feat: 完成token刷新机制，支持多模式

2024-01-24 16:07:54 +08:00
parent 6b15aa9c8e
commit e614935693
4 changed files with 81 additions and 5 deletions
--- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs
+++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs
@@ -27,5 +27,7 @@ namespace Yi.Framework.Rbac.Domain.Shared.Consts
        public const string RoleInfo=nameof(RoleInfo);

        public const string Refresh=nameof(Refresh);
+
+      
    }
 }
--- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs
+++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Security.Claims;
+using Yi.Framework.Rbac.Domain.Managers;
+using Yi.Framework.Rbac.Domain.Shared.Consts;
+
+namespace Yi.Framework.Rbac.Domain.Authorization
+{
+    public class RefreshTokenMiddleware : IMiddleware, ITransientDependency
+    {
+        private AccountManager _accountManager;
+        public RefreshTokenMiddleware(AccountManager accountManager)
+        {
+
+            _accountManager = accountManager;
+        }
+
+        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
+        {
+            var refreshToken = context.Request.Headers["refresh_token"].ToString();
+            if (!string.IsNullOrEmpty(refreshToken))
+            {
+                //每个用户的token刷新频率可以进行控制，防止刷新token当访问token使用
+                var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh);
+                //token鉴权刷新成功
+                if (authResult.Succeeded)
+                {
+                    var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString());
+                    var access_Token = await _accountManager.GetTokenByUserIdAsync(userId);
+                    var refresh_Token = _accountManager.CreateRefreshToken(userId);
+                    context.Response.Headers["access_token"] = access_Token;
+                    context.Response.Headers["refresh_token"] = refresh_Token;
+
+
+                    //请求头替换，补充后续鉴权逻辑
+                    context.Request.Headers["Authorization"] = "Bearer " + access_Token;
+                }
+            }
+            await next(context);
+        }
+    }
+
+
+    public static class RefreshTokenExtensions
+    {
+        public static IApplicationBuilder UseRefreshToken([NotNull] this IApplicationBuilder app)
+        {
+            app.UseMiddleware<RefreshTokenMiddleware>();
+            return app;
+
+        }
+    }
+
+}
--- a/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs
+++ b/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs
@@ -25,6 +25,7 @@ using Yi.Framework.AspNetCore.Microsoft.AspNetCore.Builder;
 using Yi.Framework.AspNetCore.Microsoft.Extensions.DependencyInjection;
 using Yi.Framework.Bbs.Application;
 using Yi.Framework.Rbac.Application;
+using Yi.Framework.Rbac.Domain.Authorization;
 using Yi.Framework.Rbac.Domain.Shared.Consts;
 using Yi.Framework.Rbac.Domain.Shared.Options;

@@ -145,7 +146,8 @@ namespace Yi.Abp.Web
                    }
                };
            })
-            .AddJwtBearer(TokenTypeConst.Refresh, options => {
+            .AddJwtBearer(TokenTypeConst.Refresh, options =>
+            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ClockSkew = TimeSpan.Zero,
@@ -158,11 +160,18 @@ namespace Yi.Abp.Web
                {
                    OnMessageReceived = context =>
                    {
-                        var accessToken = context.Request.Query["refresh_token"];
-                        if (!string.IsNullOrEmpty(accessToken))
+                        var refresh_token = context.Request.Headers["refresh_token"];
+                        if (!string.IsNullOrEmpty(refresh_token))
                        {
-                            context.Token = accessToken;
+                            context.Token = refresh_token;
+                            return Task.CompletedTask;
                        }
+                        var refreshToken = context.Request.Query["refresh_token"];
+                        if (!string.IsNullOrEmpty(refreshToken))
+                        {
+                            context.Token = refreshToken;
+                        }
+
                        return Task.CompletedTask;
                    }
                };
@@ -195,6 +204,9 @@ namespace Yi.Abp.Web
            //跨域
            app.UseCors(DefaultCorsPolicyName);

+            //无感token，先刷新再鉴权
+            app.UseRefreshToken();
+
            //鉴权
            app.UseAuthentication();

--- a/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json
+++ b/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json
@@ -35,7 +35,7 @@
    "Issuer": "https://ccnetcore.com",
    "Audience": "https://ccnetcore.com",
    "SecurityKey": "zqxwcevrbtnymu312412ihe9rfwhe78rh23djoi32hrui3ryf9e8wfh34iuj54y0934uti4h97fgw7hf97wyh8yy69520",
-    "ExpiresMinuteTime": 86400
+    "ExpiresMinuteTime": 1
  },
  //刷新token
  "RefreshJwtOptions": {