swagger界面添加token验证

PMS.NetCore/PMS.NetCore.BusinessCore/BaseCore/rolesManager.cs

@@ -49,7 +49,7 @@ public class rolesManager : DbContext<roles>
     /// <returns></returns>
     public List<dynamic> GetFuncs(string roleid)
     {
-        var sql = $"SELECT b.*,a.RoleID,a.Actions FROM dbo.rolesInfuncs a INNER JOIN dbo.funcs b ON a.FuncID=b.FuncID WHERE a.RoleID='{roleid}'";
+        var sql = $"SELECT b.*,a.RoleID FROM dbo.rolesInfuncs a INNER JOIN dbo.funcs b ON a.FuncID=b.FuncID WHERE a.RoleID='{roleid}'";
         var list = Db.Ado.SqlQuery<dynamic>(sql);
         return list;
     }

PMS.NetCore/PMS.NetCore/Filter/TokenAuthorize.cs

@@ -10,20 +10,24 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Options;
 
 namespace PMS.NetCore.Filter
 {
     public class TokenAuthorize : Attribute, IAuthorizationFilter
     {
         private ITokenHelper tokenHelper;
+        private readonly IOptions<JWTConfig> _options;
         private NLog.Logger logger;
         /// <summary>
-        /// 滤器实现通用token验证
+        /// 过滤器实现通用token验证
         /// </summary>
         /// <param name="_tokenHelper"></param>
-        public TokenAuthorize(ITokenHelper _tokenHelper) //通过依赖注入得到数据访问层实例
+        /// <param name="options"></param>
+        public TokenAuthorize(ITokenHelper _tokenHelper, IOptions<JWTConfig> options) //通过依赖注入得到数据访问层实例
         {
             tokenHelper = _tokenHelper;
+            _options = options;
             logger = NLog.Web.NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
         }
         public void OnAuthorization(AuthorizationFilterContext context)
@@ -53,7 +57,7 @@ namespace PMS.NetCore.Filter
 
             string userId = "";
             //验证jwt,同时取出来jwt里边的用户ID
-            TokenType tokenType = tokenHelper.ValiTokenState(token, a => a["iss"] == "lutao" && a["aud"] == "haodegongchengyun", action => { userId = action["UserID"]; });
+            TokenType tokenType = tokenHelper.ValiTokenState(token, a => a["iss"] == _options.Value.Issuer && a["aud"] == _options.Value.Audience, action => { userId = action["UserID"]; });
             if (tokenType == TokenType.Fail)
             {
                 ret.IsSuccess = false;

PMS.NetCore/PMS.NetCore/PMS.NetCore.xml

@@ -89,11 +89,12 @@
             <param name="keystr">机密密钥</param>
             <returns>解密后的字符串</returns>
         </member>
-        <member name="M:PMS.NetCore.Filter.TokenAuthorize.#ctor(Utils.Jwt.ITokenHelper)">
+        <member name="M:PMS.NetCore.Filter.TokenAuthorize.#ctor(Utils.Jwt.ITokenHelper,Microsoft.Extensions.Options.IOptions{Utils.Jwt.JWTConfig})">
             <summary>
-            滤器实现通用token验证
+            过滤器实现通用token验证
             </summary>
             <param name="_tokenHelper"></param>
+            <param name="options"></param>
         </member>
         <member name="M:PMS.NetCore.Filter.TokenAuthorize.HasAllowAnonymous(Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext)">
             <summary>

PMS.NetCore/Utils/Jwt/TokenHelper.cs

@@ -18,9 +18,11 @@ namespace Utils.Jwt
     public class TokenHelper : ITokenHelper
     {
         private readonly IOptions<JWTConfig> _options;
+        private NLog.Logger logger;
         public TokenHelper(IOptions<JWTConfig> options)
         {
             _options = options;
+            logger = NLog.Web.NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
         }
 
         /// <summary>
@@ -97,7 +99,9 @@ namespace Utils.Jwt
                 return false;
             }
             var header = JsonConvert.DeserializeObject<Dictionary<string, string>>(Base64UrlEncoder.Decode(jwtArr[0]));
+            logger.Info($"header:{header}");
             var payLoad = JsonConvert.DeserializeObject<Dictionary<string, string>>(Base64UrlEncoder.Decode(jwtArr[1]));
+            logger.Info($"payLoad:{payLoad}");
             //配置文件中取出来的签名秘钥
             var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(_options.Value.IssuerSigningKey));
             //验证签名是否正确（把用户传递的签名部分取出来和服务器生成的签名匹配即可）
@@ -144,11 +148,18 @@ namespace Utils.Jwt
                 return TokenType.Fail;
             }
             var header = JsonConvert.DeserializeObject<Dictionary<string, string>>(Base64UrlEncoder.Decode(jwtArr[0]));
+            logger.Info($"header:{Base64UrlEncoder.Decode(jwtArr[0])}");
             var payLoad = JsonConvert.DeserializeObject<Dictionary<string, string>>(Base64UrlEncoder.Decode(jwtArr[1]));
+            logger.Info($"payLoad:{Base64UrlEncoder.Decode(jwtArr[1])}");
             var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(_options.Value.IssuerSigningKey));
+            logger.Info($"jwtArr[2]:{jwtArr[2]}");
+
+            var str = Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))));
+            logger.Info($"str:{str}");
             //验证签名是否正确（把用户传递的签名部分取出来和服务器生成的签名匹配即可）
-            if (!string.Equals(jwtArr[2], Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))))))
+            if (!string.Equals(jwtArr[2], str))
             {
+                logger.Info($"TokenType:{TokenType.Fail}");
                 return TokenType.Fail;
             }
             //其次验证是否在有效期内（必须验证）
@@ -167,6 +178,7 @@ namespace Utils.Jwt
             //再其次 进行自定义的验证
             if (!validatePayLoad(payLoad))
             {
+                logger.Info($"validatePayLoad");
                 return TokenType.Fail;
             }
             //可能需要获取jwt摘要里边的数据，封装一下方便使用