admin777/LMS.service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LMS.service/LMS.service/Extensions/Middleware/DynamicPermissionMiddleware.cs
lq1405 57402e0dda V1.0.4 
1. 新增用户注册需要邮箱验证码
2. 机器码、软件权限控制、用户 隔离,除非超级管理员,其他用户只能看到自己下面的用户,管理员可以看到除超级管理员以外的所有
2025-03-16 23:01:50 +08:00

62 lines
2.1 KiB
C#
Raw Blame History

using LMS.service.Service.PermissionService;
using Microsoft.AspNetCore.Routing;
using System.Security.Claims;
namespace LMS.service.Extensions.Middleware
{
public class DynamicPermissionMiddleware(RequestDelegate next)
{
private readonly RequestDelegate _next = next;
public async Task InvokeAsync(HttpContext context, PremissionValidationService _premissionValidationServices)
{
var endpoint = context.GetEndpoint();
var userId = GetUserIdFromContext(context); // 从JWT token或session中获取用户ID
if (userId == -1) // 判断用户ID是否有效
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("用户参数校验错误");
return;
}
if (endpoint != null)
{
var httpMethod = context.Request.Method;
var path = (endpoint as RouteEndpoint)?.RoutePattern.RawText;
if (await _premissionValidationServices.HasPermissionForEndpoint(userId, httpMethod, path))
{
await _next(context);
}
else
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
await context.Response.WriteAsync("Access denied");
}
}
else
{
await _next(context);
}
}
private static long GetUserIdFromContext(HttpContext context)
{
var userIdClaim = context.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
var userId = userIdClaim?.Value;
if (!string.IsNullOrWhiteSpace(userId))
{
// 判断userId是否为数字
if (!long.TryParse(userId, out var result))
{
return -1;
}
context.Items["UserId"] = userId;
return Convert.ToInt64(userIdClaim?.Value);
}
return 0;
}
}
}
Reference in New Issue View Git Blame Copy Permalink