【新增】jwt授权认证方式，增加AES加密解密处理，防止前端进行渗透解密伪造Token可能存在。

2025-12-06 20:53:27 +08:00 · 2024-05-08 22:20:04 +08:00
parent 5be1f7789b
commit d517d0d064
10 changed files with 151 additions and 48 deletions
--- a/CoreCms.Net.Web.WebApi/Controllers/UserController.cs
+++ b/CoreCms.Net.Web.WebApi/Controllers/UserController.cs
@@ -48,6 +48,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using NETCore.Encrypt;
 using Newtonsoft.Json;
 using Nito.AsyncEx;
 using NLog;
@@ -252,10 +253,16 @@ namespace CoreCms.Net.Web.WebApi.Controllers
                                    //用户标识
                                    var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
                                    identity.AddClaims(claims);
+
+                                    //返回处理结果集
+                                    var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                                    //对token进行非对称加密
+                                    auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
+
                                    jm.status = true;
                                    jm.data = new
                                    {
-                                        auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement),
+                                        auth,
                                        user
                                    };
                                    jm.otherData = response.OpenId;
@@ -355,10 +362,16 @@ namespace CoreCms.Net.Web.WebApi.Controllers
                                    //用户标识
                                    var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
                                    identity.AddClaims(claims);
+
+                                    //返回处理结果集
+                                    var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                                    //对token进行非对称加密
+                                    auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
+
                                    jm.status = true;
                                    jm.data = new
                                    {
-                                        auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement),
+                                        auth,
                                        user
                                    };
                                    jm.otherData = response.OpenId;
@@ -468,8 +481,14 @@ namespace CoreCms.Net.Web.WebApi.Controllers
                            //用户标识
                            var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
                            identity.AddClaims(claims);
+
+                            //返回处理结果集
+                            var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                            //对token进行非对称加密
+                            auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
+
                            jm.status = true;
-                            jm.data = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                            jm.data = auth;

                            //录入登录日志
                            var log = new CoreCmsUserLog();
@@ -801,9 +820,15 @@ namespace CoreCms.Net.Web.WebApi.Controllers
                //用户标识
                var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
                identity.AddClaims(claims);
+
+                //返回处理结果集
+                var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                //对token进行非对称加密
+                auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);
+
                jm.status = true;
                jm.msg = "注册成功";
-                jm.data = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                jm.data = auth;
                //录入登录日志
                var log = new CoreCmsUserLog();
                log.userId = id;