wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2025-12-06 17:13:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

【新增】jwt授权认证方式,增加AES加密解密处理,防止前端进行渗透解密伪造Token可能存在。

Browse Source
This commit is contained in:
jianweie
2024-05-08 22:20:04 +08:00
parent 5be1f7789b
commit d517d0d064
10 changed files with 151 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CoreCms.Net.Web.WebApi/Controllers/AliPayOAuth/AliPayAuthController.cs
View File

@@ -16,6 +16,7 @@ using CoreCms.Net.Model.Entities;
using CoreCms.Net.Model.FromBody;
using CoreCms.Net.Configuration;
using static SKIT.FlurlHttpClient.Wechat.Api.Models.WeDataQueryBindListResponse.Types;
using NETCore.Encrypt;
namespace CoreCms.Net.Web.WebApi.Controllers.AliPayOAuth
{
@@ -137,10 +138,16 @@ namespace CoreCms.Net.Web.WebApi.Controllers.AliPayOAuth
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
//返回处理结果集
var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
//对token进行非对称加密
auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
jm.status = true;
jm.data = new
{
auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement),
auth,
user
};
jm.otherData = result.UserId;

33
CoreCms.Net.Web.WebApi/Controllers/UserController.cs
View File

@@ -48,6 +48,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using NETCore.Encrypt;
using Newtonsoft.Json;
using Nito.AsyncEx;
using NLog;
@@ -252,10 +253,16 @@ namespace CoreCms.Net.Web.WebApi.Controllers
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
//返回处理结果集
var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
//对token进行非对称加密
auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
jm.status = true;
jm.data = new
{
auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement),
auth,
user
};
jm.otherData = response.OpenId;
@@ -355,10 +362,16 @@ namespace CoreCms.Net.Web.WebApi.Controllers
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
//返回处理结果集
var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
//对token进行非对称加密
auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
jm.status = true;
jm.data = new
{
auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement),
auth,
user
};
jm.otherData = response.OpenId;
@@ -468,8 +481,14 @@ namespace CoreCms.Net.Web.WebApi.Controllers
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
//返回处理结果集
var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
//对token进行非对称加密
auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
jm.status = true;
jm.data = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
jm.data = auth;
//录入登录日志
var log = new CoreCmsUserLog();
@@ -801,9 +820,15 @@ namespace CoreCms.Net.Web.WebApi.Controllers
//用户标识
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(claims);
//返回处理结果集
var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
//对token进行非对称加密
auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
jm.status = true;
jm.msg = "注册成功";
jm.data = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
jm.data = auth;
//录入登录日志
var log = new CoreCmsUserLog();
log.userId = id;

1
CoreCms.Net.Web.WebApi/CoreCms.Net.Web.WebApi.csproj
View File

@@ -67,6 +67,7 @@
<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.0" />
<PackageReference Include="MySql.Data" Version="8.2.0" />
<PackageReference Include="NETCore.Encrypt" Version="2.1.1" />
<PackageReference Include="Nito.AsyncEx" Version="5.1.2" />
<PackageReference Include="NLog" Version="5.2.7" />
<PackageReference Include="NLog.Database" Version="5.2.7" />

