using Admin.Core.Auth; using Admin.Core.Common.Auth; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.DependencyInjection; using System; using System.Linq; using System.Threading.Tasks; namespace Admin.Core.Attributes { /// /// 启用权限验证 /// [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)] public class ValidatePermissionAttribute : AuthorizeAttribute, IAuthorizationFilter, IAsyncAuthorizationFilter { private async Task PermissionAuthorization(AuthorizationFilterContext context) { //排除匿名访问 if (context.ActionDescriptor.EndpointMetadata.Any(m => m.GetType() == typeof(AllowAnonymousAttribute))) return; //登录验证 var user = context.HttpContext.RequestServices.GetService(); if (user == null || !(user?.Id > 0)) { context.Result = new ChallengeResult(); return; } //排除登录接口 if (context.ActionDescriptor.EndpointMetadata.Any(m => m.GetType() == typeof(LoginAttribute))) return; //权限验证 var httpMethod = context.HttpContext.Request.Method; var api = context.ActionDescriptor.AttributeRouteInfo.Template; var permissionHandler = context.HttpContext.RequestServices.GetService(); var isValid = await permissionHandler.ValidateAsync(api, httpMethod); if (!isValid) { context.Result = new ForbidResult(); } } public async void OnAuthorization(AuthorizationFilterContext context) { await PermissionAuthorization(context); } public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { await PermissionAuthorization(context); } } }