【新增】jwt授权认证方式，增加AES加密解密处理，防止前端进行渗透解密伪造Token可能存在。

CoreCms.Net.Auth/AuthorizationSetup.cs

@@ -24,6 +24,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
+using NETCore.Encrypt;
 
 namespace CoreCms.Net.Auth
 {
@@ -100,6 +101,19 @@ namespace CoreCms.Net.Auth
                  o.TokenValidationParameters = tokenValidationParameters;
                  o.Events = new JwtBearerEvents
                  {
+                     OnMessageReceived = context =>
+                     {
+                         var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
+                         if (string.IsNullOrEmpty(token))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!");
+                         }
+                         else
+                         {
+                             context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+                         }
+                         return Task.CompletedTask;
+                     },
                      OnChallenge = context =>
                      {
                          context.Response.Headers.Append("Token-Error", context.ErrorDescription);
@@ -108,7 +122,19 @@ namespace CoreCms.Net.Auth
                      OnAuthenticationFailed = context =>
                      {
                          var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
-                         var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(token);
+                         if (string.IsNullOrEmpty(token))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "token is wrong!");
+                         }
+
+                         //进行aes解密
+                         var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+                         if (string.IsNullOrEmpty(decodeToken))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "token decryption failure!");
+                         }
+
+                         var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken);
 
                          if (jwtToken.Issuer != issuer)
                          {
@@ -205,6 +231,19 @@ namespace CoreCms.Net.Auth
                  o.TokenValidationParameters = tokenValidationParameters;
                  o.Events = new JwtBearerEvents
                  {
+                     OnMessageReceived = context =>
+                     {
+                         var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
+                         if (string.IsNullOrEmpty(token))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!");
+                         }
+                         else
+                         {
+                             context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+                         }
+                         return Task.CompletedTask;
+                     },
                      OnChallenge = context =>
                      {
                          context.Response.Headers.Append("Token-Error", context.ErrorDescription);
@@ -213,7 +252,19 @@ namespace CoreCms.Net.Auth
                      OnAuthenticationFailed = context =>
                      {
                          var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
-                         var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(token);
+                         if (string.IsNullOrEmpty(token))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "token is wrong!");
+                         }
+
+                         //进行aes解密
+                         var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+                         if (string.IsNullOrEmpty(decodeToken))
+                         {
+                             context.Response.Headers.Append("Token-Error-Token", "token decryption failure!");
+                         }
+
+                         var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken);
 
                          if (jwtToken.Issuer != issuer)
                          {

CoreCms.Net.Auth/CoreCms.Net.Auth.csproj

@@ -7,6 +7,7 @@
   <ItemGroup>
 	  <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
 	  <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="8.0.0" />
+	  <PackageReference Include="NETCore.Encrypt" Version="2.1.1" />
   </ItemGroup>
 
   <ItemGroup>

CoreCms.Net.Auth/Policys/JwtToken.cs

@@ -19,7 +19,7 @@ namespace CoreCms.Net.Auth.Policys
     /// <summary>
     /// JWTToken生成类
     /// </summary>
-    public class JwtToken
+    public static class JwtToken
     {
         /// <summary>
         /// 获取基于JWT的Token
@@ -27,7 +27,7 @@ namespace CoreCms.Net.Auth.Policys
         /// <param name="claims">需要在登陆的时候配置</param>
         /// <param name="permissionRequirement">在startup中定义的参数</param>
         /// <returns></returns>
-        public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
+        public static JwtTokenResponseJson BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
         {
             var now = DateTime.Now;
             // 实例化JwtSecurityToken