提交多角色

TEAMModelOS.SDK/Context/Filters/HttpGlobalExceptionFilter.cs

@@ -58,6 +58,9 @@ namespace TEAMModelOS.SDK.Context.Filters
                     case 500:
                         msg = context.Exception.Message;
                         break;
+                    case 403:
+                        msg = context.Exception.Message;
+                        break;
                     default:
                         msg = "Unknown Error";
                         break;

TEAMModelOS.SDK/Context/Filters/HttpGlobalExceptionInvoke.cs

@@ -69,6 +69,9 @@ namespace TEAMModelOS.SDK.Context.Filter
                         case 500:
                             msg = exs.Message;
                             break;
+                        case 403:
+                            msg = exs.Message;
+                            break;
                         default:
                             msg = "Unknown Error";
                             break;

TEAMModelOS.SDK/Extension/JwtAuth/JwtAuthExtension.cs

@@ -78,6 +78,7 @@ namespace TEAMModelOS.SDK.Extension.JwtAuth
             //自定义授权
             services.AddAuthorization(auth =>
             {
+                auth.AddPolicy("Admin", policy => policy.RequireRole("Admin,Root,SchoolAdmin,Teacher").Build());
                 auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
                     .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
                     .RequireAuthenticatedUser()

TEAMModelOS.SDK/Extension/JwtAuth/JwtHelper/JwtHelper.cs

@@ -43,7 +43,8 @@ namespace TEAMModelOS.SDK.Extension.JwtAuth.JwtHelper
             claims.Add(new Claim(JwtClaimTypes.Issuer, setting.Issuer));
             claims.Add(new Claim(JwtClaimTypes.Scope, claimModel.Scope));
             claims.Add(new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()));
-            claims.AddRange(claimModel.Roles.ToArray().Select(s=>new Claim(JwtClaimTypes.Role,s)));
+           //claims.AddRange(claimModel.Roles.Select(s=>new Claim(JwtClaimTypes.Role, s)));
+            //claims.AddRange(claimModel.Claims.Select(s => new Claim(ClaimTypes.Role, s)));
             string path = BaseConfigModel.ContentRootPath;
             RSACryptoServiceProvider provider = RsaHelper.LoadCertificateFile(path + "/JwtRsaFile/private.pem");
             RsaSecurityKey rsaSecurity = new RsaSecurityKey(provider);
@@ -69,11 +70,32 @@ namespace TEAMModelOS.SDK.Extension.JwtAuth.JwtHelper
 
             ///https://www.cnblogs.com/JacZhu/p/6837676.html#Update2.0  刷新     用户的 Token 在过期时间之内根本无法手动设置失效，随之而来的还有重放攻击等等问题
 
+
             var jwtHandler = new JwtSecurityTokenHandler();
             JwtSecurityToken jwtToken = jwtHandler.ReadJwtToken(jwtStr);
+            object role = new object(); ;
+            jwtToken.Payload.TryGetValue(ClaimTypes.Role, out role);
+          
+            //var tm = new TokenModelJWT
+            //{
+            //    Uid = (jwtToken.Id).ObjToInt(),
+            //    Role = role != null ? role.ObjToString() : "",
+            //};
+
+
+
+           // var jwtHandler = new JwtSecurityTokenHandler();
+           // JwtSecurityToken jwtToken = jwtHandler.ReadJwtToken(jwtStr);
             ClaimModel claimModel = new ClaimModel();
-            object role = new object();
-            claimModel.Claim = jwtToken.Claims.ToDictionary(claim => claim.Type, claim => claim.Value);
+            //object role = new object();
+           // claimModel.Claim = jwtToken.Claims.ToDictionary(claim => claim.Type, claim => claim.Value);
+            Dictionary<string, object> claimDict = new Dictionary<string, object>();
+            foreach (Claim claim in jwtToken.Claims)
+            {
+                claimDict.TryAdd(claim.Type, claim.Value);
+            }
+            claimDict[ClaimTypes.Role] = role;
+            claimModel.Claim = claimDict;
             claimModel.Claims = jwtToken.Claims.ToList();
             jwtToken.Payload.TryGetValue(JwtClaimTypes.Role, out role);
             if(role!=null)claimModel.Roles=role.ToString().Split(",").ToList();

