wenyongda/ZrAdminNetCore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化jwt(非管理员用户登录重启服务器后不用重新登录)

Browse Source
This commit is contained in:
不做码农 2023-08-28 18:22:36 +08:00
parent 839e400ed1
commit 6bf4885f85
4 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ZR.Admin.WebApi/Controllers/System/SysLoginController.cs
View File

@ -85,9 +85,9 @@ namespace ZR.Admin.WebApi.Controllers.System
//权限集合 eg *:*:*,system:user:list //权限集合 eg *:*:*,system:user:list
List<string> permissions = permissionService.GetMenuPermission(user); List<string> permissions = permissionService.GetMenuPermission(user);
LoginUser loginUser = new(user, roles, permissions); LoginUser loginUser = new(user, roles);
CacheService.SetUserPerms(GlobalConstant.UserPermKEY + user.UserId, permissions); CacheService.SetUserPerms(GlobalConstant.UserPermKEY + user.UserId, permissions);
return SUCCESS(JwtUtil.GenerateJwtToken(JwtUtil.AddClaims(loginUser), optionSettings.JwtSettings)); return SUCCESS(JwtUtil.GenerateJwtToken(JwtUtil.AddClaims(loginUser)));
} }
/// <summary> /// <summary>

22
ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
View File

@ -1,6 +1,12 @@
using Microsoft.AspNetCore.Mvc; using Infrastructure.Extensions;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Mvc.Filters;
using System.Data;
using ZR.Admin.WebApi.Framework;
using ZR.Model.System;
using ZR.Model.System.Dto; using ZR.Model.System.Dto;
using ZR.Service.System;
using ZR.Service.System.IService;
namespace ZR.Admin.WebApi.Filters namespace ZR.Admin.WebApi.Filters
{ {
@ -35,12 +41,22 @@ namespace ZR.Admin.WebApi.Filters
/// <returns></returns> /// <returns></returns>
public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{ {
LoginUser info = Framework.JwtUtil.GetLoginUser(context.HttpContext); LoginUser info = JwtUtil.GetLoginUser(context.HttpContext);
if (info != null && info?.UserId > 0) if (info != null && info?.UserId > 0)
{ {
List<string> perms = info.Permissions; long userId = info.UserId;
List<string> perms = CacheService.GetUserPerms(GlobalConstant.UserPermKEY + userId);
List<string> rolePerms = info.RoleIds; List<string> rolePerms = info.RoleIds;
if (perms == null)
{
var sysPermissionService = App.GetService<ISysPermissionService>();
perms = sysPermissionService.GetMenuPermission(new SysUser() { UserId = userId });
CacheService.SetUserPerms(GlobalConstant.UserPermKEY + userId, perms);
}
if (perms.Exists(f => f.Equals(GlobalConstant.AdminPerm))) if (perms.Exists(f => f.Equals(GlobalConstant.AdminPerm)))
{ {
HasPermi = true; HasPermi = true;

