021-08-23 16:57:25 +08:00
|
|
|
|
|
|
|
|
|
|
namespace ZR.Admin.WebApi.Framework
|
|
|
|
|
|
{
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 2020-11-20
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
public class JwtUtil
|
|
|
|
|
|
{
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 获取用户身份信息
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="httpContext"></param>
|
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
|
public static LoginUser GetLoginUser(HttpContext httpContext)
|
|
|
|
|
|
{
|
2021-12-10 18:50:26 +08:00
|
|
|
|
string token = httpContext.GetToken();
|
2021-12-03 17:42:44 +08:00
|
|
|
|
|
2021-08-23 16:57:25 +08:00
|
|
|
|
if (!string.IsNullOrEmpty(token))
|
|
|
|
|
|
{
|
|
|
|
|
|
return ValidateJwtToken(ParseToken(token));
|
|
|
|
|
|
}
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 生成token
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="claims"></param>
|
2022-01-09 17:12:35 +08:00
|
|
|
|
/// <param name="jwtSettings"></param>
|
2021-08-23 16:57:25 +08:00
|
|
|
|
/// <returns></returns>
|
2022-01-09 17:12:35 +08:00
|
|
|
|
public static string GenerateJwtToken(List<Claim> claims, JwtSettings jwtSettings)
|
2021-08-23 16:57:25 +08:00
|
|
|
|
{
|
2021-12-10 09:12:05 +08:00
|
|
|
|
var authTime = DateTime.Now;
|
|
|
|
|
|
var expiresAt = authTime.AddMinutes(jwtSettings.Expire);
|
2021-08-23 16:57:25 +08:00
|
|
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
2021-12-03 17:42:44 +08:00
|
|
|
|
var key = Encoding.ASCII.GetBytes(jwtSettings.SecretKey);
|
|
|
|
|
|
claims.Add(new Claim("Audience", jwtSettings.Audience));
|
|
|
|
|
|
claims.Add(new Claim("Issuer", jwtSettings.Issuer));
|
|
|
|
|
|
|
2021-08-23 16:57:25 +08:00
|
|
|
|
var tokenDescriptor = new SecurityTokenDescriptor
|
|
|
|
|
|
{
|
|
|
|
|
|
Subject = new ClaimsIdentity(claims),
|
2021-12-03 17:42:44 +08:00
|
|
|
|
Issuer = jwtSettings.Issuer,
|
|
|
|
|
|
Audience = jwtSettings.Audience,
|
2021-12-10 09:12:05 +08:00
|
|
|
|
IssuedAt = authTime,//token生成时间
|
|
|
|
|
|
Expires = expiresAt,
|
2021-12-10 18:50:26 +08:00
|
|
|
|
//NotBefore = authTime,
|
2021-12-03 17:42:44 +08:00
|
|
|
|
TokenType = "Bearer",
|
|
|
|
|
|
//对称秘钥,签名证书
|
2021-08-23 16:57:25 +08:00
|
|
|
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
|
|
|
|
|
};
|
|
|
|
|
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
|
|
|
|
|
return tokenHandler.WriteToken(token);
|
|
|
|
|
|
}
|
2021-12-03 17:42:44 +08:00
|
|
|
|
/// <summary>
|
2023-08-02 13:36:44 +08:00
|
|
|
|
/// 检查客户端和服务器的Token是否一样
|
2021-12-03 17:42:44 +08:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
|
public static TokenValidationParameters ValidParameters()
|
|
|
|
|
|
{
|
2022-02-23 18:30:17 +08:00
|
|
|
|
JwtSettings jwtSettings = new();
|
|
|
|
|
|
AppSettings.Bind("JwtSettings", jwtSettings);
|
|
|
|
|
|
|
2022-01-08 21:48:09 +08:00
|
|
|
|
if (jwtSettings == null || jwtSettings.SecretKey.IsEmpty())
|
|
|
|
|
|
{
|
2022-01-11 13:39:42 +08:00
|
|
|
|
throw new Exception("JwtSettings获取失败");
|
2022-01-08 21:48:09 +08:00
|
|
|
|
}
|
2021-12-03 17:42:44 +08:00
|
|
|
|
var key = Encoding.ASCII.GetBytes(jwtSettings.SecretKey);
|
2022-01-11 13:39:42 +08:00
|
|
|
|
|
2021-12-03 17:42:44 +08:00
|
|
|
|
var tokenDescriptor = new TokenValidationParameters
|
|
|
|
|
|
{
|
|
|
|
|
|
ValidateIssuerSigningKey = true,
|
|
|
|
|
|
ValidateIssuer = true,
|
|
|
|
|
|
ValidateAudience = true,
|
|
|
|
|
|
ValidIssuer = jwtSettings.Issuer,
|
|
|
|
|
|
ValidAudience = jwtSettings.Audience,
|
|
|
|
|
|
IssuerSigningKey = new SymmetricSecurityKey(key),
|
|
|
|
|
|
ValidateLifetime = true,//是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
