alroyso
/
gpt_api


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
							using Furion;
using Furion.Authorization;
using Furion.DataEncryption;
using gpt_api.Entity.System;
using gpt_api.Respository;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using System.Security.Claims;
using System.Threading.Tasks;

namespace gpt_api.Web.Core;

public class JwtHandler : AppAuthorizeHandler
{
    /// <summary>
    /// 重写 Handler 添加自动刷新收取逻辑
    /// </summary>
    /// <param name="context"></param>
    /// <returns></returns>
    public override async Task HandleAsync(AuthorizationHandlerContext context)
    {
        // 自动刷新 token
        if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext()))
        {
            await AuthorizeHandleAsync(context);
        }
        else context.Fail();// 授权失败
    }
    /// <summary>
    /// 验证管道，也就是验证核心代码
    /// </summary>
    /// <param name="context"></param>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    public override async Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
    {
        // 这里写您的授权判断逻辑，授权通过返回 true，否则返回 false

        return await CheckAuthorzie(httpContext);
    }

    /// <summary>
    /// 检查权限
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    private static async Task<bool> CheckAuthorzie(DefaultHttpContext httpContext)
    {
        // 获取权限特性
        var securityDefineAttribute = httpContext.GetMetadata<SecurityDefineAttribute>();
        if (securityDefineAttribute == null)//是否包含鉴权attribute
        {
            return true;
        }
        else
        {
            var path = httpContext.Request.Path.ToString();
            var userId = int.Parse(App.User?.FindFirstValue("UserId"));

            var _sysUserRoleRepository = App.GetService<IRepository<SysUserRoleEntity>>();
            var _sysRoleSecurityRepository = App.GetService<IRepository<SysRoleSecurityEntity>>();

            // 解析服务
            var roleIds = await _sysUserRoleRepository.GetFieldDistinctListAsync(o => o.UserId == userId, o => o.RoleId);
            var securityList = await _sysRoleSecurityRepository.GetFieldDistinctListAsync(o => roleIds.Contains(o.RoleId), o => o.Security);

            return securityList.Contains(path);
        }
    }
}