ApiTokenAttribute.cs 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. using Microsoft.AspNetCore.Mvc;
  2. using Microsoft.AspNetCore.Mvc.Filters;
  3. using TEAMModelOS.SDK.Extension;
  4. using System;
  5. using TEAMModelOS.Models;
  6. using Microsoft.Extensions.Options;
  7. using Microsoft.Extensions.DependencyInjection;
  8. using System.IdentityModel.Tokens.Jwt;
  9. using System.Linq;
  10. using TEAMModelOS.SDK.DI;
  11. namespace TEAMModelOS.Filter
  12. {
  13. public class LimitPolicy {
  14. /// <summary>
  15. /// 颁发给谁的主体
  16. /// </summary>
  17. public string id { get; set; }
  18. /// <summary>
  19. /// 颁发主体
  20. /// </summary>
  21. public string school { get; set; }
  22. /// <summary>
  23. /// AIP的唯一ID
  24. /// </summary>
  25. public string jti { get; set; }
  26. /// <summary>
  27. /// minute 分钟,表示按分钟限流,多少分钟内只能访问多少次,
  28. /// hour 小时,表示按小时限流,多少小时内只能访问多少次,
  29. /// day 天数,表示按天数限流,多少天数内只能访问多少次,
  30. /// </summary>
  31. public string policy { get; set; }
  32. /// <summary>
  33. /// policy 策略,分钟,小时,天数对应的时长
  34. /// </summary>
  35. public int duration { get; set; }
  36. /// <summary>
  37. /// policy 策略,分钟,小时,天数对应的时长(duration) 可以访问的次数
  38. /// </summary>
  39. public int times { get; set; }
  40. /// <summary>
  41. /// 是否免费调用
  42. /// </summary>
  43. ///public bool free { get; set; }
  44. /// <summary>
  45. /// 每次调用花费多少钱
  46. /// </summary>
  47. ///public decimal cost { get; set; }
  48. }
  49. public class ApiTokenAttribute : Attribute, IFilterFactory
  50. {
  51. public bool IsReusable => true;
  52. /// <summary>
  53. /// 是否开启限流策略
  54. /// </summary>
  55. public bool Limit { get; set; }
  56. /// <summary>
  57. /// 授权序列
  58. /// </summary>
  59. public string Auth { get; set; }
  60. /// <summary>
  61. /// 接口名称
  62. /// </summary>
  63. public string Name { get; set; }
  64. public IFilterMetadata CreateInstance(IServiceProvider services)
  65. {
  66. var option = services.GetService<IOptions<Option>>();
  67. var azureRedis = services.GetService<AzureRedisFactory>();
  68. return new InternalAuthTokenFilter(option ,azureRedis, Auth, Limit);
  69. }
  70. private class InternalAuthTokenFilter : IResourceFilter
  71. {
  72. private readonly Option _option;
  73. //private readonly string _roles;
  74. private readonly string _auth;
  75. private readonly bool _limit;
  76. private readonly AzureRedisFactory _azureRedis;
  77. public InternalAuthTokenFilter(IOptions<Option> option, AzureRedisFactory azureRedis, string auth, bool limit)
  78. {
  79. _option = option.Value;
  80. _auth = auth;
  81. _limit = limit;
  82. _azureRedis = azureRedis;
  83. }
  84. public void OnResourceExecuting(ResourceExecutingContext context)
  85. {
  86. bool pass = false;
  87. string id = string.Empty, school = string.Empty,jti=string.Empty;
  88. var authtoken = context.HttpContext.GetXAuth("ApiToken");
  89. if (!string.IsNullOrWhiteSpace(authtoken) && JwtAuthExtension.ValidateApiToken(authtoken, _option.JwtSecretKey))
  90. {
  91. var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authtoken);
  92. string iss = jwt.Payload.Iss; //iss 检查jwt是否是测试站,正式站的授权key
  93. if (iss.Equals(_option.HostName))
  94. {
  95. //aud 受众
  96. id = jwt.Payload.Sub;//主题,又是应用APP
  97. school = jwt.Payload.Azp;//学校编码
  98. jti = jwt.Payload.Jti;//jwt唯一标识
  99. var permissions = jwt.Claims.Where(c => c.Type.Equals("auth"));
  100. ///当前请求的api的设置的permission值是否包含在 从jwt的获取["1","2","3","4","5"]值中
  101. if (!string.IsNullOrWhiteSpace(_auth) && permissions.Count() > 0)
  102. {
  103. if (permissions.Select(x => x.Value).Contains(_auth))
  104. {
  105. pass = true;
  106. }
  107. }
  108. if (!string.IsNullOrEmpty(id) && !string.IsNullOrEmpty(school) && !string.IsNullOrEmpty(jti))
  109. {
  110. //AIP 开启限流策略 处理限流问题
  111. if (_limit)
  112. {
  113. }
  114. }
  115. }
  116. }
  117. if (pass)
  118. {
  119. context.HttpContext.Items.Add("ID", id);
  120. context.HttpContext.Items.Add("School", school);
  121. }
  122. else
  123. {
  124. context.Result = new UnauthorizedResult();
  125. }
  126. }
  127. public void OnResourceExecuted(ResourceExecutedContext context)
  128. {
  129. }
  130. }
  131. }
  132. }