From a69985576eab74d38135c4d58d7965d94f27d073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E7=88=B7?= <22379099@qq.com> Date: Sat, 14 Oct 2023 22:49:33 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9ESecurity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Security/IPermissionValidator.cs | 7 +++ .../Security/PermissionAuthorizeAttribute.cs | 12 +++++ .../Security/PermissionValidResult.cs | 8 ++++ .../Security/RequirementPermissionFilter.cs | 46 +++++++++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 src/WWB.UnifyApi/Security/IPermissionValidator.cs create mode 100644 src/WWB.UnifyApi/Security/PermissionAuthorizeAttribute.cs create mode 100644 src/WWB.UnifyApi/Security/PermissionValidResult.cs create mode 100644 src/WWB.UnifyApi/Security/RequirementPermissionFilter.cs diff --git a/src/WWB.UnifyApi/Security/IPermissionValidator.cs b/src/WWB.UnifyApi/Security/IPermissionValidator.cs new file mode 100644 index 0000000..5ed1a9a --- /dev/null +++ b/src/WWB.UnifyApi/Security/IPermissionValidator.cs @@ -0,0 +1,7 @@ +namespace WWB.UnifyApi.Security +{ + public interface IPermissionValidator + { + PermissionValidResult Valid(string permission); + } +} \ No newline at end of file diff --git a/src/WWB.UnifyApi/Security/PermissionAuthorizeAttribute.cs b/src/WWB.UnifyApi/Security/PermissionAuthorizeAttribute.cs new file mode 100644 index 0000000..a04fdbf --- /dev/null +++ b/src/WWB.UnifyApi/Security/PermissionAuthorizeAttribute.cs @@ -0,0 +1,12 @@ +using Microsoft.AspNetCore.Mvc; + +namespace WWB.UnifyApi.Security +{ + public class PermissionAuthorizeAttribute : TypeFilterAttribute + { + public PermissionAuthorizeAttribute(string permission) : base(typeof(RequirementPermissionFilter)) + { + Arguments = new object[] { permission }; + } + } +} \ No newline at end of file diff --git a/src/WWB.UnifyApi/Security/PermissionValidResult.cs b/src/WWB.UnifyApi/Security/PermissionValidResult.cs new file mode 100644 index 0000000..d09d6c9 --- /dev/null +++ b/src/WWB.UnifyApi/Security/PermissionValidResult.cs @@ -0,0 +1,8 @@ +namespace WWB.UnifyApi.Security +{ + public class PermissionValidResult + { + public bool IsSuccess { get; set; } + public string Error { get; set; } + } +} \ No newline at end of file diff --git a/src/WWB.UnifyApi/Security/RequirementPermissionFilter.cs b/src/WWB.UnifyApi/Security/RequirementPermissionFilter.cs new file mode 100644 index 0000000..4f0116e --- /dev/null +++ b/src/WWB.UnifyApi/Security/RequirementPermissionFilter.cs @@ -0,0 +1,46 @@ +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http.Features; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Filters; +using Microsoft.Extensions.DependencyInjection; +using System; + +namespace WWB.UnifyApi.Security +{ + public class RequirementPermissionFilter : IAuthorizationFilter + { + private readonly string _permission; + + public RequirementPermissionFilter(string permission) + { + _permission = permission; + } + + public void OnAuthorization(AuthorizationFilterContext context) + { + var endpoint = context.HttpContext.Features.Get()?.Endpoint; + if (endpoint != null && endpoint.Metadata.GetMetadata() != null) + { + return; + } + if (!context.HttpContext.User.Identity.IsAuthenticated) + { + context.Result = new StatusCodeResult(401); + return; + } + + var validator = context.HttpContext.RequestServices.GetService(); + + if (validator == null) + { + throw new Exception("权限验证失败:未找到验证接口"); + } + + var validResult = validator.Valid(_permission); + if (!validResult.IsSuccess) + { + throw new Exception($"权限验证失败:{validResult.Error}"); + } + } + } +} \ No newline at end of file