106 lines
4.0 KiB
C#
106 lines
4.0 KiB
C#
using System.Security.Claims;
|
|
using System.Text;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using CompetitionAPI.api.unity;
|
|
using Microsoft.EntityFrameworkCore.Metadata.Internal;
|
|
using Org.BouncyCastle.Asn1.Ocsp;
|
|
using Newtonsoft.Json.Linq;
|
|
|
|
namespace CompetitionAPI
|
|
{
|
|
public class TokenService
|
|
{
|
|
private readonly string _secretKey;
|
|
private readonly string _issuer;
|
|
|
|
public TokenService(string secretKey, string issuer)
|
|
{
|
|
_secretKey = secretKey;
|
|
_issuer = issuer;
|
|
}
|
|
|
|
public string GenerateToken(string userId, string roleId, int hour)
|
|
{
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var key = Encoding.ASCII.GetBytes(_secretKey);
|
|
var tokenDescriptor = new SecurityTokenDescriptor
|
|
{
|
|
Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Role, roleId) }),
|
|
Expires = DateTime.UtcNow.AddHours(hour), // Token 过期时间
|
|
Issuer = _issuer,
|
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
|
};
|
|
//注意:使用高版本下面这行代码会报错
|
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
|
var tokenString = tokenHandler.WriteToken(token);
|
|
return tokenString;
|
|
}
|
|
|
|
public bool GenerateRefreshToken(string token, out string newToken, out string user_id)
|
|
{
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var key = Encoding.ASCII.GetBytes(_secretKey);
|
|
newToken = "";
|
|
user_id = "";
|
|
try
|
|
{
|
|
tokenHandler.ValidateToken(token, new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidIssuer = _issuer,
|
|
ValidateIssuerSigningKey = true,
|
|
IssuerSigningKey = new SymmetricSecurityKey(key),
|
|
ValidateAudience = false, // 可选:是否验证 Audience
|
|
ValidateLifetime = true, // 是否验证 Token 是否过期
|
|
ClockSkew = TimeSpan.Zero // 设置时间偏差
|
|
}, out var validatedToken);
|
|
|
|
if (validatedToken != null)
|
|
{
|
|
var model = ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)validatedToken).Claims;
|
|
// 从旧token中提取用户信息
|
|
var userId = model.First(claim => claim.Type == "nameid").Value;
|
|
var roleId = model.First(claim => claim.Type == "role").Value;
|
|
var result = false;
|
|
if (roleId == "2")
|
|
{
|
|
Competition.Mysql.BLL.admin_user bll = new Competition.Mysql.BLL.admin_user();
|
|
var user_model = bll.GetModel(userId);
|
|
if (user_model != null)
|
|
{
|
|
if (user_model.r4 == token)
|
|
{
|
|
result = true;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
result = true;
|
|
}
|
|
if (result)
|
|
{
|
|
user_id = userId;
|
|
newToken = GenerateToken(userId, roleId, 3);
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
catch (Exception)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
}
|