IESETL/CMS/Extension/Jwt/BlackListJwtSecurityTokenHandler.cs

using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using TEAMModelOS.SDK.Context.Exception;
using TEAMModelOS.SDK.Helper.Security.ShaHash;

namespace HiTeachCE.Extension
{
    public class BlackListJwtSecurityTokenHandler : JwtSecurityTokenHandler
    {
       

        public BlackListJwtSecurityTokenHandler( )
        {
             
        }

        public override ClaimsPrincipal ValidateToken(string token, TokenValidationParameters validationParameters,
            out SecurityToken validatedToken)
        {
            var claimsPrincipal = base.ValidateToken(token, validationParameters, out validatedToken);

            //解析ClaimsPrincipal取出UserId、Iat和Jti
            //具体的验证步骤有两个：
            //- 到Redis查找该用户的Token失效时间，如果当前Token的颁发时间在此之前就是无效的；
            //- 到Redis的黑名单里判断是否存在该Token； 
            //通过Redis验证Token
            string sha = ShaHashHelper.GetSHA1(token);
            if (RedisHelper.Exists("jwt:"+sha))
            {
                throw new BizException("登录失效！",401);
            }
            return claimsPrincipal;
        }
    }
}