| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 |
- using Microsoft.AspNetCore.Mvc;
- using Microsoft.AspNetCore.Mvc.Filters;
- using TEAMModelOS.SDK.Extension;
- using System;
- using TEAMModelOS.Models;
- using Microsoft.Extensions.Options;
- using Microsoft.Extensions.DependencyInjection;
- using System.IdentityModel.Tokens.Jwt;
- using System.Linq;
- using TEAMModelOS.SDK.DI;
- namespace TEAMModelOS.Filter
- {
- public class LimitPolicy {
- /// <summary>
- /// 颁发给谁的主体
- /// </summary>
- public string id { get; set; }
- /// <summary>
- /// 颁发主体
- /// </summary>
- public string school { get; set; }
- /// <summary>
- /// AIP的唯一ID
- /// </summary>
- public string jti { get; set; }
- /// <summary>
- /// minute 分钟,表示按分钟限流,多少分钟内只能访问多少次,
- /// hour 小时,表示按小时限流,多少小时内只能访问多少次,
- /// day 天数,表示按天数限流,多少天数内只能访问多少次,
- /// </summary>
- public string policy { get; set; }
- /// <summary>
- /// policy 策略,分钟,小时,天数对应的时长
- /// </summary>
- public int duration { get; set; }
- /// <summary>
- /// policy 策略,分钟,小时,天数对应的时长(duration) 可以访问的次数
- /// </summary>
- public int times { get; set; }
- /// <summary>
- /// 是否免费调用
- /// </summary>
- ///public bool free { get; set; }
- /// <summary>
- /// 每次调用花费多少钱
- /// </summary>
- ///public decimal cost { get; set; }
- }
- public class ApiTokenAttribute : Attribute, IFilterFactory
- {
- public bool IsReusable => true;
- /// <summary>
- /// 是否开启限流策略
- /// </summary>
- public bool Limit { get; set; }
- /// <summary>
- /// 授权序列
- /// </summary>
- public string Auth { get; set; }
- /// <summary>
- /// 接口名称
- /// </summary>
- public string Name { get; set; }
- public IFilterMetadata CreateInstance(IServiceProvider services)
- {
- var option = services.GetService<IOptions<Option>>();
- var azureRedis = services.GetService<AzureRedisFactory>();
- return new InternalAuthTokenFilter(option ,azureRedis, Auth, Limit);
- }
- private class InternalAuthTokenFilter : IResourceFilter
- {
- private readonly Option _option;
- //private readonly string _roles;
- private readonly string _auth;
- private readonly bool _limit;
- private readonly AzureRedisFactory _azureRedis;
- public InternalAuthTokenFilter(IOptions<Option> option, AzureRedisFactory azureRedis, string auth, bool limit)
- {
- _option = option.Value;
- _auth = auth;
- _limit = limit;
- _azureRedis = azureRedis;
- }
- public void OnResourceExecuting(ResourceExecutingContext context)
- {
- bool pass = false;
- string id = string.Empty, school = string.Empty,jti=string.Empty;
- var authtoken = context.HttpContext.GetXAuth("ApiToken");
- if (!string.IsNullOrWhiteSpace(authtoken) && JwtAuthExtension.ValidateApiToken(authtoken, _option.JwtSecretKey))
- {
- var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authtoken);
- string iss = jwt.Payload.Iss; //iss 检查jwt是否是测试站,正式站的授权key
- if (iss.Equals(_option.HostName))
- {
- //aud 受众
- id = jwt.Payload.Sub;//主题,又是应用APP
- school = jwt.Payload.Azp;//学校编码
- jti = jwt.Payload.Jti;//jwt唯一标识
- var permissions = jwt.Claims.Where(c => c.Type.Equals("auth"));
- ///当前请求的api的设置的permission值是否包含在 从jwt的获取["1","2","3","4","5"]值中
- if (!string.IsNullOrWhiteSpace(_auth) && permissions.Count() > 0)
- {
- if (permissions.Select(x => x.Value).Contains(_auth))
- {
- pass = true;
- }
- }
- if (!string.IsNullOrEmpty(id) && !string.IsNullOrEmpty(school) && !string.IsNullOrEmpty(jti))
- {
- //AIP 开启限流策略 处理限流问题
- if (_limit)
- {
- }
- }
- }
- }
- if (pass)
- {
- context.HttpContext.Items.Add("ID", id);
- context.HttpContext.Items.Add("School", school);
- }
- else
- {
- context.Result = new UnauthorizedResult();
- }
- }
- public void OnResourceExecuted(ResourceExecutedContext context)
- {
- }
- }
- }
- }
|
