using ERP.Framework.Cache;
using ERP.Framework.Config;
using ERP.Framework.Constants;
using ERP.Framework.Exceptions;
using ERP.Framework.Resource;
using ERP.Framework.Security;
using ERP.Framework.Utils;
using ERP.Framework.WebApi;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Newtonsoft.Json;
using System.IdentityModel.Tokens.Jwt;
using System.Net;
using System.Security.Claims;
namespace ERP.Framework.Middleware
{
///
/// 验证 (解签 header附带用户id) useJwt
///
public class AuthenticationMiddleware : IMiddleware
{
private readonly IConfiguration _configuration;
public AuthenticationMiddleware(IConfiguration configuration)
{
this._configuration = configuration;
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
var path = context.Request.Path.ToString();
var securityConfig = _configuration.GetSection(FrameworkConstant.SECURITY_CONFIG).Get() ?? new SecurityConfig();
if (securityConfig.WhiteList != null && UrlUtil.Match(w, securityConfig.WhiteList))
{
await next(context);
return;
}
var token = context.Request.Headers[AuthConstant.HEADER].ToString().Replace(FrameworkConstant.TOKEN_PREFIX, "").TrimStart();
var isValid = TokenHelper.ValidateToken(token, securityConfig.JwtSecurityKey);
if (!isValid)
{
// 返回401状态码和自定义错误信息
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.ContentType = "application/json";
var errorJson = JsonConvert.SerializeObject(new Result()
{
Code = ErrorCode.TOKEN_VALIDATE,
Message = FrameworkI18N.TokenValidate!
});
await context.Response.WriteAsync(errorJson);
return;
}
var claims = TokenHelper.GetClaims(token);
var tokenId = claims.FirstOrDefault(t => t.Type == JwtRegisteredClaimNames.UniqueName)!.Value;
var userId = claims.FirstOrDefault(t => t.Type == JwtRegisteredClaimNames.NameId)!.Value;
var userName = claims.FirstOrDefault(t => t.Type == ClaimTypes.Name)!.Value;
var checkLastActivityResult = CheckLastActivity(tokenId, securityConfig.ActivityTimeOut);
if (checkLastActivityResult != null)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject(checkLastActivityResult));
return;
}
context.Items["TokenId"] = tokenId;
context.Items["UserId"] = userId;
context.Items["UserName"] = userName;
await next(context);
return;
}
private static Result? CheckLastActivity(string tokenId, int activityTimeOut)
{
DateTime date;
var result = new Result();
var key = AuthConstant.LAST_ACTIVITY + tokenId;
var lastActivity = RedisHelper.GetWithExpire(key);
var value = lastActivity.Value.ToString();
var expireTime = lastActivity.Expiry;
if (value.IsNullOrEmpty())
{
result.Code = ErrorCode.IDLE_TIME_OUT;
result.Message = FrameworkI18N.IdleTimeOut!;
return result;
}
if (value == "-1")
{
result.Code = ErrorCode.KICKED_OUT;
result.Message = FrameworkI18N.KickedOut!;
return result;
}
if (value == "-2")
{
result.Code = ErrorCode.CONCURRENT_LOGIN;
result.Message = FrameworkI18N.ConcurrentLogin!;
return result;
}
if (DateTime.TryParse(value, out date))
{
var isOnline = DateTime.Now <= date;
if (isOnline)
{
SetLastActivityCache(tokenId, activityTimeOut, expireTime);
}
else
{
result.Code = ErrorCode.IDLE_TIME_OUT;
result.Message = FrameworkI18N.IdleTimeOut!;
return result;
}
}
return null;
}
///
/// 刷新last Activity
///
///
///
private static void SetLastActivityCache(
string tokenId
, int activityTimeOut
, TimeSpan? expireTime)
{
var key = AuthConstant.LAST_ACTIVITY + tokenId;
var val = DateTime.Now.AddMinutes(activityTimeOut).ToDateLongString();
RedisHelper.SaveExpire(key, val, expireTime);
}
}
public static class AuthenticationMiddlewareExtensions
{
public static IApplicationBuilder UseAuthenticationMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware();
}
}
}