From e614935693861538587205011e03e681ae08017f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E6=B7=B3?= <454313500@qq.com> Date: Wed, 24 Jan 2024 16:07:54 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=AE=8C=E6=88=90token=E5=88=B7?= =?UTF-8?q?=E6=96=B0=E6=9C=BA=E5=88=B6=EF=BC=8C=E6=94=AF=E6=8C=81=E5=A4=9A?= =?UTF-8?q?=E6=A8=A1=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Consts/TokenTypeConst.cs | 2 + .../Authorization/RefreshTokenMiddleware.cs | 62 +++++++++++++++++++ Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs | 20 ++++-- Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json | 2 +- 4 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs index cab5fca9..cdb82a29 100644 --- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs @@ -27,5 +27,7 @@ namespace Yi.Framework.Rbac.Domain.Shared.Consts public const string RoleInfo=nameof(RoleInfo); public const string Refresh=nameof(Refresh); + + } } diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs new file mode 100644 index 00000000..f3ec3d5c --- /dev/null +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Authorization/RefreshTokenMiddleware.cs @@ -0,0 +1,62 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using JetBrains.Annotations; +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Http; +using Volo.Abp.DependencyInjection; +using Volo.Abp.Security.Claims; +using Yi.Framework.Rbac.Domain.Managers; +using Yi.Framework.Rbac.Domain.Shared.Consts; + +namespace Yi.Framework.Rbac.Domain.Authorization +{ + public class RefreshTokenMiddleware : IMiddleware, ITransientDependency + { + private AccountManager _accountManager; + public RefreshTokenMiddleware(AccountManager accountManager) + { + + _accountManager = accountManager; + } + + public async Task InvokeAsync(HttpContext context, RequestDelegate next) + { + var refreshToken = context.Request.Headers["refresh_token"].ToString(); + if (!string.IsNullOrEmpty(refreshToken)) + { + //每个用户的token刷新频率可以进行控制,防止刷新token当访问token使用 + var authResult = await context.AuthenticateAsync(TokenTypeConst.Refresh); + //token鉴权刷新成功 + if (authResult.Succeeded) + { + var userId = Guid.Parse(authResult.Principal.FindFirst(AbpClaimTypes.UserId).Value.ToString()); + var access_Token = await _accountManager.GetTokenByUserIdAsync(userId); + var refresh_Token = _accountManager.CreateRefreshToken(userId); + context.Response.Headers["access_token"] = access_Token; + context.Response.Headers["refresh_token"] = refresh_Token; + + + //请求头替换,补充后续鉴权逻辑 + context.Request.Headers["Authorization"] = "Bearer " + access_Token; + } + } + await next(context); + } + } + + + public static class RefreshTokenExtensions + { + public static IApplicationBuilder UseRefreshToken([NotNull] this IApplicationBuilder app) + { + app.UseMiddleware(); + return app; + + } + } + +} diff --git a/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs b/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs index 33fdca00..1e53330d 100644 --- a/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs +++ b/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs @@ -25,6 +25,7 @@ using Yi.Framework.AspNetCore.Microsoft.AspNetCore.Builder; using Yi.Framework.AspNetCore.Microsoft.Extensions.DependencyInjection; using Yi.Framework.Bbs.Application; using Yi.Framework.Rbac.Application; +using Yi.Framework.Rbac.Domain.Authorization; using Yi.Framework.Rbac.Domain.Shared.Consts; using Yi.Framework.Rbac.Domain.Shared.Options; @@ -145,7 +146,8 @@ namespace Yi.Abp.Web } }; }) - .AddJwtBearer(TokenTypeConst.Refresh, options => { + .AddJwtBearer(TokenTypeConst.Refresh, options => + { options.TokenValidationParameters = new TokenValidationParameters { ClockSkew = TimeSpan.Zero, @@ -158,11 +160,18 @@ namespace Yi.Abp.Web { OnMessageReceived = context => { - var accessToken = context.Request.Query["refresh_token"]; - if (!string.IsNullOrEmpty(accessToken)) + var refresh_token = context.Request.Headers["refresh_token"]; + if (!string.IsNullOrEmpty(refresh_token)) { - context.Token = accessToken; + context.Token = refresh_token; + return Task.CompletedTask; } + var refreshToken = context.Request.Query["refresh_token"]; + if (!string.IsNullOrEmpty(refreshToken)) + { + context.Token = refreshToken; + } + return Task.CompletedTask; } }; @@ -195,6 +204,9 @@ namespace Yi.Abp.Web //跨域 app.UseCors(DefaultCorsPolicyName); + //无感token,先刷新再鉴权 + app.UseRefreshToken(); + //鉴权 app.UseAuthentication(); diff --git a/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json b/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json index 226005bb..55caa0f4 100644 --- a/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json +++ b/Yi.Abp.Net8/src/Yi.Abp.Web/appsettings.json @@ -35,7 +35,7 @@ "Issuer": "https://ccnetcore.com", "Audience": "https://ccnetcore.com", "SecurityKey": "zqxwcevrbtnymu312412ihe9rfwhe78rh23djoi32hrui3ryf9e8wfh34iuj54y0934uti4h97fgw7hf97wyh8yy69520", - "ExpiresMinuteTime": 86400 + "ExpiresMinuteTime": 1 }, //刷新token "RefreshJwtOptions": {