From 599aeb0d380f9b194e1dc363364779f3b498969e Mon Sep 17 00:00:00 2001
From: llj <132905093+newwwwwwtree@users.noreply.github.com>
Date: 星期四, 30 四月 2026 10:58:03 +0800
Subject: [PATCH] 1
---
WebAPI/Service/JwtAuthorizeAttribute.cs | 91 +++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/WebAPI/Service/JwtAuthorizeAttribute.cs b/WebAPI/Service/JwtAuthorizeAttribute.cs
index ca96e21..9418f11 100644
--- a/WebAPI/Service/JwtAuthorizeAttribute.cs
+++ b/WebAPI/Service/JwtAuthorizeAttribute.cs
@@ -1,9 +1,12 @@
锘縰sing System;
+using System.Linq;
using System.Net;
using System.Net.Http;
+using System.Reflection;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
+using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
@@ -31,7 +34,7 @@
{
try
{
- // 妫�鏌ュ尶鍚嶈闂�
+ // 妫�鏌ュ尶鍚嶈闂�(璁よ瘉)
if (IsAnonymousAllowed(actionContext)) return;
// 鑾峰彇Token
@@ -51,12 +54,77 @@
return;
}
- // 楠岃瘉鏄惁鎷ユ湁璁块棶妯″潡鐨勬潈闄�
- // 鏈変袱绉嶅垽鏂柟寮� 涓�绉嶆槸閫氳繃瑙掕壊鍘诲垽鏂紝涓�绉嶆槸閫氳繃鐢ㄦ埛鍘诲垽鏂� 鐩墠鏆傛椂涓嶅仛鍖哄垎锛屽悗缁彲澧炲姞绯荤粺鍙傛暟鏉ヨ繘琛屽尯鍒�
+ // 妫�鏌� Token鍜屽綋鍓嶇櫥褰曠敤鎴锋槸鍚﹀尮閰�
+ var HUserName = GetUserNameFromHeader(actionContext) ?? "";
+ var TokenUserName = JWTHelper.getUserName(token);
+ if(!string.IsNullOrWhiteSpace(HUserName))
+ {
+ HUserName = HttpUtility.UrlDecode(HUserName);
+ }
+ if(TokenUserName != HUserName)
+ {
+ // 濡傛灉Token鍜屽綋鍓嶇櫥褰曠敤鎴蜂笉鍖归厤锛屽垯闇�瑕佸憡鐭ュ墠绔敤鎴� Token 杩囨湡锛岄渶閲嶆柊鐧诲綍
+ HandleUnauthorized(actionContext);
+ return;
+ }
-
// 璁剧疆鐢ㄦ埛
actionContext.RequestContext.Principal = principal;
+
+ // 楠岃瘉鏄惁鎷ユ湁璁块棶妯″潡鐨勬潈闄�
+ // 鏈変袱绉嶅垽鏂柟寮� 涓�绉嶆槸閫氳繃瑙掕壊鍘诲垽鏂紝涓�绉嶆槸閫氳繃鐢ㄦ埛鍘诲垽鏂� 鐩墠鏆傛椂涓嶅仛鍖哄垎锛屽悗缁彲澧炲姞绯荤粺鍙傛暟鏉ヨ繘琛屽尯鍒�
+ // 瀹夊叏鎺у埗鍣ㄦ弿鏍囩
+ var controllerAttr = actionContext.ControllerContext?.ControllerDescriptor?.GetCustomAttributes<PermissionAttribute>().FirstOrDefault();
+
+ // 瀹夊叏鑾峰彇Action鏍囩
+ var actionAttr = actionContext.ActionDescriptor?.GetCustomAttributes<PermissionAttribute>().FirstOrDefault();
+
+ string PermissionStr = string.Empty;
+ // 鍒ゆ柇鎺у埗鍣ㄧ骇鍒笂鏄惁鍚敤浜嗛壌鏉冩爣绛�
+ if(controllerAttr != null && !string.IsNullOrWhiteSpace(controllerAttr?.HModName))
+ {
+ PermissionStr += controllerAttr.HModName;
+
+ // 鏌ョ湅鏄惁闇�瑕佹洿缁嗙矑搴︾殑鎺у埗
+ if(actionAttr != null && !string.IsNullOrWhiteSpace(actionAttr?.Operate))
+ {
+ // 璇ュ姩浣滃搴旂殑妯″潡鍚嶅拰鎺у埗鍣ㄥ悕鏄惁涓嶄竴鑷�
+ if (string.IsNullOrWhiteSpace(actionAttr.HModName))
+ {
+ PermissionStr = actionAttr.HModName + actionAttr.Operate;
+ }
+ else
+ {
+ PermissionStr += actionAttr.Operate;
+ }
+
+ }
+
+ if(!string.IsNullOrWhiteSpace(PermissionStr))
+ {
+ if (!DBUtility.ClsPub.Security_Log(PermissionStr, 1, false, JWTHelper.getUserName(token)))
+ {
+ HandleForbidden(actionContext);
+ return;
+ }
+ }
+
+ }else if (actionAttr != null && !string.IsNullOrWhiteSpace(actionAttr?.HModName) && !string.IsNullOrWhiteSpace(actionAttr?.Operate))
+ {
+ // 鍗曠嫭鍦ㄥ姩浣滀笂鍚敤閴存潈鍔熻兘
+ PermissionStr = actionAttr.HModName + actionAttr.Operate;
+
+ if (!string.IsNullOrWhiteSpace(PermissionStr))
+ {
+ if (!DBUtility.ClsPub.Security_Log(PermissionStr, 1, false, JWTHelper.getUserName(token)))
+ {
+ HandleForbidden(actionContext);
+ return;
+ }
+ }
+ }
+
+
}
catch (Exception e)
{
@@ -93,6 +161,19 @@
return null;
}
+ // 浠嶩eader涓幏鍙栫敤鎴峰悕
+ private string GetUserNameFromHeader(HttpActionContext context)
+ {
+ var headers = context.Request.Headers;
+ string userName = "";
+ if (headers.Contains("X-Username"))
+ {
+ userName = headers.GetValues("X-Username").FirstOrDefault();
+ }
+
+ return userName;
+ }
+
// 401 鏈巿鏉�
private void HandleUnauthorized(HttpActionContext context)
{
@@ -111,7 +192,7 @@
var response = new HttpResponseMessage(HttpStatusCode.Forbidden);
objjson.code = "0";
objjson.count = 0;
- objjson.Message = "褰撳墠瑙掕壊鏃犳潈闄�";
+ objjson.Message = "鎮ㄦ病鏈夎妯″潡鏉冮檺,璇蜂笌绠$悊鍛樿仈绯伙紒";
response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
System.Text.Encoding.UTF8, "application/json");
context.Response = response;
--
Gitblit v1.9.1