feat: 完成双token刷新

2025-06-29 15:18:30 +08:00
parent d4f00eb89f
commit 6a58af8dfb
7 changed files with 344 additions and 326 deletions
--- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs
+++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs
@@ -19,9 +19,9 @@ namespace Yi.Framework.Rbac.Domain.Authorization
    public class RefreshTokenMiddleware : IMiddleware, ITransientDependency
    {
        private AccountManager _accountManager;
+
        public RefreshTokenMiddleware(AccountManager accountManager)
        {
-
            _accountManager = accountManager;
        }

@@ -30,22 +30,34 @@ namespace Yi.Framework.Rbac.Domain.Authorization
            var refreshToken = context.Request.Headers["refresh_token"].ToString();
            if (!string.IsNullOrEmpty(refreshToken))
            {
-                //每个用户的token刷新频率可以进行控制，防止刷新token当访问token使用
-                var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
-                //token鉴权刷新成功
-                if (authResult.Succeeded)
+                //Jwt鉴权失败，过期了，再去找刷新token，进行刷新处理，不用每次都去刷新
+                var bearerAuthResult = await context.AuthenticateAsync("Bearer");
+                if (!bearerAuthResult.Succeeded)
                {
-                    var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString());
-                    var access_Token = await _accountManager.GetTokenByUserIdAsync(userId);
-                    var refresh_Token = _accountManager.CreateRefreshToken(userId);
-                    context.Response.Headers["access_token"] = access_Token;
-                    context.Response.Headers["refresh_token"] = refresh_Token;
+                    //每个用户的token刷新频率可以进行控制，防止刷新token当访问token使用
+                    var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
+                    //token鉴权刷新成功
+                    if (authResult.Succeeded)
+                    {
+                        var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString());
+                        var access_Token = await _accountManager.GetTokenByUserIdAsync(userId);
+                        var refresh_Token = _accountManager.CreateRefreshToken(userId);
+                        context.Response.Headers["access_token"] = access_Token;
+                        context.Response.Headers["refresh_token"] = refresh_Token;


-                    //请求头替换，补充后续鉴权逻辑
-                    context.Request.Headers["Authorization"] = "Bearer " + access_Token;
+                        //请求头替换，补充后续鉴权逻辑
+                        context.Request.Headers["Authorization"] = "Bearer " + access_Token;
+                    }
+                    //刷新token 与  access_token都失效了
+                    // else
+                    // {
+                        //context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                        //return;
+                    // }
                }
            }
+
            await next(context);
        }
    }
@@ -57,8 +69,6 @@ namespace Yi.Framework.Rbac.Domain.Authorization
        {
            app.UseMiddleware<RefreshTokenMiddleware>();
            return app;
-
        }
    }
-
-}
+}