80 lines
3.2 KiB
C#
80 lines
3.2 KiB
C#
|
namespace ZhiYi.Core.Application.Middleware
|
|||
|
|
{
|
|||
|
|
/// <summary>
|
|||
|
|
/// 签名与鉴权中间件
|
|||
|
|
/// </summary>
|
|||
|
|
public class SignatureValidationMiddleware
|
|||
|
|
{
|
|||
|
|
private readonly RequestDelegate _next;
|
|||
|
|
private readonly string _appSecret;
|
|||
|
|
private readonly string[] _excludedPaths;
|
|||
|
|
private readonly IServiceProvider _serviceProvider;
|
|||
|
|
|
|||
|
|
public SignatureValidationMiddleware(RequestDelegate next, IConfiguration configuration, IServiceProvider serviceProvider)
|
|||
|
|
{
|
|||
|
|
_next = next;
|
|||
|
|
_appSecret = configuration["AppSecret"];
|
|||
|
|
_excludedPaths = new string[]
|
|||
|
|
{
|
|||
|
|
"/api/user/login", // 登录接口
|
|||
|
|
"/api/user/register", // 注册接口
|
|||
|
|
"/api/user/getsignature", //签名获取接口
|
|||
|
|
"/api/captcha/getcaptcha" //验证码获取接口
|
|||
|
|
};
|
|||
|
|
_serviceProvider = serviceProvider;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public async Task InvokeAsync(Microsoft.AspNetCore.Http.HttpContext context)
|
|||
|
|
{
|
|||
|
|
/*var contentType = context.Request.ContentType;
|
|||
|
|
if (contentType.IndexOf("grpc") > 0)
|
|||
|
|
{
|
|||
|
|
await _next(context);
|
|||
|
|
return;
|
|||
|
|
}*/
|
|||
|
|
var path = context.Request.Path;
|
|||
|
|
if (_excludedPaths.Any(p => path.StartsWithSegments(p)))
|
|||
|
|
{
|
|||
|
|
await _next(context);
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
var timestamp = context.Request.Headers["X-Timestamp"].ToString();
|
|||
|
|
var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
|
|||
|
|
var signature = context.Request.Headers["X-Signature"].ToString();
|
|||
|
|
|
|||
|
|
//请求头过滤
|
|||
|
|
/*if (string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(token) || string.IsNullOrEmpty(signature))
|
|||
|
|
{
|
|||
|
|
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|||
|
|
await context.Response.WriteAsync("非法请求");
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 简单验证 signature 是否有效
|
|||
|
|
using (var scope = _serviceProvider.CreateScope())
|
|||
|
|
{
|
|||
|
|
var expectedSignature = scope.ServiceProvider.GetService<TokenService>().GenerateSignature(_appSecret, path, timestamp, token);
|
|||
|
|
if (signature != expectedSignature)
|
|||
|
|
{
|
|||
|
|
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|||
|
|
await context.Response.WriteAsync("签名不正确");
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
};*/
|
|||
|
|
|
|||
|
|
// 简单验证 Token 是否有效
|
|||
|
|
var tokenService = context.RequestServices.GetRequiredService<TokenService>();
|
|||
|
|
var username = context.User.Identity?.Name;
|
|||
|
|
var userid = context.User.FindFirst(ClaimTypes.Sid)?.Value;
|
|||
|
|
if (userid == null || !tokenService.ValidateToken(userid, token))
|
|||
|
|
{
|
|||
|
|
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|||
|
|
await context.Response.WriteAsync("token无效");
|
|||
|
|
return;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
await _next(context);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|