|
|
@@ -95,19 +95,34 @@ namespace TEAMModelOS.Filter
|
|
|
}
|
|
|
public void OnResourceExecuting(ResourceExecutingContext context)
|
|
|
{
|
|
|
- bool pass = false;
|
|
|
- string id = string.Empty, school = string.Empty,jti=string.Empty;
|
|
|
- var authtoken = context.HttpContext.GetXAuth("ApiToken");
|
|
|
- if (!string.IsNullOrWhiteSpace(authtoken) && JwtAuthExtension.ValidateApiToken(authtoken, _option.JwtSecretKey))
|
|
|
+ var path = context.HttpContext.Request.Path;
|
|
|
+ string[] paths = path.ToString().Split("/");
|
|
|
+ string scope = "";
|
|
|
+ if (paths.Any())
|
|
|
{
|
|
|
- var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authtoken);
|
|
|
- string iss = jwt.Payload.Iss; //iss 检查jwt是否是测试站,正式站的授权key
|
|
|
- if (iss.Equals(_option.HostName))
|
|
|
+ if (paths[0].Equals("") && paths.Length > 1)
|
|
|
{
|
|
|
- //aud 受众
|
|
|
- id = jwt.Payload.Sub;//主题,又是应用APP
|
|
|
- school = jwt.Payload.Azp;//学校编码
|
|
|
- jti = jwt.Payload.Jti;//jwt唯一标识
|
|
|
+ scope = paths[1];
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ scope = paths[0];
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (scope.Equals("school") ||scope.Equals("business"))
|
|
|
+ {
|
|
|
+ bool pass = false;
|
|
|
+ string id = string.Empty, school = string.Empty, jti = string.Empty;
|
|
|
+ var authtoken = context.HttpContext.GetXAuth("ApiToken");
|
|
|
+ if (!string.IsNullOrWhiteSpace(authtoken) && JwtAuthExtension.ValidateApiToken(authtoken, _option.JwtSecretKey))
|
|
|
+ {
|
|
|
+ var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authtoken);
|
|
|
+ string iss = jwt.Payload.Iss; //iss 检查jwt是否是测试站,正式站的授权key
|
|
|
+ if (iss.Equals(_option.HostName))
|
|
|
+ {
|
|
|
+ //aud 受众
|
|
|
+ id = jwt.Payload.Sub;//主题,又是应用APP
|
|
|
+ school = jwt.Payload.Azp;//学校编码
|
|
|
+ jti = jwt.Payload.Jti;//jwt唯一标识
|
|
|
#if !DEBUG
|
|
|
var permissions = jwt.Claims.Where(c => c.Type.Equals("auth"));
|
|
|
///当前请求的api的设置的permission值是否包含在 从jwt的获取["1","2","3","4","5"]值中
|
|
|
@@ -119,25 +134,29 @@ namespace TEAMModelOS.Filter
|
|
|
}
|
|
|
}
|
|
|
#else
|
|
|
- pass=true;
|
|
|
+ pass = true;
|
|
|
#endif
|
|
|
|
|
|
- if (!string.IsNullOrEmpty(id) && !string.IsNullOrEmpty(school) && !string.IsNullOrEmpty(jti))
|
|
|
- {
|
|
|
- //AIP 开启限流策略 处理限流问题
|
|
|
- if (_limit)
|
|
|
+ if (!string.IsNullOrEmpty(id) && !string.IsNullOrEmpty(school) && !string.IsNullOrEmpty(jti))
|
|
|
{
|
|
|
+ //AIP 开启限流策略 处理限流问题
|
|
|
+ if (_limit)
|
|
|
+ {
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+ if (pass)
|
|
|
+ {
|
|
|
+ context.HttpContext.Items.Add("ID", id);
|
|
|
+ context.HttpContext.Items.Add("School", school);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ context.Result = new UnauthorizedResult();
|
|
|
+ }
|
|
|
}
|
|
|
- if (pass)
|
|
|
- {
|
|
|
- context.HttpContext.Items.Add("ID", id);
|
|
|
- context.HttpContext.Items.Add("School", school);
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
+ else {
|
|
|
context.Result = new UnauthorizedResult();
|
|
|
}
|
|
|
}
|
CrazyIter_Bin