ZZY/shanghaigangxiangtuzhuangMES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7bbb076c0e98969aec9abdf4afb68f9d51c960a1
shanghaigangxiangtuzhuangMES/ZR.Admin.WebApi/Filters/VerifyAttribute.cs
不做码农 9dddbd874b 优化代码
2022-03-02 21:55:30 +08:00

67 lines
2.5 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using Infrastructure;
using Infrastructure.Model;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using NLog;
using System;
using System.Linq;
using ZR.Admin.WebApi.Extensions;
using ZR.Admin.WebApi.Framework;
using ZR.Model.System;
namespace ZR.Admin.WebApi.Filters
{
/// <summary>
/// 授权校验访问
/// 如果跳过授权登录在Action 或controller加上 AllowAnonymousAttribute
/// </summary>
public class VerifyAttribute : Attribute, IAuthorizationFilter
{
static readonly Logger logger = LogManager.GetCurrentClassLogger();
//IWebHostEnvironment webHostEnvironment = (IWebHostEnvironment)App.ServiceProvider.GetService(typeof(IWebHostEnvironment));
//public VerifyAttribute() { }
/// <summary>
/// 只判断token是否正确不判断权限
/// 如果需要判断权限的在Action上加上ApiActionPermission属性标识权限类别ActionPermissionFilter作权限处理
/// </summary>
/// <param name="context"></param>
public void OnAuthorization(AuthorizationFilterContext context)
{
var noNeedCheck = false;
if (context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor)
{
noNeedCheck = controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
.Any(a => a.GetType().Equals(typeof(AllowAnonymousAttribute)));
}
if (noNeedCheck) return;
string ip = HttpContextExtension.GetClientUserIp(context.HttpContext);
string url = context.HttpContext.Request.Path;
var isAuthed = context.HttpContext.User.Identity.IsAuthenticated;
var userName = context.HttpContext.User.Identity.Name;
//使用jwt token校验2020-11-21
LoginUser info = JwtUtil.GetLoginUser(context.HttpContext);
if (info != null && info.UserId > 0)
{
//logger.Info($"[{info.UserId}-{userName}-{ip}]用户登录校验成功");
}
else
{
string msg = $"请求访问:{url}授权认证失败,无法访问系统资源";
logger.Info($"用户{userName}{msg}");
context.Result = new JsonResult(new ApiResult((int)ResultCode.DENY, msg));
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink