From 6ce05984d5a504a5d324486274028ce99d3dec89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E6=B7=B3?= Date: Tue, 27 Sep 2022 16:22:34 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90code=E8=BF=87=E6=BB=A4?= =?UTF-8?q?=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../BaseController/BaseCrudController.cs | 6 ------ .../BaseSimpleCrudController.cs | 4 ---- .../BaseController/BaseSimpleRdController.cs | 3 --- .../Controllers/UserController.cs | 19 +++++++++++++++++ .../Yi.Framework.ApiMicroservice/Program.cs | 2 +- .../Yi.Framework.Common/Const/SystemConst.cs | 1 + .../Yi.Framework.Core/JwtInvoker.cs | 8 ++++++- .../AttributeExtend/PermissionAttribute.cs | 21 ++++++++++--------- .../MiddlewareExtend/ErrorHandExtension.cs | 7 +++++-- 9 files changed, 44 insertions(+), 27 deletions(-) diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs index 2f3114a2..17f005ce 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs @@ -33,7 +33,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:get")] [HttpGet] public virtual async Task GetById(long id) { @@ -44,7 +43,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// 列表查询 /// /// - [Permission($"{nameof(T)}:get")] [HttpPost] public virtual async Task GetList(QueryCondition queryCondition) { @@ -56,7 +54,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:get")] [HttpPost] public virtual async Task PageList(QueryPageCondition queryCondition) { @@ -68,7 +65,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:add")] [HttpPost] public virtual async Task Add(T entity) { @@ -80,7 +76,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:update")] [HttpPut] public virtual async Task Update(T entity) { @@ -92,7 +87,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:del")] [HttpDelete] public virtual async Task DeleteList(List ids) { diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs index 2feb5aaf..c59f9265 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs @@ -45,7 +45,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// 全部列表查询 /// /// - [Permission($"{nameof(T)}:get")] [HttpGet] public virtual async Task GetList() { @@ -57,7 +56,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:add")] [HttpPost] public virtual async Task Add(T entity) { @@ -70,7 +68,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:update")] [HttpPut] public virtual async Task Update(T entity) { @@ -82,7 +79,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:del")] [HttpDelete] public virtual async Task DelList(List ids) { diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs index 3c0c2a32..fbd01fef 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs @@ -33,7 +33,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:get")] [Route("{id}")] [HttpGet] public virtual async Task GetById([FromRoute]long id) @@ -45,7 +44,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// 全部列表查询 /// /// - [Permission($"{nameof(T)}:get")] [HttpGet] public virtual async Task GetList() { @@ -57,7 +55,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// /// - [Permission($"{nameof(T)}:del")] [HttpDelete] public virtual async Task DelList(List ids) { diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs index c57b935e..ad33aef3 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs @@ -20,6 +20,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// 用户管理 /// [ApiController] + [Authorize] [Route("api/[controller]/[action]")] public class UserController : BaseSimpleRdController { @@ -37,6 +38,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpGet] + [Permission("system:user:query")] public async Task PageList([FromQuery] UserEntity user, [FromQuery] PageParModel page,[FromQuery] long? deptId) { return Result.Success().SetData(await _iUserService.SelctPageList(user, page, deptId)); @@ -49,6 +51,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPut] + [Permission("system:user:edit")] public async Task UpdateStatus(long userId, bool isDel) { return Result.Success().SetData(await _iUserService._repository.UpdateIgnoreNullAsync(new UserEntity() { Id = userId, IsDeleted = isDel })); @@ -61,6 +64,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPut] + [Permission("system:user:edit")] public async Task GiveUserSetRole(GiveUserSetRoleDto giveUserSetRoleDto) { return Result.Success().SetStatus(await _iUserService.GiveUserSetRole(giveUserSetRoleDto.UserIds, giveUserSetRoleDto.RoleIds)); @@ -74,6 +78,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// [HttpGet] [Route("{id}")] + [Permission("system:user:query")] public override async Task GetById([FromRoute] long id) { return Result.Success().SetData(await _iUserService.GetInfoById(id)); @@ -85,6 +90,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPut] + [Permission("system:user:edit")] public async Task Update(UserInfoDto userDto) { if (await _iUserService._repository.IsAnyAsync(u => userDto.User.UserName.Equals(u.UserName)&&!userDto.User.Id.Equals(u.Id))) @@ -101,6 +107,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPut] + [Permission("system:user:edit")] public async Task UpdateProfile(UserInfoDto userDto) { return Result.Success().SetStatus(await _iUserService.UpdateProfile(userDto)); @@ -112,6 +119,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPost] + [Permission("system:user:add2")] public async Task Add(UserInfoDto userDto) { if (await _iUserService._repository.IsAnyAsync(u => userDto.User.UserName.Equals(u.UserName))) @@ -128,9 +136,20 @@ namespace Yi.Framework.ApiMicroservice.Controllers /// /// [HttpPut] + [Permission("system:user:edit")] public async Task RestPassword(UserEntity user) { return Result.Success().SetStatus(await _iUserService.RestPassword(user.Id, user.Password)); } + [Permission("system:user:query")] + public override Task GetList() + { + return base.GetList(); + } + [Permission("system:user:remove")] + public override Task DelList(List ids) + { + return base.DelList(ids); + } } } diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs index efc12b16..dc68771a 100644 --- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs +++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs @@ -150,7 +150,7 @@ ServiceLocator.Instance = app.Services; #region //ץȡע #endregion -//app.UseErrorHandlingService(); +app.UseErrorHandlingService(); #region //̬ļע diff --git a/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs b/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs index c6c7e2d4..1d6f695f 100644 --- a/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs +++ b/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs @@ -11,5 +11,6 @@ namespace Yi.Framework.Common.Const public const string Admin = "cc"; public const string AdminRolesCode = "admin"; public const string AdminPermissionCode = "*:*:*"; + public const string PermissionClaim = "permission"; } } diff --git a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs index 5e948bfb..74ecfe3c 100644 --- a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs +++ b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs @@ -8,6 +8,7 @@ using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; +using Yi.Framework.Common.Const; using Yi.Framework.Common.IOCOptions; using Yi.Framework.Model.Models; using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames; @@ -45,9 +46,14 @@ namespace Yi.Framework.Core { if (!string.IsNullOrEmpty(m.PermissionCode)) { - claims.Add(new Claim("permission", m.PermissionCode.ToString())); + claims.Add(new Claim(SystemConst.PermissionClaim, m.PermissionCode.ToString())); } } + if (SystemConst.Admin.Equals(user.UserName)) + { + claims.Add(new Claim(SystemConst.PermissionClaim, SystemConst.AdminPermissionCode)); + } + var creds = new SigningCredentials(new RsaSecurityKey(Common.Helper.RSAFileHelper.GetKey()), SecurityAlgorithms.RsaSha256); var token = new JwtSecurityToken( issuer: _JWTTokenOptions.Issuer, diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs index 7754dabe..65ccb4cd 100644 --- a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs +++ b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Linq; using System.Text.RegularExpressions; using System.Threading.Tasks; +using Yi.Framework.Common.Const; namespace Yi.Framework.WebCore.AttributeExtend { @@ -25,12 +26,13 @@ namespace Yi.Framework.WebCore.AttributeExtend /// public override void OnActionExecuting(ActionExecutingContext context) { - base.OnActionExecuting(context); + if (string.IsNullOrEmpty(permission)) { throw new Exception("权限不能为空!"); } + var result = false; @@ -38,16 +40,20 @@ namespace Yi.Framework.WebCore.AttributeExtend var sid = context.HttpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Sid); //jwt存在的权限列表 - var perList = context.HttpContext.User.Claims.Where(u => u.Type == "permission").Select(u=> u.Value.ToString().ToLower()). ToList(); + var perList = context.HttpContext.User.Claims.Where(u => u.Type == SystemConst.PermissionClaim).Select(u => u.Value.ToString().ToLower()).ToList(); //判断权限是否存在Redis中,或者jwt中 //进行正则表达式的匹配,以code开头 Regex regex = new Regex($"^{permission.ToLower()}"); foreach (var p in perList) { - //过滤多余的标签 - p.Replace("Entity",""); - p.Replace("entity",""); + //如果存在超级管理员权限,直接放行 + if (SystemConst.AdminPermissionCode.Equals(p)) + { + result = true; + break; + } + if (regex.IsMatch(p)) { result = true; @@ -56,11 +62,6 @@ namespace Yi.Framework.WebCore.AttributeExtend } //用户的增删改查直接可以user:*即可 - - //这里暂时全部放行即可 - result = true; - - if (!result) { throw new Exception("拦截未授权请求!"); diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs index eed13c4c..63e3ce36 100644 --- a/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs +++ b/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs @@ -1,5 +1,6 @@ using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Logging; using Newtonsoft.Json; using System; using System.Collections.Generic; @@ -15,10 +16,11 @@ namespace Yi.Framework.WebCore.MiddlewareExtend public class ErrorHandExtension { private readonly RequestDelegate next; - - public ErrorHandExtension(RequestDelegate next) + private ILogger _logger; + public ErrorHandExtension(RequestDelegate next,ILogger logger) { this.next = next; + _logger = logger; } public async Task Invoke(HttpContext context) @@ -34,6 +36,7 @@ namespace Yi.Framework.WebCore.MiddlewareExtend { statusCode = 200; } + _logger.LogError($"中间件抓取错误\r\n错误信息:{ex.Message}\r\n堆栈信息“{ex.StackTrace}"); await HandleExceptionAsync(context, statusCode, ex.Message); } finally