前端代码 ${ownerId}${userId}
if (option && option.query && option.query.appId) {
//提供给三方作为单点登录,通过token调用 [HttpGet("sso/{appId}/{token}")]
let userId = (that.$store.getters.user || {}).userId;
let ownerId=that.$store.getters.ownerId;
// ${option.query.appId}
option.query.appToken = md5(`${ownerId}${userId}`);
}接口路径
\RG3.BO.Auth\Controller\SsoController.cs
[HttpGet("sso/app/{ownerId}/{appId}/{token}")]
public async Task<ResultBasis> GetUserByOwner([FromRoute] string ownerId, [FromRoute] string appId, [FromRoute] string token)
[HttpGet("sso/app/{ownerId}/{sysId}/{appId}/{token}")]
public async Task<ResultBasis> GetUserByOwnerSysId([FromRoute] string ownerId, [FromRoute] string sysId, [FromRoute] string appId, [FromRoute] string token)用户信息存储到缓存库${ownerId}|${userId}
\RG3.BO.Auth\Provider\AuthProvider$Create.cs
\RG3.PF.Abstractions\Interfaces\IUserAuthProvider.cs
添加白名单判断方法
\RG3.PF.Utilities\HttpContextUtil.cs
接口开启规则
1、 如果设置了白名单,按白名单验证
2、 如果没设置白名单,TokenKey设置了,按TokenKey验证
2、 如果没设置白名单,SecretKey设置了,按SecretKey验证
public async Task<ResultDetail<TokenUser>> GetUserByOwnerSysId([FromRoute] string ownerId, [FromRoute] string sysId, [FromRoute] string appId, [FromRoute] string token, [FromHeader] string XAppTokenKey, [FromHeader] string XAppSecretKey)
{
if (!string.IsNullOrEmpty(sysId))
{
sysId = null;
}
var pf = new PFGlobalParameter();
pf.OwnerId = ownerId;
pf.SysId = sysId;
pf.AppId = appId;
var documentUrl = "https://doc.rg1008.com/docs/rg_pass_log/rg_pass_log-1ejs77bihkkgs";
//获取应用信息,后面需要添加缓存优化
var appInfo = _db.Query<ApplicationVo>(pf, "bo_app_config.s_appvo_by_app_id", new { appId = appId, app_id = appId })?.FirstOrDefault();
if (appInfo == null || string.IsNullOrEmpty(appInfo.AppId))
{
throw new BizException(ErrorCodeConst.TOKEN_22009.ErrorCode, $"无效的应用appId({appId})", documentUrl, null);
}
var isStartIp = !string.IsNullOrEmpty(appInfo.WhiteListIp);
var isStartTokenKey = !string.IsNullOrEmpty(appInfo.TokenKey);
var isStartSecretKey = !string.IsNullOrEmpty(appInfo.SecretKey);
//白名单验证
var remoteIp = HttpContextUtil.GetClientUserIp(this.HttpContext);
var isNoWhteIp = isStartIp && !HttpContextUtil.ValidateWhiteListIp(remoteIp, appInfo.WhiteListIp);
if (isNoWhteIp)
{
throw new BizException(ErrorCodeConst.TOKEN_22009.ErrorCode, $"无效的请求,IP({remoteIp})不在白名单内。", documentUrl, null);
}
//token_key 验证
if (!isStartIp && isStartTokenKey)
{
if (string.IsNullOrEmpty(XAppTokenKey))
throw new BizException(ErrorCodeConst.TOKEN_22010.ErrorCode, "Header里面未传递XAppTokenKey", documentUrl);
if (XAppTokenKey != appInfo.TokenKey)
throw new BizException(ErrorCodeConst.TOKEN_22010.ErrorCode, $"Header里面传递的XAppTokenKey值和应用({appId})里面的【TOKEN_KEY】值不匹配", documentUrl);
throw new BizException(ErrorCodeConst.TOKEN_22010.ErrorCode, ErrorCodeConst.TOKEN_22010.ErrorText, documentUrl);
}
//secret_key 验证
if (!isStartIp && isStartSecretKey)
{
if (string.IsNullOrEmpty(XAppSecretKey))
throw new BizException(ErrorCodeConst.TOKEN_22010.ErrorCode, "Header里面未传递XAppSecretKey", documentUrl);
if (XAppTokenKey != appInfo.SecretKey)
throw new BizException(ErrorCodeConst.TOKEN_22010.ErrorCode, $"Header里面传递的XAppSecretKey值和应用({appId})里面的【SECRET_KEY】值不匹配", documentUrl);
throw new BizException(ErrorCodeConst.TOKEN_22011.ErrorCode, ErrorCodeConst.TOKEN_22011.ErrorText, documentUrl);
}
var redirectUrl = appInfo.RedirectUrl;
//通过token去缓存里面获取用户信息
var tokenUser = await _userAuthProvider.GetAsync(pf, token, null);
if (tokenUser == null)
{
throw new BizException(ErrorCodeConst.TOKEN_22008.ErrorCode, ErrorCodeConst.TOKEN_22008.ErrorText, documentUrl, redirectUrl);
}
ResultDetail<TokenUser> rb = new ResultDetail<TokenUser>();
rb.Success = true;
rb.Data = tokenUser;
return await Task.Run(() =>
{
return rb;
});
}文档更新时间: 2023-03-25 18:56 作者:admin
