服务端增加权限验证

2 years ago · b765a534e1
11 changed files with 83 additions and 40 deletions
--- a/BBWY.Server.API/BBWY.Server.API.csproj
+++ b/BBWY.Server.API/BBWY.Server.API.csproj
@ -8,6 +8,7 @@
  <ItemGroup>
    <PackageReference Include="FreeSql" Version="2.6.100" />
    <PackageReference Include="FreeSql.Provider.MySql" Version="2.6.100" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.32" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.21" />
    <PackageReference Include="NLog" Version="4.7.12" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
--- a/BBWY.Server.API/Controllers/AfterSaleOrderController.cs
+++ b/BBWY.Server.API/Controllers/AfterSaleOrderController.cs
@ -1,10 +1,13 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class AfterSaleOrderController : BaseApiController
    {
        private AfterSaleOrderBusiness afterSaleOrderBusiness;
--- a/BBWY.Server.API/Controllers/BillCorrectionController.cs
+++ b/BBWY.Server.API/Controllers/BillCorrectionController.cs
@ -1,11 +1,14 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class BillCorrectionController : BaseApiController
    {
        private BillCorrectionBusiness billCorrectionBusiness;
--- a/BBWY.Server.API/Controllers/FinancialTerminalController.cs
+++ b/BBWY.Server.API/Controllers/FinancialTerminalController.cs
@ -1,13 +1,15 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Db;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;

 namespace BBWY.Server.API.Controllers
 {
-
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class FinancialTerminalController : BaseApiController
    {
        private FinancialTerminalBusiness financialTerminalBusiness;
--- a/BBWY.Server.API/Controllers/OrderController.cs
+++ b/BBWY.Server.API/Controllers/OrderController.cs
@ -1,12 +1,14 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
-using System.Threading.Tasks;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class OrderController : BaseApiController
    {
        private OrderBusiness orderBusiness;
--- a/BBWY.Server.API/Controllers/ProductController.cs
+++ b/BBWY.Server.API/Controllers/ProductController.cs
@ -1,12 +1,14 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
-using System.Linq;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class ProductController : BaseApiController
    {
        private ProductBusiness productBusiness;
--- a/BBWY.Server.API/Controllers/PurchaseOrderController.cs
+++ b/BBWY.Server.API/Controllers/PurchaseOrderController.cs
@ -1,13 +1,14 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using System;
 using System.Collections.Generic;
-using System.Linq;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class PurchaseOrderController : BaseApiController
    {
        private PurchaseOrderBusiness purchaseOrderBusiness;
@ -80,6 +81,7 @@ namespace BBWY.Server.API.Controllers
        /// <param name="message"></param>
        /// <param name="_aop_signature"></param>
        [HttpPost]
+        [AllowAnonymous]
        public void CallbackFrom1688([FromForm] string message, [FromForm] string _aop_signature)
        {
            purchaseOrderBusiness.CallbackFrom1688(message);
--- a/BBWY.Server.API/Controllers/PurchaseSchemeController.cs
+++ b/BBWY.Server.API/Controllers/PurchaseSchemeController.cs
@ -1,12 +1,15 @@
 using BBWY.Server.Business;
 using BBWY.Server.Model.Db;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;

 namespace BBWY.Server.API.Controllers
 {
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class PurchaseSchemeController : BaseApiController
    {
        private PurchaseSchemeBusiness purchaseSchemeBusiness;
--- a/BBWY.Server.API/Controllers/VenderController.cs
+++ b/BBWY.Server.API/Controllers/VenderController.cs
@ -1,6 +1,8 @@
 using BBWY.Common.Models;
 using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Primitives;
@ -12,7 +14,7 @@ using System.Text;

 namespace BBWY.Server.API.Controllers
 {
-
+    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class VenderController : BaseApiController
    {
        private VenderBusiness venderBusiness;
@ -64,6 +66,7 @@ namespace BBWY.Server.API.Controllers
        /// </summary>
        /// <param name="jDShopToken"></param>
        [HttpPost]
+        [AllowAnonymous]
        public string AcceptJDShopToken([FromBody] JDShopToken jDShopToken)
        {
            var httpContext = httpContextAccessor.HttpContext;
--- a/BBWY.Server.API/Startup.cs
+++ b/BBWY.Server.API/Startup.cs
@ -5,21 +5,19 @@ using BBWY.Server.API.Filters;
 using BBWY.Server.API.Middlewares;
 using BBWY.Server.Business;
 using BBWY.Server.Model;
-using BBWY.Server.Model.Dto;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
-using Newtonsoft.Json.Linq;
 using Newtonsoft.Json.Serialization;
 using System;
-using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Reflection;
+using System.Text;
 using Yitter.IdGenerator;

