用户刷新Token方法新增验签处理

build/pkg.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <Version>2.0.8</Version>
+    <Version>2.0.9</Version>
 	<TargetFramework>net6.0</TargetFramework>
 	<GeneratePackageOnBuild>false</GeneratePackageOnBuild>
 	<GenerateDocumentationFile>true</GenerateDocumentationFile>

src/platform/ZhonTai.Admin/Core/Auth/IUserToken.cs

@@ -1,4 +1,5 @@
-using System.Security.Claims;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
 
 namespace ZhonTai.Admin.Core.Auth
 {
@@ -6,6 +7,6 @@ namespace ZhonTai.Admin.Core.Auth
     {
         string Create(Claim[] claims);
 
-        Claim[] Decode(string jwtToken);
+        JwtSecurityToken Decode(string jwtToken);
     }
 }

src/platform/ZhonTai.Admin/Core/Auth/UserToken.cs

@@ -38,11 +38,11 @@ namespace ZhonTai.Admin.Core.Auth
             return new JwtSecurityTokenHandler().WriteToken(token);
         }
 
-        public Claim[] Decode(string jwtToken)
+        public JwtSecurityToken Decode(string jwtToken)
         {
             var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
             var jwtSecurityToken = jwtSecurityTokenHandler.ReadJwtToken(jwtToken);
-            return jwtSecurityToken?.Claims?.ToArray();
+            return jwtSecurityToken;
         }
     }
 }

src/platform/ZhonTai.Admin/Services/Auth/AuthService.cs

@@ -28,6 +28,9 @@ using Microsoft.AspNetCore.Mvc.ModelBinding;
 using ZhonTai.Common.Extensions;
 using ZhonTai.Admin.Services.User;
 using ZhonTai.Admin.Core.Consts;
+using System.Text;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.JsonWebTokens;
 
 namespace ZhonTai.Admin.Services.Auth
 {
@@ -38,6 +41,7 @@ namespace ZhonTai.Admin.Services.Auth
     public class AuthService : BaseService, IAuthService, IDynamicApi
     {
         private readonly AppConfig _appConfig;
+        private readonly JwtConfig _jwtConfig;
         private readonly IPermissionRepository _permissionRepository;
         private readonly IUserRepository _userRepository;
         private readonly ITenantRepository _tenantRepository;
@@ -45,6 +49,7 @@ namespace ZhonTai.Admin.Services.Auth
 
         public AuthService(
             AppConfig appConfig,
+            JwtConfig jwtConfig,
             IUserRepository userRepository,
             IPermissionRepository permissionRepository,
             ITenantRepository tenantRepository,
@@ -52,6 +57,7 @@ namespace ZhonTai.Admin.Services.Auth
         )
         {
             _appConfig = appConfig;
+            _jwtConfig = jwtConfig;
             _userRepository = userRepository;
             _permissionRepository = permissionRepository;
             _tenantRepository = tenantRepository;
@@ -256,7 +262,8 @@ namespace ZhonTai.Admin.Services.Auth
         [AllowAnonymous]
         public async Task<IResultOutput> Refresh([BindRequired] string token)
         {
-            var userClaims = LazyGetRequiredService<IUserToken>().Decode(token);
+            var jwtSecurityToken = LazyGetRequiredService<IUserToken>().Decode(token);
+            var userClaims = jwtSecurityToken?.Claims?.ToArray();
             if (userClaims == null || userClaims.Length == 0)
             {
                 return ResultOutput.NotOk();
@@ -278,6 +285,16 @@ namespace ZhonTai.Admin.Services.Auth
             {
                 return ResultOutput.NotOk("登录信息已失效");
             }
+
+            //验签
+            var securityKey = _jwtConfig.SecurityKey;
+            var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(securityKey)), SecurityAlgorithms.HmacSha256);
+            var input = jwtSecurityToken.RawHeader + "." + jwtSecurityToken.RawPayload;
+            if (jwtSecurityToken.RawSignature != JwtTokenUtilities.CreateEncodedSignature(input, signingCredentials))
+            {
+                return ResultOutput.NotOk("验签失败");
+            }
+
             var output = await LazyGetRequiredService<IUserService>().GetLoginUserAsync(userId.ToLong());
             string newToken = GetToken(output?.Data);
             return ResultOutput.Ok(new { token = newToken });