Página inicial Explorar Ajuda
Registrar Entrar
Frank
/
99ditui
fork de zhongjie51/99ditui
1
0
Fork 0
Arquivos
Ver código fonte

跨域优化,新增允许任何源访问Api策略,暴露验证接口。

zhontai 3 anos atrás
pai
b755753eee
commit
43a39a685e
5 arquivos alterados com 40 adições e 10 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 8 0
      Admin.Core.Common/Consts/AdminConsts.cs
  2. 10 0
      Admin.Core/Admin.Core.Common.xml
  3. 4 0
      Admin.Core/Controllers/Admin/AuthController.cs
  4. 14 4
      Admin.Core/Startup.cs
  5. 4 6
      Admin.Tools/Captcha/SlideJigsawCaptcha.cs

+ 8 - 0
Admin.Core.Common/Consts/AdminConsts.cs
Ver arquivo 

@@ -2,6 +2,14 @@
 
 {
 
     public static partial class AdminConsts
 
     {
 
+        /// <summary>
 
+        /// 默认租户
 
+        /// </summary>
 
         public const string TenantName = "Default";
 
+
 
+        /// <summary>
 
+        /// 允许所有源访问策略
 
+        /// </summary>
 
+        public const string AllowAnyPolicyName = "AllowAnyPolicy";
 
     }
 
 }

+ 10 - 0
Admin.Core/Admin.Core.Common.xml
Ver arquivo 

@@ -795,6 +795,16 @@
 
             文件格式
 
             </summary>
 
         </member>
 
+        <member name="F:Admin.Core.Common.Consts.AdminConsts.TenantName">
 
+            <summary>
 
+            默认租户
 
+            </summary>
 
+        </member>
 
+        <member name="F:Admin.Core.Common.Consts.AdminConsts.AllowAnyPolicyName">
 
+            <summary>
 
+            允许所有源访问策略
 
+            </summary>
 
+        </member>
 
         <member name="T:Admin.Core.Common.Dbs.MySqlDb">
 
             <summary>
 
             多数据库命名

+ 4 - 0
Admin.Core/Controllers/Admin/AuthController.cs
Ver arquivo 

@@ -1,5 +1,6 @@
 
 using Admin.Core.Attributes;
 
 using Admin.Core.Common.Auth;
 
+using Admin.Core.Common.Consts;
 
 using Admin.Core.Common.Extensions;
 
 using Admin.Core.Common.Helpers;
 
 using Admin.Core.Common.Output;
 
@@ -11,6 +12,7 @@ using Admin.Core.Service.Admin.LoginLog.Input;
 
 using Admin.Core.Service.Admin.User;
 
 using Admin.Tools.Captcha;
 
 using Microsoft.AspNetCore.Authorization;
 
+using Microsoft.AspNetCore.Cors;
 
 using Microsoft.AspNetCore.Mvc;
 
 using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 using System;
 
@@ -99,6 +101,7 @@ namespace Admin.Core.Controllers.Admin
 
         [HttpGet]
 
         [AllowAnonymous]
 
         [NoOprationLog]
 
+        [EnableCors(AdminConsts.AllowAnyPolicyName)]
 
         public async Task<IResponseOutput> GetCaptcha()
 
         {
 
             var data = await _captcha.GetAsync();
 
@@ -112,6 +115,7 @@ namespace Admin.Core.Controllers.Admin
 
         [HttpGet]
 
         [AllowAnonymous]
 
         [NoOprationLog]
 
+        [EnableCors(AdminConsts.AllowAnyPolicyName)]
 
         public async Task<IResponseOutput> CheckCaptcha([FromQuery] CaptchaInput input)
 
         {
 
             var result = await _captcha.CheckAsync(input);

+ 14 - 4
Admin.Core/Startup.cs
Ver arquivo 

@@ -4,6 +4,7 @@ using Admin.Core.Common.Attributes;
 
 using Admin.Core.Common.Auth;
 
 using Admin.Core.Common.Cache;
 
 using Admin.Core.Common.Configs;
 
+using Admin.Core.Common.Consts;
 
 
 //using FluentValidation;
 
 //using FluentValidation.AspNetCore;
 
@@ -49,7 +50,7 @@ namespace Admin.Core
 
         private readonly IHostEnvironment _env;
 
         private readonly ConfigHelper _configHelper;
 
         private readonly AppConfig _appConfig;
 
-        private const string DefaultCorsPolicyName = "Allow";
 
+        private const string DefaultCorsPolicyName = "AllowPolicy";
 
 
         public Startup(IConfiguration configuration, IWebHostEnvironment env)
 
         {
 
@@ -131,6 +132,15 @@ namespace Admin.Core
 
                     }
 
                 });
 
 
+                //允许任何源访问Api策略,使用时在控制器或者接口上增加特性[EnableCors(AdminConsts.AllowAnyPolicyName)]
 
+                options.AddPolicy(AdminConsts.AllowAnyPolicyName, policy =>
 
+                {
 
+                    policy
 
+                    .AllowAnyOrigin()
 
+                    .AllowAnyHeader()
 
+                    .AllowAnyMethod();
 
+                });
 
+
 
                 /*
 
                 //浏览器会发起2次请求,使用OPTIONS发起预检请求,第二次才是api异步请求
 
                 options.AddPolicy("All", policy =>
 
@@ -446,9 +456,6 @@ namespace Admin.Core
 
                 app.UseIpRateLimiting();
 
             }
 
 
-            //跨域
 
-            app.UseCors(DefaultCorsPolicyName);
 
-
 
             //异常
 
             app.UseExceptionHandler("/Error");
 
 
@@ -458,6 +465,9 @@ namespace Admin.Core
 
             //路由
 
             app.UseRouting();
 
 
+            //跨域
 
+            app.UseCors(DefaultCorsPolicyName);
 
+
 
             //认证
 
             app.UseAuthentication();

+ 4 - 6
Admin.Tools/Captcha/SlideJigsawCaptcha.cs
Ver arquivo 

@@ -6,6 +6,7 @@ using System.Drawing;
 
 using System.Drawing.Drawing2D;
 
 using System.Drawing.Imaging;
 
 using System.IO;
 
+using System.Net.Http;
 
 using System.Threading.Tasks;
 
 
 namespace Admin.Tools.Captcha
 
@@ -265,15 +266,12 @@ namespace Admin.Tools.Captcha
 
             //var client = new HttpClient();
 
             //var stream = await client.GetStreamAsync("https://picsum.photos/310/155");
 
             //client.Dispose();
 
-
 
-            //更改图片尺寸
 
-            //Bitmap oriImage = new Bitmap(stream);
 
-            //Bitmap baseImage = ResizeImage(oriImage, 310, 155);
 
-            //oriImage.Dispose();
 
-
 
             //Bitmap baseImage = new Bitmap(stream);
 
+            //stream.Dispose();
 
 
             var oriImage = Image.FromFile(Directory.GetCurrentDirectory() + $@"\wwwroot\captcha\jigsaw\{new Random().Next(1, 4)}.jpg");
 
+            //更改图片尺寸
 
+            //Bitmap baseImage = ResizeImage(oriImage, 310, 155);
 
             Bitmap baseImage = new Bitmap(oriImage);
 
             oriImage.Dispose();