using Furion; using Furion.Authorization; using Furion.DataEncryption; using GDZZ.Core; using GDZZ.Core.Service; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using System.Threading.Tasks; namespace GDZZ.Web.Core; public class JwtHandler : AppAuthorizeHandler { /// /// 重写 Handler 添加自动刷新 /// /// /// public override async Task HandleAsync(AuthorizationHandlerContext context) { // 自动刷新Token if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext())) { await AuthorizeHandleAsync(context); } else context.Fail(); // 授权失败 } /// /// 授权判断逻辑,授权通过返回 true,否则返回 false /// /// /// /// public override async Task PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext) { // 此处已经自动验证 Jwt Token的有效性了,无需手动验证 return await CheckAuthorzieAsync(httpContext); } /// /// 检查权限 /// /// /// private static async Task CheckAuthorzieAsync(DefaultHttpContext httpContext) { // 管理员跳过判断 if (UserManager.IsSuperAdmin) return true; // 路由名称 var routeName = httpContext.Request.Path.Value.Substring(1).Replace("/", ":"); var allPermission = await App.GetService().GetAllPermission(); if (!allPermission.Contains(routeName)) { return true; } // 获取用户权限集合(按钮或API接口) var permissionList = await App.GetService().GetLoginPermissionList(UserManager.UserId); // 检查授权 return permissionList.Contains(routeName); } }