【优化】JWT加密模式进行优化，SecretKey值增加机器码、计算机名、网址组合md5加密，防止出现大家不修改默认值导致JwtToken权限过宽的问题；Issuer增加为空使用计算机名替换，appsetting.json去除JwtConfig的默认值，要求输入设置。

2025-12-06 14:53:26 +08:00 · 2023-07-31 02:14:55 +08:00
parent 226cfea520
commit ef6e5a9057
4 changed files with 108 additions and 8 deletions
--- a/CoreCms.Net.Configuration/AppSettingsConstVars.cs
+++ b/CoreCms.Net.Configuration/AppSettingsConstVars.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using SqlSugar.Extensions;
@@ -71,8 +72,8 @@ namespace CoreCms.Net.Configuration

        #region Jwt授权配置================================================================================

-        public static readonly string JwtConfigSecretKey = AppSettingsHelper.GetContent("JwtConfig", "SecretKey");
-        public static readonly string JwtConfigIssuer = AppSettingsHelper.GetContent("JwtConfig", "Issuer");
+        public static readonly string JwtConfigSecretKey = AppSettingsHelper.GetContent("JwtConfig", "SecretKey") + AppSettingsHelper.GetMachineRandomKey(DbSqlConnection + AppSettingsHelper.GetMACIp(true));
+        public static readonly string JwtConfigIssuer = !string.IsNullOrEmpty(AppSettingsHelper.GetContent("JwtConfig", "Issuer")) ? AppSettingsHelper.GetContent("JwtConfig", "Issuer") : AppSettingsHelper.GetHostName();
        public static readonly string JwtConfigAudience = AppSettingsHelper.GetContent("JwtConfig", "Audience");
        #endregion

--- a/CoreCms.Net.Configuration/AppSettingsHelper.cs
+++ b/CoreCms.Net.Configuration/AppSettingsHelper.cs
@@ -1,6 +1,10 @@

 using System;
 using System.Linq;
+using System.Net.NetworkInformation;
+using System.Reflection.PortableExecutable;
+using System.Security.Cryptography;
+using System.Text;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.Json;
 using Newtonsoft.Json.Linq;
@@ -42,5 +46,100 @@ namespace CoreCms.Net.Configuration
            return "";
        }

+
+
+
+        /// <summary>
+        /// <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD> MAC<41><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ַ
+        /// </summary>
+        /// <param name="needToken"><3E>Ƿ<EFBFBD>ֻ<EFBFBD><D6BB>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>ȡkey<65><79><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD>𻷾<EFBFBD><F0BBB7BE><EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD></param>
+        /// <returns></returns>
+        public static string GetMACIp(bool needToken)
+        {
+            //<2F><><EFBFBD>ؼ<EFBFBD><D8BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
+            IPGlobalProperties computerProperties = IPGlobalProperties.GetIPGlobalProperties();
+            //<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+            NetworkInterface[] nics = NetworkInterface.GetAllNetworkInterfaces();
+
+            //<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+            var HostName = computerProperties.HostName;
+            //<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD>
+            var DomainName = computerProperties.DomainName;
+
+            if (nics == null || nics.Length < 1)
+            {
+                return "";
+            }
+
+            var MACIp = needToken ? HostName + DomainName : "";
+            foreach (NetworkInterface adapter in nics)
+            {
+                var adapterName = adapter.Name;
+
+                var adapterDescription = adapter.Description;
+                var NetworkInterfaceType = adapter.NetworkInterfaceType;
+                if (adapterName == "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" || needToken)
+                {
+                    PhysicalAddress address = adapter.GetPhysicalAddress();
+                    byte[] bytes = address.GetAddressBytes();
+
+                    for (int i = 0; i < bytes.Length; i++)
+                    {
+                        MACIp += bytes[i].ToString("X2");
+
+                        if (i != bytes.Length - 1)
+                        {
+                            MACIp += "-";
+                        }
+                    }
+                }
+            }
+
+            return MACIp;
+        }
+
+        /// <summary>
+        /// <20><>ȡ<EFBFBD><C8A1><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+        /// </summary>
+        /// <returns></returns>
+        public static string GetHostName()
+        {
+            //<2F><><EFBFBD>ؼ<EFBFBD><D8BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
+            IPGlobalProperties computerProperties = IPGlobalProperties.GetIPGlobalProperties();
+
+            //<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+            var hostName = computerProperties.HostName;
+
+            return !string.IsNullOrEmpty(hostName) ? hostName : "CoreShop.Professional";
+
+        }
+
+
+
+
+        /// <summary>
+        /// תMD5
+        /// </summary>
+        /// <param name="str"></param>
+        /// <returns></returns>
+        public static string GetMachineRandomKey(string str)
+        {
+            MD5 md5 = MD5.Create();
+            // <20><><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD>ֽ<EFBFBD><D6BD><EFBFBD><EFBFBD><EFBFBD>
+            byte[] byteOld = Encoding.UTF8.GetBytes(str);
+            // <20><><EFBFBD>ü<EFBFBD><C3BC>ܷ<EFBFBD><DCB7><EFBFBD>
+            byte[] byteNew = md5.ComputeHash(byteOld);
+            // <20><><EFBFBD><EFBFBD><EFBFBD>ܽ<EFBFBD><DCBD><EFBFBD>ת<EFBFBD><D7AA>Ϊ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>
+            StringBuilder sb = new StringBuilder();
+            foreach (byte b in byteNew)
+            {
+                // <20><><EFBFBD>ֽ<EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD>16<31><36><EFBFBD>Ʊ<EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>
+                sb.Append(b.ToString("x2"));
+            }
+            // <20><><EFBFBD>ؼ<EFBFBD><D8BC>ܵ<EFBFBD><DCB5>ַ<EFBFBD><D6B7><EFBFBD>
+            return sb.ToString();
+        }
+
+
    }
 }
--- a/CoreCms.Net.Web.Admin/appsettings.json
+++ b/CoreCms.Net.Web.Admin/appsettings.json
@@ -29,9 +29,9 @@
  },
  //jwt授权认证的一些设置
  "JwtConfig": {
-    "SecretKey": "8kh2luzmp0oq9wfbdeasygj647vr531n",
-    "Issuer": "CoreShopProfessional",
-    "Audience": "CoreCms"
+    "SecretKey": "", //请自主填写一段英文数字等作为token令牌，16位+
+    "Issuer": "", //颁发者身份标识，如CoreShop.Professional
+    "Audience": "coreshop" //期望的接收人，如core，cms等
  },
  //跨域设置
  "Cors": {
--- a/CoreCms.Net.Web.WebApi/appsettings.json
+++ b/CoreCms.Net.Web.WebApi/appsettings.json
@@ -29,9 +29,9 @@
  },
  //jwt授权认证的一些设置
  "JwtConfig": {
-    "SecretKey": "8kh2luzmp0oq9wfbdeasygj647vr531n",
-    "Issuer": "CoreShopProfessional",
-    "Audience": "CoreCms"
+    "SecretKey": "", //请自主填写一段英文数字等作为token令牌，16位+
+    "Issuer": "", //颁发者身份标识，如CoreShop.Professional
+    "Audience": "coreshop" //期望的接收人，如core，cms等
  },
  //跨域设置
  "Cors": {