TEAMModelOS.SDK/Extension/JwtAuth/Models/ClaimModel.cs

@@ -8,7 +8,7 @@ namespace TEAMModelOS.SDK.Extension.JwtAuth.Models
     {
         public ClaimModel() {
             Claims = new List<Claim>();
-            Claim = new Dictionary<string, string>();
+            Claim = new Dictionary<string, object>();
             Roles = new List<string>();
         }
 
@@ -20,7 +20,7 @@ namespace TEAMModelOS.SDK.Extension.JwtAuth.Models
         /// <summary>
         /// 用户身份信息
         /// </summary>
-        public Dictionary<string ,string> Claim { get; set; }
+        public Dictionary<string ,object> Claim { get; set; }
         /// <summary>
         /// 用户角色信息
         /// </summary>

TEAMModelOS.SDK/Helper/Network/HttpHelper/HttpContextHelper.cs

@@ -97,7 +97,7 @@ namespace TEAMModelOS.SDK.Helper.Network.HttpHelper
             }
             return aktoken;
         }
-        public static string GetLoginUser(IHttpContextAccessor httpContextAccessor ,string claimType) {
+        public static List<string> GetLoginUser(IHttpContextAccessor httpContextAccessor ,string claimType) {
             var tokenHeader = "";
             HttpRequest request = httpContextAccessor.HttpContext.Request;
             if (request.Headers.ContainsKey(Constants.AUTHORIZATION))
@@ -111,12 +111,21 @@ namespace TEAMModelOS.SDK.Helper.Network.HttpHelper
                 tokenHeader = request.Query[Constants.ACCESS_TOKEN];
                 tokenHeader = tokenHeader.Trim();
             }
-            if (string.IsNullOrEmpty(tokenHeader)) {
-                return "";
+            if (string.IsNullOrEmpty(tokenHeader))
+            {
+                return null;
             }
             ClaimModel claimModel = JwtHelper.SerializeJWT(tokenHeader);
             claimModel.Claim.TryGetValue(claimType, out var claimValue);
-            return claimValue; 
+            List<string> claimValues = new List<string>();
+            foreach (Claim claim in claimModel.Claims)
+            {
+                if (claim.Type.Equals(claimType))
+                {
+                    claimValues.Add(claim.Value);
+                }
+            }
+            return claimValues;
         }
     }
 }

TEAMModelOS.Service/Core/Implements/LoginInfoService.cs

@@ -132,7 +132,7 @@ namespace TEAMModelOS.Service.Core.Implements
 
                 var dateTime = DateTimeHelper.ConvertToTimeStamp10(DateTime.Now);
                 var expExt=claimModel.Claim.TryGetValue("exp",out var exp);
-                if (expExt==false || dateTime > long.Parse(exp))
+                if (expExt==false || dateTime > long.Parse(exp.ToString()))
                 {
                     throw new BizException(401, "Unauthorized");
                 }
@@ -176,6 +176,7 @@ namespace TEAMModelOS.Service.Core.Implements
             model.Claims.Add(new Claim(JwtClaimTypes.Id, loginInfo.TeamModelId));
             ////保护隐私
             //model.Claims.Add(new Claim(JwtClaimTypes.PhoneNumber, loginInfo.Phone));
+            model.Claims.AddRange(role.Split(',').Select(s => new Claim(JwtClaimTypes.Role, s)));
             model.Roles.Add(role);
             JwtResponse jwtResponse = JwtHelper.IssueJWT(model, _options.Value);
             return jwtResponse;

