YBEE
/
YBEE.EQM


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							using Furion;
using Furion.Authorization;
using Furion.DataEncryption;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using YBEE.EQM.Application;
using YBEE.EQM.Core;

namespace YBEE.EQM.Web.Core;

public class JwtHandler : AppAuthorizeHandler
{
    /// <summary>
    /// 重写 Handler 添加自动刷新
    /// </summary>
    /// <param name="context"></param>
    /// <returns></returns>
    public override async Task HandleAsync(AuthorizationHandlerContext context)
    {
        // 自动刷新Token
        if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext(), App.GetOptions<JWTSettingsOptions>().ExpiredTime, App.GetOptions<RefreshTokenSettingOptions>().ExpiredTime))
        {
            await AuthorizeHandleAsync(context);
        }
        else
        {
            context.Fail(); // 授权失败
            DefaultHttpContext currentHttpContext = context.GetCurrentHttpContext();
            if (currentHttpContext == null)
            {
                return;
            }
            currentHttpContext.SignoutToSwagger();
        }
    }

    /// <summary>
    /// 授权判断逻辑，授权通过返回 true，否则返回 false
    /// </summary>
    /// <param name="context"></param>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
    {
        // 此处已经自动验证 Jwt Token的有效性了，无需手动验证
        return await CheckAuthorzieAsync(httpContext);
    }

    /// <summary>
    /// 检查权限
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    private static async Task<bool> CheckAuthorzieAsync(DefaultHttpContext httpContext)
    {
        // 管理员跳过判断
        //var isSuperAdmin = bool.Parse()
        if (bool.TryParse(App.User.FindFirst(ClaimConst.CLAINM_SUPERADMIN)?.Value ?? "False", out bool isSuperAdmin))
        {
            if (isSuperAdmin)
            {
                return true;
            }
        }

        // 路由名称
        var routeName = httpContext.Request.Path.Value[1..].Replace("/", ":");

        // 默认路由(获取登录用户信息)
        var defalutRoute = new List<string>()
    {
        "get-login-user",     //登录
    };

        if (defalutRoute.Contains(routeName))
        {
            return true;
        }

        // 获取用户权限集合（按钮或API接口）
        var allPermissionList = await App.GetService<ISysMenuService>().GetAllPermissionList();
        var currUserId = int.Parse(App.User.FindFirst(ClaimConst.CLAINM_USERID)?.Value ?? "0");
        var permissionList = await App.GetService<ISysMenuService>().GetLoginPermissionList(currUserId);

        // 检查授权
        // 菜单中没有配置按钮权限，则不限制
        return allPermissionList.All(u => u != routeName) || permissionList.Contains(routeName);
    }
}