wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2025-12-06 18:13:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

【新增】jwt授权认证方式,增加AES加密解密处理,防止前端进行渗透解密伪造Token可能存在。

Browse Source
This commit is contained in:
jianweie
2024-05-08 22:20:04 +08:00
parent 5be1f7789b
commit d517d0d064
10 changed files with 151 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
CoreCms.Net.Auth/AuthorizationSetup.cs
View File

@@ -24,6 +24,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using NETCore.Encrypt;
namespace CoreCms.Net.Auth
{
@@ -100,6 +101,19 @@ namespace CoreCms.Net.Auth
o.TokenValidationParameters = tokenValidationParameters;
o.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
if (string.IsNullOrEmpty(token))
{
context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!");
}
else
{
context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
}
return Task.CompletedTask;
},
OnChallenge = context =>
{
context.Response.Headers.Append("Token-Error", context.ErrorDescription);
@@ -108,7 +122,19 @@ namespace CoreCms.Net.Auth
OnAuthenticationFailed = context =>
{
var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(token);
if (string.IsNullOrEmpty(token))
{
context.Response.Headers.Append("Token-Error-Token", "token is wrong!");
}
//进行aes解密
var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
if (string.IsNullOrEmpty(decodeToken))
{
context.Response.Headers.Append("Token-Error-Token", "token decryption failure!");
}
var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken);
if (jwtToken.Issuer != issuer)
{
@@ -205,6 +231,19 @@ namespace CoreCms.Net.Auth
o.TokenValidationParameters = tokenValidationParameters;
o.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
if (string.IsNullOrEmpty(token))
{
context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!");
}
else
{
context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
}
return Task.CompletedTask;
},
OnChallenge = context =>
{
context.Response.Headers.Append("Token-Error", context.ErrorDescription);
@@ -213,7 +252,19 @@ namespace CoreCms.Net.Auth
OnAuthenticationFailed = context =>
{
var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", "");
var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(token);
if (string.IsNullOrEmpty(token))
{
context.Response.Headers.Append("Token-Error-Token", "token is wrong!");
}
//进行aes解密
var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
if (string.IsNullOrEmpty(decodeToken))
{
context.Response.Headers.Append("Token-Error-Token", "token decryption failure!");
}
var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken);
if (jwtToken.Issuer != issuer)
{