TEAMModelOS/Controllers/Core/BaseController.cs

@@ -7,11 +7,13 @@ using System.Threading.Tasks;
 using TEAMModelOS.SDK.Extension.JwtAuth.JwtHelper;
 using TEAMModelOS.SDK.Extension.JwtAuth.Models;
 using TEAMModelOS.SDK.Context.Constant.Common;
+using System.Security.Claims;
+
 namespace TEAMModelOS.Controllers.Core
 {
     public class BaseController : Controller
     {
-        public   string GetLoginUser(string claimType)
+        public List<string> GetLoginUser(string claimType)
         {
             var tokenHeader = "";
             HttpRequest request = HttpContext.Request;
@@ -28,11 +30,18 @@ namespace TEAMModelOS.Controllers.Core
             }
             if (string.IsNullOrEmpty(tokenHeader))
             {
-                return "";
+                return null ;
             }
             ClaimModel claimModel = JwtHelper.SerializeJWT(tokenHeader);
             claimModel.Claim.TryGetValue(claimType, out var claimValue);
-            return claimValue;
+            List<string> claimValues = new List<string>();
+            foreach (Claim claim in claimModel.Claims) {
+                if(claim.Type.Equals(claimType))
+                {
+                    claimValues.Add(claim.Value);
+                }
+            }
+            return claimValues;
         }
     }
 }

TEAMModelOS/Controllers/Core/RoleController.cs

@@ -1,4 +1,5 @@
 using IdentityModel;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System;
@@ -8,6 +9,7 @@ using System.Threading.Tasks;
 using TEAMModelOS.Model.Core.Models;
 using TEAMModelOS.SDK.Extension.DataResult.JsonRpcRequest;
 using TEAMModelOS.SDK.Extension.DataResult.JsonRpcResponse;
+using TEAMModelOS.SDK.Helper.Common.CollectionHelper;
 using TEAMModelOS.Service.Core.Interfaces;
 
 namespace TEAMModelOS.Controllers.Core
@@ -17,6 +19,7 @@ namespace TEAMModelOS.Controllers.Core
     /// </summary>
     [Route("api/[controller]")]
     [ApiController]
+    [Authorize]
     public class RoleController : BaseController
     {
         private IRoleService _roleSeservice;
@@ -37,15 +40,16 @@ namespace TEAMModelOS.Controllers.Core
         public async Task<BaseJosnRPCResponse> GetLoginRoles(JosnRPCRequest<Dictionary<string, object>> request)
         {
             JsonRPCResponseBuilder builder = JsonRPCResponseBuilder.custom();
-            string rolecodes = GetLoginUser(JwtClaimTypes.Role);
+            List<string> rolecodes = GetLoginUser(JwtClaimTypes.Role);
             List<Role> roles = new List<Role>();
-            string[] codes = rolecodes.Split(",");
-            foreach (string code in codes)
-            {
-                Role role = await _roleSeservice.FindRoleByRowKey(code);
-                if (role != null&& !string.IsNullOrEmpty(role.RowKey))
+            if (rolecodes.IsNotEmpty()) {
+                foreach (string code in rolecodes)
                 {
-                    roles.Add(role);
+                    Role role = await _roleSeservice.FindRoleByRowKey(code);
+                    if (role != null && !string.IsNullOrEmpty(role.RowKey))
+                    {
+                        roles.Add(role);
+                    }
                 }
             }
             return builder.Data(roles).build();

TEAMModelOS/Startup.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.SpaServices.Webpack;
 using Microsoft.Extensions.Configuration;

TEAMModelOS/appsettings.Development.json

@@ -9,7 +9,7 @@
   "AllowedHosts": "*",
   "Azure": {
     "Table": {
-      "ConnectionString": "AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;DefaultEndpointsProtocol=http;BlobEndpoint=http://192.168.8.133:10000/devstoreaccount1;QueueEndpoint=http://192.168.8.133:10001/devstoreaccount1;TableEndpoint=http://192.168.8.133:10002/devstoreaccount1;",
+      "ConnectionString": "AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;DefaultEndpointsProtocol=http;BlobEndpoint=http://192.168.8.192:10000/devstoreaccount1;QueueEndpoint=http://192.168.8.192:10001/devstoreaccount1;TableEndpoint=http://192.168.8.192:10002/devstoreaccount1;",
       "AzureTableDialect": ""
     },
     "Blob": {