token 验证

2025-04-02 23:30:37 +08:00 · 2025-04-02 23:30:37 +08:00 · 41dde067d2
parent dedaf3e0a3
commit 41dde067d2
1 changed files with 32 additions and 23 deletions
--- a/MiddleWare/TokenValidationMiddleware.cs
+++ b/MiddleWare/TokenValidationMiddleware.cs
@ -13,41 +13,50 @@ namespace LY.App.MiddleWare
        }
        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
        {
-            // 排除不需要Token验证的API
+            try
            if (IsExcludedPath(context.Request.Path))
            {
-                await next(context);
+                // 排除不需要Token验证的API
-                return;
+                if (IsExcludedPath(context.Request.Path))
            }
            // 获取Token
            var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
            if (!string.IsNullOrEmpty(token))
            {
                // 验证Token是否有效
                var handler = new JwtSecurityTokenHandler();
                var jsonToken = handler.ReadToken(token) as JwtSecurityToken;
                if (jsonToken != null)
                {
-                    // 从Token中获取数据
+                    await next(context);
-                    var username = jsonToken.Claims.FirstOrDefault(claim => claim.Type == "sub")?.Value;
+                    return;
-                    if (username != null)
+                }
                // 获取Token
                var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
                if (!string.IsNullOrEmpty(token))
                {
                    // 验证Token是否有效
                    var handler = new JwtSecurityTokenHandler();
                    var jsonToken = handler.ReadToken(token) as JwtSecurityToken;
                    if (jsonToken != null)
                    {
-                        if (await _redis.ExistsAsync(RedisKeyList.TokenUser(username)))
+                        // 从Token中获取数据
                        var username = jsonToken.Claims.FirstOrDefault(claim => claim.Type == "sub")?.Value;
                        if (username != null)
                        {
-                            // Token和数据验证通过，继续处理请求
+                            if (await _redis.ExistsAsync(RedisKeyList.TokenUser(username)))
-                            await next(context);
+                            {
-                            return;
+                                // Token和数据验证通过，继续处理请求
                                await next(context);
                                return;
                            }
                        }
                    }
                }
            }
-            else
+                else
                {
                    // Token不存在，返回未授权
                    context.Response.StatusCode = 401;
                    await context.Response.WriteAsync("Unauthorized: Invalid Token");
                }
            }
            catch (Exception ex)
            {
                // Token不存在，返回未授权
                context.Response.StatusCode = 401;
                await context.Response.WriteAsync("Unauthorized: Invalid Token");
            }
        }
        /// <summary>
        /// 这是放不需要过滤的api地址