/// <summary>
/// 自定义权限验证
/// </summary>
/// <param name="context"></param>
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
var header = context.HttpContext.Request.Headers["Authorization"];
if (!user.Identity.IsAuthenticated)
{
// it isn't needed to set unauthorized result
// as the base class already requires the user to be authenticated
// this also makes redirect to a login page work properly
//context.Result = new UnauthorizedResult();
//return;
throw new UnauthorizeException();
}
if (Permission == null && AuthCheckApi == false)
return;
var pemissions = context.HttpContext.User.Claims.First(x => x.Type == "Pemission");
IEnumerable<string> pemissionList = pemissions != null ? JsonConvert.DeserializeObject<List<string>>(pemissions.Value) : null;
if (AuthCheckApi == true)
{
//TODO: 请求参数中获取permission参数。 跟token比对。 如果包含 return; 不包含401
var acka = context.HttpContext.Request.Query["permission"].ToArray();
Console.WriteLine(Permission);
foreach (string item in pemissionList)
{
if (item.Equals(acka.First()))
return;
}
}
if (Permission != null)
{
foreach (string item in pemissionList)
{
if (item.Equals(Permission))
return;
}
}
throw new UnauthorizeException();
//TODO: 把失效用户存在redis缓存中, 查询是否失效用户
//登出时将相关的信息比如用户名存储在redis中 修改某用户权限也让他失效 jwt中解析出用户名去redis中查找
//每次登陆 从失效列表删除
}