 namespace BBWY.Server.API
@ -97,28 +95,28 @@ namespace BBWY.Server.API
                    Title = "步步为盈API",
                    Description = "注意事项\r\n1.返回参数名称采用大驼峰命名\r\n2.ApiResponse为基础返回对象(Code,Data,Message),接口中所有的返回值均属于Data属性\r\n3.正常返回Code=200"
                });
-                // JWTÈÏÖ¤                                                 
-                //c.AddSecurityDefinition(JwtBearerDefaults.AuthenticationScheme, new OpenApiSecurityScheme
-                //{
-                //    Scheme = JwtBearerDefaults.AuthenticationScheme,
-                //    BearerFormat = "JWT",
-                //    Type = SecuritySchemeType.ApiKey,
-                //    Name = "Authorization",
-                //    In = ParameterLocation.Header,
-                //    Description = "Authorization:Bearer {your JWT token}<br/>",
-                //});
-                //c.AddSecurityRequirement(new OpenApiSecurityRequirement
-                // {
-                //    {
-                //        new OpenApiSecurityScheme{Reference = new OpenApiReference
-                //            {
-                //                Type = ReferenceType.SecurityScheme,
-                //                Id = JwtBearerDefaults.AuthenticationScheme
-                //            }
-                //        },
-                //        new string[] { }
-                //    }
-                // });
+                //JWTÈÏÖ¤
+                c.AddSecurityDefinition(JwtBearerDefaults.AuthenticationScheme, new OpenApiSecurityScheme
+                {
+                    Scheme = JwtBearerDefaults.AuthenticationScheme,
+                    BearerFormat = "JWT",
+                    Type = SecuritySchemeType.ApiKey,
+                    Name = "Authorization",
+                    In = ParameterLocation.Header,
+                    Description = "Authorization:Bearer {your JWT token}<br/>",
+                });
+                c.AddSecurityRequirement(new OpenApiSecurityRequirement
+                 {
+                    {
+                        new OpenApiSecurityScheme{Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = JwtBearerDefaults.AuthenticationScheme
+                            }
+                        },
+                        new string[] { }
+                    }
+                 });

                var executingAssembly = Assembly.GetExecutingAssembly();
                var assemblyNames = executingAssembly.GetReferencedAssemblies().Union(new AssemblyName[] { executingAssembly.GetName() }).ToArray();
@ -132,18 +130,40 @@ namespace BBWY.Server.API
                    c.IncludeXmlComments(xmlPath, true);
                });
            });
+
+            var secret = Configuration.GetSection("Secret").Value;
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, x =>
+            {
+                x.SaveToken = true;
+                x.RequireHttpsMetadata = false;
+                x.TokenValidationParameters = new TokenValidationParameters()
+                {
+                    ClockSkew = TimeSpan.Zero,
+                    ValidateIssuerSigningKey = true,
+                    ValidateIssuer = false,
+                    ValidateAudience = false,
+                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)),
+                    //ValidIssuer = issuer,
+                    //ValidAudience = audience,
+                    //ValidateLifetime = true
+                };
+            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, YunDingBusiness yunDingBusiness)
        {
            yunDingBusiness.RefreshKey();
-            //app.UseSwagger(c => c.SerializeAsV2 = true)
-            //   .UseSwaggerUI(c =>
-            //   {
-            //       c.SwaggerEndpoint("/swagger/v1/swagger.json", "BBWY API");
-            //       c.RoutePrefix = string.Empty;
-            //   });
+            var isAllowedSwagger = Configuration.GetValue<bool>("AllowedSwagger");
+            if (isAllowedSwagger)
+            {
+                app.UseSwagger(c => c.SerializeAsV2 = true)
+                  .UseSwaggerUI(c =>
+                  {
+                      c.SwaggerEndpoint("/swagger/v1/swagger.json", "BBWY API");
+                      c.RoutePrefix = string.Empty;
+                  });
+            }

            //if (env.IsDevelopment())
            //{
--- a/BBWY.Server.API/appsettings.json
+++ b/BBWY.Server.API/appsettings.json
@ -47,5 +47,7 @@
        "StoreName": "西安亚一3CA仓2号库"
      }
    ]
-  }
+  },
+  "AllowedSwagger": true,
+  "Secret": "D96BFA5B-F2AF-45BC-9342-5A55C3F9BBB0"
 }