SSOController.cs 5.87 KB
// ***********************************************************************
// <summary>
// 基础控制器
// 继承该控制器可以防止未登录查看
// 继承该控制器后,如果想访问控制器中存在,但模块配置里面没有的Action(如:Home/Git),请使用AnonymousAttribute
// </summary>
// ***********************************************************************

using Hh.Mes.Common.config;
using Hh.Mes.Pojo.System;
using Hh.Mes.Service;
using Hh.Mes.Service.SystemAuth;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using NetTaste;
using System;
using System.Collections.Generic;
using System.Linq;


namespace WebMvc
{
    public class SSOController : Controller
    {
        public AuthStrategyContext authStrategyContext = null;
        protected LoginInfo _loginInfo;
        protected IAuth _authUtil;
        private HttpRequest httpContext { get; set; }

        public SSOController(IAuth authUtil)
        {
            _authUtil = authUtil;
            authStrategyContext = _authUtil.GetCurrentUser();
            if (authStrategyContext != null)
            {
                _loginInfo = new LoginInfo
                {
                    Id = authStrategyContext.User.Id,
                    Account = authStrategyContext.User.Account,
                    Name = authStrategyContext.User.Name,
                };
            }
            else
            {
                LoginResult(SSOAuthAttribute.token);
            }
        }

        /// <summary>
        ///  会话丢失,跳转到登录页面
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            ActionBefore(filterContext);
        }

        public virtual ContentResult LoginResult(string falg)
        {
            var msg = "";
            switch (falg)
            {
                case SSOAuthAttribute.token:
                    msg = "Token登入失效,点击确定后将返回登入页面";
                    break;
                case SSOAuthAttribute.referer:
                case SSOAuthAttribute.origin:
                    msg = "安全检验不通过!";
                    break;
            }

            var js = $"alert('{msg}');parent.window.location.href = '/Login/Index'; ";
            var content = new ContentResult
            {
                Content = $"<script type='text/javascript'>{js}</script>",
                ContentType = "text/html;charset=utf-8",
                StatusCode = 200
            };
            return content;
        }


        public void ActionBefore(ActionExecutingContext filterContext)
        {
            httpContext = filterContext.HttpContext.Request;

            if (IsOriginOrReferer(filterContext)) return;


            if (AopAllowed())
            {
                base.OnActionExecuting(filterContext);
                return;
            }
            //验证Cookies
            string userToken = filterContext.HttpContext.Request.Cookies[SSOAuthAttribute.token];
            if (string.IsNullOrEmpty(userToken) || _loginInfo == null)
            {
                filterContext.Result = LoginResult(SSOAuthAttribute.token);
                return;
            }

            if (_authUtil.CheckLogin(userToken) == false)
            {
                filterContext.Result = LoginResult(SSOAuthAttribute.token);
                return;
            }
            base.OnActionExecuting(filterContext);
        }

        /// <summary>
        ///  验证Origi、验证Referer 安全检验不通过
        /// </summary>
        /// <returns></returns>

        private bool IsOriginOrReferer(ActionExecutingContext filterContext) {

            if (!ConfigRead.GetInstance.GetAppsetConnection().IsDevelopment)return false;
            var serversIPList = ConfigRead.GetInstance.GetAppsetConnection().ServerIPList.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList();
            var HttpOrHttps = ConfigRead.GetInstance.GetAppsetConnection().HttpOrHttps;
            var httpPrefix = HttpOrHttps + "://";

            //验证Referer
            string userReferer = filterContext.HttpContext.Request.Headers[SSOAuthAttribute.referer];
            if (string.IsNullOrEmpty(userReferer))
            {
                filterContext.Result = LoginResult(SSOAuthAttribute.referer);
                return true;
            }

            if (!serversIPList.Exists(t => userReferer.StartsWith(httpPrefix + t)))
            {
                filterContext.Result = LoginResult(SSOAuthAttribute.referer);
                return true;
            }

            string userOrigin = filterContext.HttpContext.Request.Headers[SSOAuthAttribute.origin];
            if (string.IsNullOrEmpty(userOrigin))
            {
                if (filterContext.HttpContext.Request.Method != "GET" && filterContext.HttpContext.Request.Method != "HEAD")
                {
                    filterContext.Result = LoginResult(SSOAuthAttribute.origin);
                    return true;
                }
            }
            else
            {
                if (!serversIPList.Exists(t => userOrigin.StartsWith(httpPrefix + t)))
                {
                    filterContext.Result = LoginResult(SSOAuthAttribute.origin);
                    return true;
                }
            }

            return false;
        }
  


        /// <summary>
        /// 当前url 是否匹配 忽略拦截的 配置路径
        /// </summary>
        /// <returns></returns>
        private bool AopAllowed()
        {
            var allowedUrl = ConfigRead.GetInstance.GetAppsetConnection().allowed;
            if (allowedUrl == null || allowedUrl.Length == 0) return false;

            var url = httpContext.Path.Value;
            return allowedUrl.Any(item => url.IndexOf(item, StringComparison.Ordinal) > -1);
        }
    }
}