From 483aea5c4f32d6b5feb0e6bbda950ef732e613bb Mon Sep 17 00:00:00 2001 From: chenchun <454313500@qq.com> Date: Sun, 18 Sep 2022 17:22:47 +0800 Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controllers/AccountController.cs | 6 +- .../Yi.Framework.ApiMicroservice/Program.cs | 13 ++- .../Yi.Framework.Common/Base/NullValue.cs | 2 + .../Models/ServiceLocator.cs | 10 --- .../Yi.Framework.Core/DbFiterExtend.cs | 90 ------------------- .../Yi.Framework.Core/JwtInvoker.cs | 9 +- .../Yi.Framework.WebCore/CommonExtend.cs | 40 ++++++++- .../DbExtend/DbFiterExtend.cs | 88 ++++++++++++++++++ .../Yi.Framework.WebCore/ServiceLocator.cs | 27 ++++++ 9 files changed, 170 insertions(+), 115 deletions(-) delete mode 100644 Yi.Framework.Net6/Yi.Framework.Common/Models/ServiceLocator.cs delete mode 100644 Yi.Framework.Net6/Yi.Framework.Core/DbFiterExtend.cs create mode 100644 Yi.Framework.Net6/Yi.Framework.WebCore/DbExtend/DbFiterExtend.cs create mode 100644 Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/AccountController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/AccountController.cs index 6734f462..b434aa41 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/AccountController.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/AccountController.cs @@ -64,10 +64,8 @@ namespace Yi.Framework.ApiMicroservice.Controllers [HttpPost] public async Task Login(LoginDto loginDto) { - - //跳过 + //跳过,需要redis缓存获取uuid与code的关系,进行比较即可 //先效验验证码和UUID - UserEntity user = new(); if (await _iUserService.Login(loginDto.UserName, loginDto.Password, o => user = o)) { @@ -181,7 +179,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers { var uuid = Guid.NewGuid(); var code = _securityCode.GetRandomEnDigitalText(4); - //将uuid与code中心化保存起来,登录根据uuid比对即可 + //将uuid与code,Redis缓存中心化保存起来,登录根据uuid比对即可 var imgbyte = _securityCode.GetEnDigitalCodeByte(code); return Result.Success().SetData(new { uuid = uuid, img = imgbyte }); } diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs index 54d8caca..d5273f13 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs @@ -11,6 +11,8 @@ using Microsoft.Extensions.Localization; using Yi.Framework.WebCore.AttributeExtend; using Yi.Framework.WebCore.SignalRHub; using Hei.Captcha; +using Yi.Framework.WebCore; +using Microsoft.Extensions.DependencyInjection; var builder = WebApplication.CreateBuilder(args); builder.Configuration.AddCommandLine(args); @@ -52,9 +54,10 @@ builder.Host.ConfigureLogging(loggingBuilder => #endregion builder.Services.AddIocService(builder.Configuration); #region -//Sqlsugarע +//Sqlsugarע,ǷȨ޹ܣҪRedis #endregion builder.Services.AddSqlsugarServer(); +//builder.Services.AddSqlsugarServer(DbFiterExtend.Data); #region //Quartz #endregion @@ -117,8 +120,14 @@ builder.Services.AddLocalizerService(); //signalR #endregion builder.Services.AddSignalR(); - +#region +//֤ +#endregion builder.Services.AddHeiCaptcha(); +#region +//Http +#endregion +builder.Services.AddHttpContextAccessor(); //----------------------------------------------------------------------------------------------------------- var app = builder.Build(); #region diff --git a/Yi.Framework.Net6/Yi.Framework.Common/Base/NullValue.cs b/Yi.Framework.Net6/Yi.Framework.Common/Base/NullValue.cs index d9379f64..9aa7ab9b 100644 --- a/Yi.Framework.Net6/Yi.Framework.Common/Base/NullValue.cs +++ b/Yi.Framework.Net6/Yi.Framework.Common/Base/NullValue.cs @@ -90,6 +90,8 @@ { #region 一般类型 + + public static Guid TryToGuid(this string guid) { if (Guid.TryParse(guid, out var guid1)) diff --git a/Yi.Framework.Net6/Yi.Framework.Common/Models/ServiceLocator.cs b/Yi.Framework.Net6/Yi.Framework.Common/Models/ServiceLocator.cs deleted file mode 100644 index 09b6c5cd..00000000 --- a/Yi.Framework.Net6/Yi.Framework.Common/Models/ServiceLocator.cs +++ /dev/null @@ -1,10 +0,0 @@ -using System; - -namespace Yi.Framework.Common.Models -{ - public static class ServiceLocator - { - public static IServiceProvider Instance { get; set; } - } - -} diff --git a/Yi.Framework.Net6/Yi.Framework.Core/DbFiterExtend.cs b/Yi.Framework.Net6/Yi.Framework.Core/DbFiterExtend.cs deleted file