赖素文
authored
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
// ***********************************************************************
// <summary>
// 基础控制器
// 继承该控制器可以防止未登录查看
// 继承该控制器后,如果想访问控制器中存在,但模块配置里面没有的Action(如:Home/Git),请使用AnonymousAttribute
// </summary>
// ***********************************************************************
using Hh.Mes.Common.config;
using Hh.Mes.Pojo.System;
using Hh.Mes.Service.SystemAuth;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System;
using System.Linq;
namespace WebMvc
{
public class SSOController : Controller
{
public AuthStrategyContext authStrategyContext = null;
protected LoginInfo _loginInfo;
protected IAuth _authUtil;
private HttpRequest httpContext { get; set; }
public SSOController(IAuth authUtil)
{
_authUtil = authUtil;
authStrategyContext = _authUtil.GetCurrentUser();
if (authStrategyContext != null)
{
|
赖素文
authored
|
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
{
Id = authStrategyContext.User.Id,
Account = authStrategyContext.User.Account,
Name = authStrategyContext.User.Name,
};
}
else
{
LoginResult(SSOAuthAttribute.token);
}
}
/// <summary>
/// 会话丢失,跳转到登录页面
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
ActionBefore(filterContext);
}
public virtual ContentResult LoginResult(string falg)
{
var msg = "";
switch (falg)
{
case SSOAuthAttribute.token:
msg = "Token登入失效,点击确定后将返回登入页面";
break;
case SSOAuthAttribute.referer:
case SSOAuthAttribute.origin:
msg = "安全检验不通过!";
break;
}
var js = $"alert('{msg}');parent.window.location.href = '/Login/Index'; ";
var content = new ContentResult
{
Content = $"<script type='text/javascript'>{js}</script>",
ContentType = "text/html;charset=utf-8",
StatusCode = 200
};
return content;
}
public void ActionBefore(ActionExecutingContext filterContext)
{
httpContext = filterContext.HttpContext.Request;
if (IsOriginOrReferer(filterContext)) return;
if (AopAllowed())
{
base.OnActionExecuting(filterContext);
return;
}
//验证Cookies
string userToken = filterContext.HttpContext.Request.Cookies[SSOAuthAttribute.token];
if (string.IsNullOrEmpty(userToken) || _loginInfo == null)
{
filterContext.Result = LoginResult(SSOAuthAttribute.token);
return;
}
if (_authUtil.CheckLogin(userToken) == false)
{
filterContext.Result = LoginResult(SSOAuthAttribute.token);
return;
}
base.OnActionExecuting(filterContext);
}
/// <summary>
/// 验证Origi、验证Referer 安全检验不通过
/// </summary>
/// <returns></returns>
private bool IsOriginOrReferer(ActionExecutingContext filterContext) {
if (!ConfigRead.GetInstance.GetAppsetConnection().IsDevelopment)return false;
var serversIPList = ConfigRead.GetInstance.GetAppsetConnection().ServerIPList.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList();
var HttpOrHttps = ConfigRead.GetInstance.GetAppsetConnection().HttpOrHttps;
var httpPrefix = HttpOrHttps + "://";
//验证Referer
string userReferer = filterContext.HttpContext.Request.Headers[SSOAuthAttribute.referer];
if (string.IsNullOrEmpty(userReferer))
{
filterContext.Result = LoginResult(SSOAuthAttribute.referer);
return true;
}
if (!serversIPList.Exists(t => userReferer.StartsWith(httpPrefix + t)))
{
filterContext.Result = LoginResult(SSOAuthAttribute.referer);
return true;
}
string userOrigin = filterContext.HttpContext.Request.Headers[SSOAuthAttribute.origin];
if (string.IsNullOrEmpty(userOrigin))
{
if (filterContext.HttpContext.Request.Method != "GET" && filterContext.HttpContext.Request.Method != "HEAD")
{
filterContext.Result = LoginResult(SSOAuthAttribute.origin);
return true;
}
}
else
{
if (!serversIPList.Exists(t => userOrigin.StartsWith(httpPrefix + t)))
{
filterContext.Result = LoginResult(SSOAuthAttribute.origin);
return true;
}
}
return false;
}
/// <summary>
/// 当前url 是否匹配 忽略拦截的 配置路径
/// </summary>
/// <returns></returns>
private bool AopAllowed()
{
var allowedUrl = ConfigRead.GetInstance.GetAppsetConnection().allowed;
if (allowedUrl == null || allowedUrl.Length == 0) return false;
var url = httpContext.Path.Value;
return allowedUrl.Any(item => url.IndexOf(item, StringComparison.Ordinal) > -1);
}
}
}
|