|
2021-12-10 18:50:26 +08:00
|
|
|
|
ClockSkew = TimeSpan.FromSeconds(30)
|
|
|
|
|
|
//RequireExpirationTime = true,//过期时间
|
2021-12-03 17:42:44 +08:00
|
|
|
|
};
|
|
|
|
|
|
return tokenDescriptor;
|
|
|
|
|
|
}
|
2021-08-23 16:57:25 +08:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 从令牌中获取数据声明
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="token">令牌</param>
|
|
|
|
|
|
/// <returns></returns>
|
2022-03-06 14:26:05 +08:00
|
|
|
|
public static IEnumerable<Claim>? ParseToken(string token)
|
2021-08-23 16:57:25 +08:00
|
|
|
|
{
|
|
|
|
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
2021-12-03 17:42:44 +08:00
|
|
|
|
var validateParameter = ValidParameters();
|
|
|
|
|
|
token = token.Replace("Bearer ", "");
|
2021-08-23 16:57:25 +08:00
|
|
|
|
try
|
|
|
|
|
|
{
|
2021-12-03 17:42:44 +08:00
|
|
|
|
tokenHandler.ValidateToken(token, validateParameter, out SecurityToken validatedToken);
|
2021-08-23 16:57:25 +08:00
|
|
|
|
|
2021-12-03 17:42:44 +08:00
|
|
|
|
var jwtToken = tokenHandler.ReadJwtToken(token);
|
2021-08-23 16:57:25 +08:00
|
|
|
|
return jwtToken.Claims;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
Console.WriteLine(ex.Message);
|
|
|
|
|
|
// return null if validation fails
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
2023-08-02 13:36:44 +08:00
|
|
|
|
/// jwt token校验 合法用户和其权限
|
2021-08-23 16:57:25 +08:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="jwtToken"></param>
|
|
|
|
|
|
/// <returns></returns>
|
2022-03-06 14:26:05 +08:00
|
|
|
|
public static LoginUser? ValidateJwtToken(IEnumerable<Claim> jwtToken)
|
2021-08-23 16:57:25 +08:00
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2023-05-12 15:08:24 +08:00
|
|
|
|
LoginUser loginUser = null;
|
2024-01-04 09:01:03 +08:00
|
|
|
|
//todo: ClaimTypes.UserData ??? 从何而来
|
2023-05-12 15:08:24 +08:00
|
|
|
|
var userData = jwtToken.FirstOrDefault(x => x.Type == ClaimTypes.UserData)?.Value;
|
|
|
|
|
|
if (userData != null)
|
2022-03-27 14:06:34 +08:00
|
|
|
|
{
|
2023-05-12 15:08:24 +08:00
|
|
|
|
loginUser = JsonConvert.DeserializeObject<LoginUser>(userData);
|
2023-08-02 13:36:44 +08:00
|
|
|
|
//todo 从缓存拿到权限,如果拿不到权限说明非法用户
|
2023-05-12 15:08:24 +08:00
|
|
|
|
var permissions = CacheService.GetUserPerms(GlobalConstant.UserPermKEY + loginUser?.UserId);
|
2024-06-07 11:04:26 +08:00
|
|
|
|
|
2023-05-12 15:08:24 +08:00
|
|
|
|
if (loginUser?.UserName == GlobalConstant.AdminRole)
|
|
|
|
|
|
{
|
|
|
|
|
|
permissions = new List<string>() { GlobalConstant.AdminPerm };
|
|
|
|
|
|
}
|
|
|
|
|
|
if (permissions == null) return null;
|
|
|
|
|
|
loginUser.Permissions = permissions;
|
2022-03-27 14:06:34 +08:00
|
|
|
|
}
|
2021-08-23 16:57:25 +08:00
|
|
|
|
return loginUser;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
Console.WriteLine(ex.Message);
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-03-24 18:05:52 +08:00
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
///组装Claims
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="user"></param>
|
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
|
public static List<Claim> AddClaims(LoginUser user)
|
|
|
|
|
|
{
|
|
|
|
|
|
var claims = new List<Claim>()
|
|
|
|
|
|
{
|
|
|
|
|
|
new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()),
|
|
|
|
|
|
new Claim(ClaimTypes.Name, user.UserName),
|
|
|
|
|
|
new Claim(ClaimTypes.UserData, JsonConvert.SerializeObject(user))
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
return claims;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-23 16:57:25 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