mode 100644 index 621ce4c9..00000000 --- a/Yi.Framework.Net6/Yi.Framework.Core/DbFiterExtend.cs +++ /dev/null @@ -1,90 +0,0 @@ -//using Brick.Common; -//using Brick.Common.Const; -//using Brick.Core; -//using Brick.Grpc; -//using Brick.WebCore.MiddlewareExtend; -//using ETX.Common.Enum; -//using ETX.Entity; -//using ETX.Interface.IService; -//using SqlSugar; -//using System.Linq; -//using Yi.Framework.Common.Enum; -//using Yi.Framework.Model.Models; - -//namespace Yi.Framework.Core -//{ -// public class DbFiterExtend -// { -// public static void Data(SqlSugarClient db) -// { -// //未登录情况 -// //if (!ServiceLocator.GetHttp(out var httpContext)) -// //{ -// // return; -// //} - -// //无需授权情况 -// //var account = httpContext.GetAccount(); -// //if (account.IsNull()) -// //{ -// // return; -// //} - -// //超级管理员直接放行 -// //if (ServiceLocator.Admin.Equals(account)) -// //{ -// // return; -// //} - -// //这里可以优化一下 -// //根据缓存获取全部用户信息 -// //var userRoleMenu = ServiceLocator.Instance.GetService().Get(RedisConst.GetStr(RedisConst.UserRoleMenu, account)); - - -// var roles = userRoleMenu.Roles; -// if (roles.IsNull()) -// { -// roles = new (); -// } -// //先测试部门就是LEBG -// long deptId= userRoleMenu.User.DeptId.TryToGuid(); -// long userId =httpContext.GetId(); -// //根据角色的数据范围,来添加相对于的数据权限 -// foreach (var role in roles) -// { -// DataScopeEnum dataScope =(DataScopeEnum)role.DataScope; -// switch (dataScope) -// { -// case DataScopeEnum.ALL: -// //直接放行 -// break; -// case DataScopeEnum.DEPT: -// //只能查询到自己的部门的数据 -// db.QueryFilter.Add(new TableFilterItem(it => it.DeptId== deptId, true)); -// break; -// case DataScopeEnum.USER: -// //只能查询到自己 -// db.QueryFilter.Add(new TableFilterItem(it => it.Id == userId,true)); -// break; -// case DataScopeEnum.CUSTOM: -// //自定义查询 -// var filter = new TableFilterItem(it => SqlFunc.Subqueryable().Where(f => f.DeptId == it.DeptId && f.RoleId == role.Id.TryToGuid()).Any(),true); -// db.QueryFilter.Add(filter); -// break; -// case DataScopeEnum.DEPT_FOLLOW: -// //放行自己部门及以下 -// var allChildDepts = db.Queryable().ToChildList(it => it.ParentId, deptId); - -// var filter1 = new TableFilterItem(it => allChildDepts.Select(f => f.Id).ToList().Contains((long)it.DeptId),true); -// db.QueryFilter.Add(filter1); - -// //var filter2 = new TableFilterItem(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.Id),true); -// //db.QueryFilter.Add(filter2); -// break; -// default: -// break; -// } -// } -// } -// } -//} diff --git a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs index de101ab4..5e948bfb 100644 --- a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs +++ b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs @@ -37,7 +37,8 @@ namespace Yi.Framework.Core claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}")); claims.Add(new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes(minutes)).ToUnixTimeSeconds()}")); claims.Add(new Claim(JwtRegisteredClaimNames.Sid, user.Id.ToString())); - + claims.Add(new Claim(JwtRegisteredClaimNames.Name, user.UserName)); + claims.Add(new Claim("deptId", user.DeptId.ToString())); //-----------------------------以下从user的权限表中添加权限-----------------------例如: foreach (var m in menus) @@ -47,12 +48,6 @@ namespace Yi.Framework.Core claims.Add(new Claim("permission", m.PermissionCode.ToString())); } } - - if (isRefresh) - { - claims.Add(new Claim("Re", "true")); - } - var creds = new SigningCredentials(new RsaSecurityKey(Common.Helper.RSAFileHelper.GetKey()), SecurityAlgorithms.RsaSha256); var token = new JwtSecurityToken( issuer: _JWTTokenOptions.Issuer, diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/CommonExtend.