28
ZR.Admin.WebApi/Framework/JwtUtil.cs
View File

@ -4,7 +4,6 @@ using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims; using System.Security.Claims;
using System.Text; using System.Text;
using ZR.Model.System.Dto; using ZR.Model.System.Dto;
using ZR.Service.System;
namespace ZR.Admin.WebApi.Framework namespace ZR.Admin.WebApi.Framework
{ {
@ -33,10 +32,12 @@ namespace ZR.Admin.WebApi.Framework
/// 生成token /// 生成token
/// </summary> /// </summary>
/// <param name="claims"></param> /// <param name="claims"></param>
/// <param name="jwtSettings"></param>
/// <returns></returns> /// <returns></returns>
public static string GenerateJwtToken(List<Claim> claims, JwtSettings jwtSettings) public static string GenerateJwtToken(List<Claim> claims)
{ {
JwtSettings jwtSettings = new();
AppSettings.Bind("JwtSettings", jwtSettings);
var authTime = DateTime.Now; var authTime = DateTime.Now;
var expiresAt = authTime.AddMinutes(jwtSettings.Expire); var expiresAt = authTime.AddMinutes(jwtSettings.Expire);
var tokenHandler = new JwtSecurityTokenHandler(); var tokenHandler = new JwtSecurityTokenHandler();
@ -93,7 +94,7 @@ namespace ZR.Admin.WebApi.Framework
/// </summary> /// </summary>
/// <param name="token">令牌</param> /// <param name="token">令牌</param>
/// <returns></returns> /// <returns></returns>
public static IEnumerable<Claim>? ParseToken(string token) public static JwtSecurityToken? ParseToken(string token)
{ {
var tokenHandler = new JwtSecurityTokenHandler(); var tokenHandler = new JwtSecurityTokenHandler();
var validateParameter = ValidParameters(); var validateParameter = ValidParameters();
@ -102,8 +103,7 @@ namespace ZR.Admin.WebApi.Framework
{ {
tokenHandler.ValidateToken(token, validateParameter, out SecurityToken validatedToken); tokenHandler.ValidateToken(token, validateParameter, out SecurityToken validatedToken);
var jwtToken = tokenHandler.ReadJwtToken(token); return tokenHandler.ReadJwtToken(token);
return jwtToken.Claims;
} }
catch (Exception ex) catch (Exception ex)
{ {
@ -116,26 +116,22 @@ namespace ZR.Admin.WebApi.Framework
/// <summary> /// <summary>
/// jwt token校验 /// jwt token校验
/// </summary> /// </summary>
/// <param name="jwtToken"></param> /// <param name="jwtSecurityToken"></param>
/// <returns></returns> /// <returns></returns>
public static LoginUser? ValidateJwtToken(IEnumerable<Claim> jwtToken) public static LoginUser? ValidateJwtToken(JwtSecurityToken jwtSecurityToken)
{ {
try try
{ {
IEnumerable<Claim> claims = jwtSecurityToken.Claims;
LoginUser loginUser = null; LoginUser loginUser = null;
var userData = jwtToken.FirstOrDefault(x => x.Type == ClaimTypes.UserData)?.Value; var userData = claims.FirstOrDefault(x => x.Type == ClaimTypes.UserData)?.Value;
if (userData != null) if (userData != null)
{ {
loginUser = JsonConvert.DeserializeObject<LoginUser>(userData); loginUser = JsonConvert.DeserializeObject<LoginUser>(userData);
var permissions = CacheService.GetUserPerms(GlobalConstant.UserPermKEY + loginUser?.UserId); loginUser.ExpireTime = jwtSecurityToken.ValidTo;
if (loginUser?.UserName == GlobalConstant.AdminRole)
{
permissions = new List<string>() { GlobalConstant.AdminPerm };
}
if (permissions == null) return null;
loginUser.Permissions = permissions;
} }
//Console.WriteLine("jwt到期时间" + validTo);
return loginUser; return loginUser;
} }
catch (Exception ex) catch (Exception ex)

9
ZR.Model/System/Dto/LoginUser.cs
View File

@ -19,21 +19,24 @@ namespace ZR.Model.System.Dto
/// </summary> /// </summary>
public List<SysRole> Roles { get; set; } public List<SysRole> Roles { get; set; }
/// <summary> /// <summary>
/// Jwt过期时间
/// </summary>
public DateTime ExpireTime { get; set; }
/// <summary>
/// 权限集合 /// 权限集合
/// </summary> /// </summary>
public List<string> Permissions { get; set; } = new List<string>(); //public List<string> Permissions { get; set; } = new List<string>();
public LoginUser() public LoginUser()
{ {
} }
public LoginUser(SysUser user, List<SysRole> roles, List<string> permissions) public LoginUser(SysUser user, List<SysRole> roles)
{ {
UserId = user.UserId; UserId = user.UserId;
UserName = user.UserName; UserName = user.UserName;
DeptId = user.DeptId; DeptId = user.DeptId;
Roles = roles; Roles = roles;
RoleIds = roles.Select(f => f.RoleKey).ToList(); RoleIds = roles.Select(f => f.RoleKey).ToList();
Permissions = permissions;
} }
} }
} }