using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc.Authorization;
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
namespace Gs.HostIIS;
|
|
public class ApiAuthorizeAttribute : Attribute, IAuthorizationFilter
|
{
|
|
/// <summary>
|
/// 用户令牌验证
|
/// </summary>
|
/// <param name="context"></param>
|
public void OnAuthorization(AuthorizationFilterContext context)
|
{
|
var token = context.HttpContext.Request.Headers["token"]
|
.FirstOrDefault()?.Split(' ').Last();
|
if (string.IsNullOrEmpty(token)) token = "";
|
if (HasAllowAnonymous(context) == false && token.Length < 5)
|
context.Result = new JsonResult(new { msg = "你无权做这些", code = 401 })
|
{
|
StatusCode = StatusCodes.Status401Unauthorized
|
};
|
}
|
|
private static bool HasAllowAnonymous(AuthorizationFilterContext context)
|
{
|
var filters = context.Filters;
|
if (filters.OfType<IAllowAnonymousFilter>().Any()) return true;
|
var endpoint = context.HttpContext.GetEndpoint();
|
return endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null;
|
}
|
}
|