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/CommonExtend.cs index 69680d71..8d269644 100644 --- a/Yi.Framework.Net6/Yi.Framework.WebCore/CommonExtend.cs +++ b/Yi.Framework.Net6/Yi.Framework.WebCore/CommonExtend.cs @@ -26,13 +26,49 @@ namespace Yi.Framework.WebCore return "XMLHttpRequest".Equals(header); } - + /// + /// 通过鉴权完的token获取用户id + /// + /// + /// public static long GetUserIdInfo(this HttpContext httpContext) { var p = httpContext; - return Convert.ToInt64(httpContext .User.Claims.FirstOrDefault(u => u.Type== JwtRegisteredClaimNames.Sid).Value); + return Convert.ToInt64(httpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Sid).Value); } + /// + /// 通过鉴权完的token获取用户名 + /// + /// + /// + public static string GetUserNameInfo(this HttpContext httpContext) + { + var p = httpContext; + return httpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Name).Value; + } + + /// + /// 通过鉴权完的token获取用户部门 + /// + /// + /// + public static string GetDeptIdInfo(this HttpContext httpContext) + { + var p = httpContext; + return httpContext.User.Claims.FirstOrDefault(u => u.Type == "deptId").Value; + } + + /// + /// 通过鉴权完的token获取权限code + /// + /// + /// + public static string GetPermissionInfo(this HttpContext httpContext) + { + var p = httpContext; + return httpContext.User.Claims.FirstOrDefault(u => u.Type == "permission").Value; + } /// /// 基于HttpContext,当前鉴权方式解析,获取用户信息 /// 现在使用redis作为缓存,不需要将菜单存放至jwt中了 diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/DbExtend/DbFiterExtend.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/DbExtend/DbFiterExtend.cs new file mode 100644 index 00000000..be89bcd7 --- /dev/null +++ b/Yi.Framework.Net6/Yi.Framework.WebCore/DbExtend/DbFiterExtend.cs @@ -0,0 +1,88 @@ +using Microsoft.Extensions.DependencyInjection; +using SqlSugar; +using System; +using System.Linq; +using Yi.Framework.Common.Enum; +using Yi.Framework.Common.Models; +using Yi.Framework.DTOModel; +using Yi.Framework.Model.Models; +using Yi.Framework.WebCore; + +namespace Yi.Framework.Core +{ + public class DbFiterExtend + { + public static void Data(SqlSugarClient db) + { + //非请求情况 + if (!ServiceLocator.GetHttp(out var httpContext)) + { + return; + } + + //无需授权情况 + var userName = httpContext.GetUserNameInfo(); + if (userName is null) + { + return; + } + + //超级管理员直接放行 + if (ServiceLocator.Admin.Equals(userName)) + { + return; + } + + //这里可以优化一下 + //根据缓存获取全部用户信息 + var userRoleMenu = ServiceLocator.Instance.GetService().Get("用户id"); + + + var roles = userRoleMenu.Roles; + if (roles.IsNull()) + { + roles = new(); + } + //先测试部门就是LEBG + long deptId = (long)userRoleMenu.User.DeptId; + long userId = httpContext.GetUserIdInfo(); + //根据角色的数据范围,来添加相对于的数据权限 + foreach (var role in roles) + { + DataScopeEnum dataScope = (DataScopeEnum)role.DataScope; + switch (dataScope) + { + case DataScopeEnum.ALL: + //直接放行 + break; + case DataScopeEnum.DEPT: + //只能查询到自己的部门的数据 + db.QueryFilter.Add(new TableFilterItem(it => it.DeptId == deptId, true)); + break; + case DataScopeEnum.USER: + //只能查询到自己 + db.QueryFilter.Add(new TableFilterItem(it => it.Id == userId, true)); + break; + case DataScopeEnum.CUSTOM: + //自定义查询 + var filter = new TableFilterItem(it => SqlFunc.Subqueryable().Where(f => f.DeptId == it.DeptId && f.RoleId == (long)role.Id).Any(), true); + db.QueryFilter.Add(filter); + break; + case DataScopeEnum.DEPT_FOLLOW: + //放行自己部门及以下 + var allChildDepts = db.Queryable().ToChildList(it => it.ParentId, deptId); + + var filter1 = new TableFilterItem(it => allChildDepts.Select(f => f.Id).ToList().Contains((long)it.DeptId), true); + db.QueryFilter.Add(filter1); + + //部门无需过滤 + //var filter2 = new TableFilterItem(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.Id),true); + //db.QueryFilter.Add(filter2); + break; + default: + break; + } + } + } + } +} diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs new file mode 100644 index 00000000..d6e235d2 --- /dev/null +++ b/Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs @@ -0,0 +1,27 @@ +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.DependencyInjection; +using System; +using Ubiety.Dns.Core.Common; + +namespace Yi.Framework.WebCore +{ + public static class ServiceLocator + { + public static IServiceProvider Instance { get; set; } + + public static string Admin { get; set; } = "cc"; + + public static bool GetHttp(out HttpContext httpContext) + { + httpContext = null; + var httpContextAccessor = Instance.GetService(); + if (httpContextAccessor is null) + { + return false; + } + httpContext = httpContextAccessor.HttpContext; + return true; + } + } + +}