Net Core 自定義攔截器
- 前言
- 代碼展示
- 注意事項
前言
WebApi攔截器自定義授權處理, 針對Net Core WebApi項目
代碼展示
/// <summary>
/// 自定義特性處理 需要使用的話對應的方法添加特性
/// </summary>
public class AuthorizeRequestAttribute : TypeFilterAttribute
{
#region 字段
/// <summary>
/// 是否忽略過濾器
/// </summary>
private readonly bool _ignoreFilter;
#endregion
#region 構造函數
/// <summary>
/// 構造函數
/// </summary>
/// <param name="ignore">是否忽略過濾。預設為false</param>
public AuthorizeRequestAttribute(bool ignore = false) : base(typeof(AuthorizeFilter))
{
this._ignoreFilter = ignore;
this.Arguments = new object[] { ignore };
}
#endregion
#region 屬性
/// <summary>
/// 擷取是否忽略過濾?
/// </summary>
public bool IgnoreFilter => _ignoreFilter;
#endregion
#region 内部過濾器
/// <summary>
/// 管理者授權過濾器
/// </summary>
private class AuthorizeFilter : IAuthorizationFilter
{
#region 字段
//是否忽略過濾器
private readonly bool _ignoreFilter;
#endregion
#region 構造函數
//過濾器聲明
public AuthorizeFilter(bool ignoreFilter )
{
this._ignoreFilter = ignoreFilter;
}
#endregion
#region 方法
/// <summary>
/// 驗證過濾器資訊
/// </summary>
/// <param name="filterContext"></param>
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException(nameof(filterContext));
//檢查是否已經被 Action 方法重寫了
var actionFilter = filterContext.ActionDescriptor.FilterDescriptors
.Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
.Select(filterDescriptor => filterDescriptor.Filter).OfType<AuthorizeRequestAttribute>().FirstOrDefault();
//沒有特性不處理,忽略也不處理
if (actionFilter?.IgnoreFilter ?? _ignoreFilter)
return;
if (filterContext.Filters.Any(filter => filter is AuthorizeFilter))
{
//下面是通路自定義的服務,擷取目前登入使用者是否有權限通路
var authorzation = filterContext.HttpContext.Request.Headers["Authorization"];
//驗證token不為空的情況下進行 指派處理
if (!string.IsNullOrWhiteSpace(authorzation))
{
int remainTime = 0;
//解析對應的Token
var info = JWTHelper.CheckToken(authorzation.ToString(), out remainTime);
if (info == null)
{
//驗證失敗 進行攔截處理 為空處理
ApiResult apiResult = new ApiResult() { code = 0, msg = "非法請求,AccessToken異常" };
filterContext.HttpContext.Response.ContentType = "application/json";
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK;
filterContext.Result = new JsonResult(apiResult);
}
else
{
UserContext.AccountId = info.accountId;
UserContext.UserName = info.accountId;
UserContext.UserTrueName = DateTime.Now.ToString();
UserContext.Token = authorzation;
return;
}
}
else {
//有添加對應的特性要求 需要攔截處理
ApiResult apiResult = new ApiResult() { code = 0, msg = "非法請求" };
filterContext.HttpContext.Response.ContentType = "application/json";
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK;
filterContext.Result = new JsonResult(apiResult);
}
}
}
#endregion
}
#endregion
}
注意事項
需要進行startup.cs進行補充
//添加對應的攔截器資訊
services.AddMvc(options =>
{
//添加攔截器
options.Filters.Add<AuthorizeRequestAttribute>();
});
如何使用
/// <summary>
/// 撤回審批接口
/// </summary>
/// <param name="req"></param>
/// <returns></returns>
[HttpPost]
[AuthorizeRequestAttribute] //不忽略
public async Task<WebApiResult<WithdrawFormRsp>> WithdrawForm([FromBody] WebApiRequest<WithdrawFormReq> req)
{
var rsp = new WebApiResult<WithdrawFormRsp>();
rsp.msg = "處理結果資訊";
return rsp;
}
/// <summary>
/// 修改記錄接口
/// </summary>
/// <param name="req"></param>
/// <returns></returns>
[HttpPost]
[AuthorizeRequestAttribute(true)] //忽略
public async Task<WebApiResult<List<EditRecordRsp>>> EditRecord([FromBody] WebApiRequest<WithdrawFormReq> req)
{
var rsp = new WebApiResult<List<EditRecordRsp>>();
rsp.msg = "處理結果資訊";
return rsp;
}