13
CoreCms.Net.Web.WebApi/CoreCms.Net.Web.WebApi.xml
View File

@@ -1081,7 +1081,7 @@
用户操作事件
</summary>
</member>
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.#ctor(CoreCms.Net.Auth.HttpContextUser.IHttpContextUser,CoreCms.Net.IServices.ICoreCmsUserWeChatInfoServices,CoreCms.Net.IServices.ICoreCmsUserServices,CoreCms.Net.Auth.Policys.PermissionRequirement,CoreCms.Net.IServices.ICoreCmsSmsServices,CoreCms.Net.IServices.ICoreCmsUserGradeServices,CoreCms.Net.IServices.ICoreCmsUserLogServices,Microsoft.AspNetCore.Http.IHttpContextAccessor,CoreCms.Net.IServices.ICoreCmsGoodsServices,CoreCms.Net.IServices.ICoreCmsGoodsBrowsingServices,CoreCms.Net.IServices.ICoreCmsCartServices,CoreCms.Net.IServices.ICoreCmsGoodsCollectionServices,CoreCms.Net.IServices.ICoreCmsUserShipServices,CoreCms.Net.IServices.ICoreCmsAreaServices,CoreCms.Net.IServices.ICoreCmsBillPaymentsServices,CoreCms.Net.IServices.ICoreCmsGoodsCommentServices,CoreCms.Net.IServices.ICoreCmsUserBankCardServices,CoreCms.Net.IServices.ICoreCmsUserTocashServices,CoreCms.Net.IServices.ICoreCmsUserBalanceServices,CoreCms.Net.IServices.ICoreCmsInvoiceServices,CoreCms.Net.IServices.ICoreCmsUserPointLogServices,CoreCms.Net.IServices.ICoreCmsShareServices,CoreCms.Net.IServices.ICoreCmsSettingServices,CoreCms.Net.IServices.ICoreCmsServicesServices,Microsoft.Extensions.Options.IOptions{CoreCms.Net.WeChat.Service.Options.WeChatOptions},CoreCms.Net.IServices.ICoreCmsUserServicesOrderServices,CoreCms.Net.IServices.ICoreCmsUserServicesTicketServices,CoreCms.Net.IServices.ICoreCmsStoreServices,CoreCms.Net.IServices.ICoreCmsCouponServices,CoreCms.Net.IServices.ICoreCmsOrderServices,CoreCms.Net.WeChat.Service.HttpClients.IWeChatApiHttpClientFactory,CoreCms.Net.Caching.AutoMate.RedisCache.IRedisOperationRepository)">
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.#ctor(CoreCms.Net.Auth.HttpContextUser.IHttpContextUser,CoreCms.Net.IServices.ICoreCmsUserWeChatInfoServices,CoreCms.Net.IServices.ICoreCmsUserServices,CoreCms.Net.Auth.Policys.PermissionRequirement,CoreCms.Net.IServices.ICoreCmsSmsServices,CoreCms.Net.IServices.ICoreCmsUserGradeServices,CoreCms.Net.IServices.ICoreCmsUserLogServices,Microsoft.AspNetCore.Http.IHttpContextAccessor,CoreCms.Net.IServices.ICoreCmsGoodsServices,CoreCms.Net.IServices.ICoreCmsGoodsBrowsingServices,CoreCms.Net.IServices.ICoreCmsCartServices,CoreCms.Net.IServices.ICoreCmsGoodsCollectionServices,CoreCms.Net.IServices.ICoreCmsUserShipServices,CoreCms.Net.IServices.ICoreCmsAreaServices,CoreCms.Net.IServices.ICoreCmsBillPaymentsServices,CoreCms.Net.IServices.ICoreCmsGoodsCommentServices,CoreCms.Net.IServices.ICoreCmsUserBankCardServices,CoreCms.Net.IServices.ICoreCmsUserTocashServices,CoreCms.Net.IServices.ICoreCmsUserBalanceServices,CoreCms.Net.IServices.ICoreCmsInvoiceServices,CoreCms.Net.IServices.ICoreCmsUserPointLogServices,CoreCms.Net.IServices.ICoreCmsShareServices,CoreCms.Net.IServices.ICoreCmsSettingServices,CoreCms.Net.IServices.ICoreCmsServicesServices,Microsoft.Extensions.Options.IOptions{CoreCms.Net.WeChat.Service.Options.WeChatOptions},CoreCms.Net.IServices.ICoreCmsUserServicesOrderServices,CoreCms.Net.IServices.ICoreCmsUserServicesTicketServices,CoreCms.Net.IServices.ICoreCmsStoreServices,CoreCms.Net.IServices.ICoreCmsCouponServices,CoreCms.Net.IServices.ICoreCmsOrderServices,CoreCms.Net.WeChat.Service.HttpClients.IWeChatApiHttpClientFactory,CoreCms.Net.Caching.AutoMate.RedisCache.IRedisOperationRepository,CoreCms.Net.IServices.ICoreCmsAliPayUserInfoServices,Microsoft.Extensions.Options.IOptions{CoreCms.Net.Model.Options.AliPayOptions})">
<summary>
构造函数
</summary>
@@ -1107,7 +1107,7 @@
<param name="entity"></param>
<returns></returns>
</member>
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.SmsLogin(CoreCms.Net.Model.FromBody.FMWxAccountCreate)">
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.SmsLogin(CoreCms.Net.Model.FromBody.FMComAccountCreate)">
<summary>
手机短信验证码登陆,同时兼有手机短信注册的功能,还有第三方账户绑定的功能
</summary>
@@ -1121,7 +1121,14 @@
<param name="entity"></param>
<returns></returns>
</member>
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.SmsLogin2(CoreCms.Net.Model.FromBody.FMWxAccountCreate)">
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.DecryptPhoneNumberByAli(CoreCms.Net.Model.FromBody.FMAliLoginDecryptPhoneNumber)">
<summary>
支付宝小程序授权拉取手机号码
</summary>
<param name="entity"></param>
<returns></returns>
</member>
<member name="M:CoreCms.Net.Web.WebApi.Controllers.UserController.SmsLogin2(CoreCms.Net.Model.FromBody.FMComAccountCreate)">
<summary>
用户短信注册并返回jwt token(弃用)
</summary>