using Furion.Authorization;
|
using Furion.DataEncryption;
|
using Microsoft.AspNetCore.Authorization;
|
|
namespace DocumentServiceAPI.Web.Entry
|
{
|
/// <summary>
|
/// 鉴权
|
/// </summary>
|
public class AuthorizeHandler:AppAuthorizeHandler
|
{
|
|
/// <summary>
|
/// 请求管道
|
/// </summary>
|
/// <param name="context"></param>
|
/// <param name="httpContext"></param>
|
/// <returns></returns>
|
public override Task<bool> PipelineAsync(AuthorizationHandlerContext context, DefaultHttpContext httpContext)
|
{
|
// 此处已经自动验证 Jwt token的有效性了,无需手动验证
|
|
// 检查权限,如果方法是异步的就不用 Task.FromResult 包裹,直接使用 async/await 即可
|
return Task.FromResult(CheckAuthorzie(httpContext));
|
}
|
|
/// <summary>
|
/// 检查权限
|
/// </summary>
|
/// <param name="httpContext"></param>
|
/// <returns></returns>
|
private static bool CheckAuthorzie(DefaultHttpContext httpContext)
|
{
|
// 获取权限特性
|
var securityDefineAttribute = httpContext.GetMetadata<SecurityDefineAttribute>();
|
if (securityDefineAttribute == null) return true;
|
|
return false;// "查询数据库返回是否有权限";
|
}
|
|
}
|
}
|
