令牌验证功能

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/CommonController.cs

@@ -25,6 +25,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/Common")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class CommonController : BaseController
     {
         /// <summary>
@@ -103,10 +104,9 @@ namespace WebAPIBase.API.Controllers
         /// 获取项目列表
         /// </summary>
         /// <returns></returns>
-        [AllowAnonymous]
+        //[AllowAnonymous]
         [HttpGet]
-        [Route("GetProjectList")]
-        [ServiceFilter(typeof(Filter.TokenFilter))]
+        [Route("GetProjectList")]        
         public JsonResult GetProjectList()
         {
             var res = new ApiResponse

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/DesignChangesController.cs

@@ -11,6 +11,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/DesignChanges")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class DesignChangesController : BaseController
     {
         /// <summary>

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/ProgressController.cs

@@ -12,6 +12,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/Progress")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class ProgressController : BaseController
     {
         /// <summary>

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/RequisitionController.cs

@@ -25,6 +25,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/Requisition")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class RequisitionController : Controller
     {
         private static Logger logger = NLog.LogManager.GetCurrentClassLogger();

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/SafeQualityCheckController.cs

@@ -25,6 +25,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/SafeQualityCheck")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class SafeQualityCheckController : BaseController
     {
         /// <summary>

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/UserController.cs

@@ -29,6 +29,7 @@ namespace WebAPIBase.API.Controllers
 {
     [Produces("application/json;charset=UTF-8")]
     [Route("api/User")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class UserController : BaseController
     {
         private string webserviceUrl;

WebAPIBase.NetCore/WebAPIBase.NetCore/Controllers/ViseController.cs

@@ -28,6 +28,7 @@ namespace WebAPIBase.API.Controllers
     /// </summary>
     [Produces("application/json;charset=UTF-8")]
     [Route("api/Vise")]
+    [ServiceFilter(typeof(Filter.TokenAuthorize))]
     public class ViseController : BaseController
     {
 

WebAPIBase.NetCore/WebAPIBase.NetCore/Filter/TokenFilter.cs

@@ -1,41 +1,47 @@
-using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Authorization;
+using Microsoft.AspNetCore.Mvc.Filters;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
-using WebAPIBase.Utils.Jwt;
 using WebAPIBase.Utils;
-using Microsoft.AspNetCore.Mvc;
+using WebAPIBase.Utils.Jwt;
 
 namespace WebAPIBase.API.Filter
 {
     /// <summary>
-    /// 过滤器实现通用token验证
+    /// 令牌授权，登录验证
     /// </summary>
-    public class TokenFilter : Attribute, IActionFilter
+    public class TokenAuthorize : Attribute, IAuthorizationFilter
     {
         private ITokenHelper tokenHelper;
         /// <summary>
         /// 滤器实现通用token验证
         /// </summary>
         /// <param name="_tokenHelper"></param>
-        public TokenFilter(ITokenHelper _tokenHelper) //通过依赖注入得到数据访问层实例
+        public TokenAuthorize(ITokenHelper _tokenHelper) //通过依赖注入得到数据访问层实例
         {
             tokenHelper = _tokenHelper;
         }
-
-        public void OnActionExecuted(ActionExecutedContext context)
-        {
-
-        }
-        public void OnActionExecuting(ActionExecutingContext context)
+        public void OnAuthorization(AuthorizationFilterContext context)
         {
+            
             ApiResponse ret = new ApiResponse();
+            if(HasAllowAnonymous(context))
+            {
+                ret.IsSuccess = true;
+                ret.Code = 200;
+                ret.ErrMsg = "";
+                return;
+            }
             //获取token
             //object tokenobj = context.ActionArguments["token"];//前端地址栏参数传参
-            object tokenobj = context.HttpContext.Request.Headers["X-Token"].ToString();//前端写在header里面获取的
-            if (tokenobj == null)
+            var token = context.HttpContext.Request.Headers["X-Token"].ToString();//前端写在header里面获取的
+            if (token.IsNullOrEmpty())
             {
                 ret.IsSuccess = false;
                 ret.Code = 201;
@@ -44,7 +50,6 @@ namespace WebAPIBase.API.Filter
                 return;
             }
 
-            string token = tokenobj.ToString();
 
             string userId = "";
             //验证jwt,同时取出来jwt里边的用户ID
@@ -70,5 +75,32 @@ namespace WebAPIBase.API.Filter
                 //context.ActionArguments.Add("userId", Convert.ToInt32(userId));
             }
         }
+
+
+        /// <summary>
+        /// 用于判断Action有没有AllowAnonymous标签
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        private bool HasAllowAnonymous(AuthorizationFilterContext context)
+        {
+            var filters = context.Filters;
+            for (var i = 0; i < filters.Count; i++)
+            {
+                if (filters[i] is IAllowAnonymousFilter)
+                {
+                    return true;
+                }
+            }
+
+            var endpoint = context.HttpContext.GetEndpoint();
+            if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
+            {
+                return true;
+            }
+
+            return false;
+        }
+
     }
 }

WebAPIBase.NetCore/WebAPIBase.NetCore/Startup.cs

@@ -87,7 +87,7 @@ namespace WebAPIBase.API
                 Options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
             }).
             AddJwtBearer();
-            services.AddScoped<Filter.TokenFilter>();
+            services.AddScoped<Filter.TokenAuthorize>();
             #endregion
 
 
@@ -120,15 +120,16 @@ namespace WebAPIBase.API
             services.AddSingleton<IConfiguration>(Configuration);
             services.AddSingleton<ICaching, Caching>();
 
-            services.AddAuthorization(options =>
-            {
-                options.AddPolicy("Member",
-                    policy => policy.RequireClaim("MembershipId"));
-            });
+            //services.AddAuthorization(options =>
+            //{
+            //    options.AddPolicy("Member",
+            //        policy => policy.RequireClaim("MembershipId"));
+            //});
 
             services.AddSwaggerGen(c =>
             {
-                c.SwaggerDoc("v1", new OpenApiInfo { Title = "WebAPIBase API", Version = "v1" });
+                c.SwaggerDoc("v1", new OpenApiInfo { Title = "WebAPIBase API——Netcore 3.0", Version = "v1" });
+                
             });
         }