feat: 完成双token刷新
This commit is contained in:
ccnetcore
@@ -14,6 +14,6 @@ namespace Yi.Framework.Rbac.Domain.Shared.Options
|
||||
|
||||
public string SecurityKey { get; set; } = "892u4j1803qj23jro0fjkf8bmsdf9nb9mf92834u23jdf923jrnmvasbceqwt347562tgdhdnsv9wevbnop";
|
||||
|
||||
public long ExpiresMinuteTime { get; set; } = 120;
|
||||
public long ExpiresSecondTime { get; set; } = 600;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,9 +19,9 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
||||
public class RefreshTokenMiddleware : IMiddleware, ITransientDependency
|
||||
{
|
||||
private AccountManager _accountManager;
|
||||
|
||||
public RefreshTokenMiddleware(AccountManager accountManager)
|
||||
{
|
||||
|
||||
_accountManager = accountManager;
|
||||
}
|
||||
|
||||
@@ -30,22 +30,34 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
||||
var refreshToken = context.Request.Headers["refresh_token"].ToString();
|
||||
if (!string.IsNullOrEmpty(refreshToken))
|
||||
{
|
||||
//每个用户的token刷新频率可以进行控制,防止刷新token当访问token使用
|
||||
var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
|
||||
//token鉴权刷新成功
|
||||
if (authResult.Succeeded)
|
||||
//Jwt鉴权失败,过期了,再去找刷新token,进行刷新处理,不用每次都去刷新
|
||||
var bearerAuthResult = await context.AuthenticateAsync("Bearer");
|
||||
if (!bearerAuthResult.Succeeded)
|
||||
{
|
||||
var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString());
|
||||
var access_Token = await _accountManager.GetTokenByUserIdAsync(userId);
|
||||
var refresh_Token = _accountManager.CreateRefreshToken(userId);
|
||||
context.Response.Headers["access_token"] = access_Token;
|
||||
context.Response.Headers["refresh_token"] = refresh_Token;
|
||||
//每个用户的token刷新频率可以进行控制,防止刷新token当访问token使用
|
||||
var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
|
||||
//token鉴权刷新成功
|
||||
if (authResult.Succeeded)
|
||||
{
|
||||
var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString());
|
||||
var access_Token = await _accountManager.GetTokenByUserIdAsync(userId);
|
||||
var refresh_Token = _accountManager.CreateRefreshToken(userId);
|
||||
context.Response.Headers["access_token"] = access_Token;
|
||||
context.Response.Headers["refresh_token"] = refresh_Token;
|
||||
|
||||
|
||||
//请求头替换,补充后续鉴权逻辑
|
||||
context.Request.Headers["Authorization"] = "Bearer " + access_Token;
|
||||
//请求头替换,补充后续鉴权逻辑
|
||||
context.Request.Headers["Authorization"] = "Bearer " + access_Token;
|
||||
}
|
||||
//刷新token 与 access_token都失效了
|
||||
// else
|
||||
// {
|
||||
//context.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
//return;
|
||||
// }
|
||||
}
|
||||
}
|
||||
|
||||
await next(context);
|
||||
}
|
||||
}
|
||||
@@ -57,8 +69,6 @@ namespace Yi.Framework.Rbac.Domain.Authorization
|
||||
{
|
||||
app.UseMiddleware<RefreshTokenMiddleware>();
|
||||
return app;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@@ -106,7 +106,7 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
issuer: _jwtOptions.Issuer,
|
||||
audience: _jwtOptions.Audience,
|
||||
claims: claims,
|
||||
expires: DateTime.Now.AddMinutes(_jwtOptions.ExpiresMinuteTime),
|
||||
expires: DateTime.Now.AddSeconds(_jwtOptions.ExpiresSecondTime),
|
||||
notBefore: DateTime.Now,
|
||||
signingCredentials: creds);
|
||||
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
||||
@@ -127,7 +127,7 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
issuer: _refreshJwtOptions.Issuer,
|
||||
audience: _refreshJwtOptions.Audience,
|
||||
claims: claims,
|
||||
expires: DateTime.Now.AddMinutes(_refreshJwtOptions.ExpiresMinuteTime),
|
||||
expires: DateTime.Now.AddSeconds(_refreshJwtOptions.ExpiresSecondTime),
|
||||
notBefore: DateTime.Now,
|
||||
signingCredentials: creds);
|
||||
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
||||
|
||||
@@ -190,25 +190,21 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
{
|
||||
//此处优先从缓存中获取
|
||||
UserRoleMenuDto output = null;
|
||||
var tokenExpiresMinuteTime =
|
||||
LazyServiceProvider.GetRequiredService<IOptions<JwtOptions>>().Value.ExpiresMinuteTime;
|
||||
var tokenExpiresSecondTime =
|
||||
LazyServiceProvider.GetRequiredService<IOptions<JwtOptions>>().Value.ExpiresSecondTime;
|
||||
var cacheData = await _userCache.GetOrAddAsync(new UserInfoCacheKey(userId),
|
||||
async () =>
|
||||
{
|
||||
var user = await _userRepository.GetUserAllInfoAsync(userId);
|
||||
var data = EntityMapToDto(user);
|
||||
//系统用户数据被重置,老前端访问重新授权
|
||||
if (data is null)
|
||||
{
|
||||
throw new AbpAuthorizationException();
|
||||
}
|
||||
|
||||
//data.Menus.Clear();
|
||||
output = data;
|
||||
output = data ?? throw new AbpAuthorizationException();
|
||||
return new UserInfoCacheItem(data);
|
||||
},
|
||||
() => new DistributedCacheEntryOptions
|
||||
{ AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(tokenExpiresMinuteTime) });
|
||||
{ AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(tokenExpiresSecondTime) });
|
||||
|
||||
if (cacheData is not null)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user