【优化】JWT加密模式进行优化，SecretKey值增加机器码、计算机名、网址组合md5加密，防止出现大家不修改默认值导致JwtToken权限过宽的问题；Issuer增加为空使用计算机名替换，appsetting.json去除JwtConfig的默认值，要求输入设置。

2026-03-22 12:27:21 +08:00 · 2023-07-31 02:14:55 +08:00
parent 226cfea520
commit ef6e5a9057
4 changed files with 108 additions and 8 deletions
--- a/CoreCms.Net.Configuration/AppSettingsConstVars.cs
+++ b/CoreCms.Net.Configuration/AppSettingsConstVars.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using SqlSugar.Extensions;
@@ -71,8 +72,8 @@ namespace CoreCms.Net.Configuration

        #region Jwt授权配置================================================================================

-        public static readonly string JwtConfigSecretKey = AppSettingsHelper.GetContent("JwtConfig", "SecretKey");
-        public static readonly string JwtConfigIssuer = AppSettingsHelper.GetContent("JwtConfig", "Issuer");
+        public static readonly string JwtConfigSecretKey = AppSettingsHelper.GetContent("JwtConfig", "SecretKey") + AppSettingsHelper.GetMachineRandomKey(DbSqlConnection + AppSettingsHelper.GetMACIp(true));
+        public static readonly string JwtConfigIssuer = !string.IsNullOrEmpty(AppSettingsHelper.GetContent("JwtConfig", "Issuer")) ? AppSettingsHelper.GetContent("JwtConfig", "Issuer") : AppSettingsHelper.GetHostName();
        public static readonly string JwtConfigAudience = AppSettingsHelper.GetContent("JwtConfig", "Audience");
        #endregion

--- a/CoreCms.Net.Configuration/AppSettingsHelper.cs
+++ b/CoreCms.Net.Configuration/AppSettingsHelper.cs
@@ -1,6 +1,10 @@

 using System;
 using System.Linq;
+using System.Net.NetworkInformation;
+using System.Reflection.PortableExecutable;
+using System.Security.Cryptography;
+using System.Text;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.Json;
 using Newtonsoft.Json.Linq;
@@ -42,5 +46,100 @@ namespace CoreCms.Net.Configuration
            return "";
        }

+
+
+
+        /// <summary>
+        /// 获取电脑 MAC（物理） 地址
+        /// </summary>
+        /// <param name="needToken">是否只是为了套取key生成一个不同部署环境不同的序列串</param>
+        /// <returns></returns>
+        public static string GetMACIp(bool needToken)
+        {
+            //本地计算机网络连接信息
+            IPGlobalProperties computerProperties = IPGlobalProperties.GetIPGlobalProperties();
+            //获取本机所有网络连接
+            NetworkInterface[] nics = NetworkInterface.GetAllNetworkInterfaces();
+
+            //获取本机电脑名
+            var HostName = computerProperties.HostName;
+            //获取域名
+            var DomainName = computerProperties.DomainName;
+
+            if (nics == null || nics.Length < 1)
+            {
+                return "";
+            }
+
+            var MACIp = needToken ? HostName + DomainName : "";
+            foreach (NetworkInterface adapter in nics)
+            {
+                var adapterName = adapter.Name;
+
+                var adapterDescription = adapter.Description;
+                var NetworkInterfaceType = adapter.NetworkInterfaceType;
+                if (adapterName == "本地连接" || needToken)
+                {
+                    PhysicalAddress address = adapter.GetPhysicalAddress();
+                    byte[] bytes = address.GetAddressBytes();
+
+                    for (int i = 0; i < bytes.Length; i++)
+                    {
+                        MACIp += bytes[i].ToString("X2");
+
+                        if (i != bytes.Length - 1)
+                        {
+                            MACIp += "-";
+                        }
+                    }
+                }
+            }
+
+            return MACIp;
+        }
+
+        /// <summary>
+        /// 获取电脑计算机名
+        /// </summary>
+        /// <returns></returns>
+        public static string GetHostName()
+        {
+            //本地计算机网络连接信息
+            IPGlobalProperties computerProperties = IPGlobalProperties.GetIPGlobalProperties();
+
+            //获取本机电脑名
+            var hostName = computerProperties.HostName;
+
+            return !string.IsNullOrEmpty(hostName) ? hostName : "CoreShop.Professional";
+
+        }
+
+
+
+
+        /// <summary>
+        /// 转MD5
+        /// </summary>
+        /// <param name="str"></param>
+        /// <returns></returns>
+        public static string GetMachineRandomKey(string str)
+        {
+            MD5 md5 = MD5.Create();
+            // 将字符串转换成字节数组
+            byte[] byteOld = Encoding.UTF8.GetBytes(str);
+            // 调用加密方法
+            byte[] byteNew = md5.ComputeHash(byteOld);
+            // 将加密结果转换为字符串
+            StringBuilder sb = new StringBuilder();
+            foreach (byte b in byteNew)
+            {
+                // 将字节转换成16进制表示的字符串，
+                sb.Append(b.ToString("x2"));
+            }
+            // 返回加密的字符串
+            return sb.ToString();
+        }
+
+
    }
 }
--- a/CoreCms.Net.Web.Admin/appsettings.json
+++ b/CoreCms.Net.Web.Admin/appsettings.json
@@ -29,9 +29,9 @@
  },
  //jwt授权认证的一些设置
  "JwtConfig": {
-    "SecretKey": "8kh2luzmp0oq9wfbdeasygj647vr531n",
-    "Issuer": "CoreShopProfessional",
-    "Audience": "CoreCms"
+    "SecretKey": "", //请自主填写一段英文数字等作为token令牌，16位+
+    "Issuer": "", //颁发者身份标识，如CoreShop.Professional
+    "Audience": "coreshop" //期望的接收人，如core，cms等
  },
  //跨域设置
  "Cors": {
--- a/CoreCms.Net.Web.WebApi/appsettings.json
+++ b/CoreCms.Net.Web.WebApi/appsettings.json
@@ -29,9 +29,9 @@
  },
  //jwt授权认证的一些设置
  "JwtConfig": {
-    "SecretKey": "8kh2luzmp0oq9wfbdeasygj647vr531n",
-    "Issuer": "CoreShopProfessional",
-    "Audience": "CoreCms"
+    "SecretKey": "", //请自主填写一段英文数字等作为token令牌，16位+
+    "Issuer": "", //颁发者身份标识，如CoreShop.Professional
+    "Audience": "coreshop" //期望的接收人，如core，cms等
  },
  //跨域设置
  "Cors": {