project-redbud/FunGame-Server
6
1
Fork 0
mirror of https://github.com/project-redbud/FunGame-Server.git synced 2025-12-05 00:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

防止自定义 Bearer 被中间件拦截

Browse Source
This commit is contained in:
milimoe 2025-07-11 00:57:23 +08:00
parent 5c002a40a8
commit 620a398f47
Signed by: milimoe
GPG Key ID: 9554D37E4B8991D0
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
FunGame.WebAPI/Architecture/JwtAuthenticationMiddleware.cs
View File

@ -1,4 +1,5 @@
using Milimoe.FunGame.WebAPI.Services;
using Microsoft.AspNetCore.Authorization;
using Milimoe.FunGame.WebAPI.Services;
namespace Milimoe.FunGame.WebAPI.Architecture
{
@ -11,12 +12,33 @@ namespace Milimoe.FunGame.WebAPI.Architecture
// 获取 JWT Token
string token = context.Request.Headers.Authorization.ToString().Replace("Bearer ", "");
if (token == "")
{
await next(context);
return;
}
// 如果存在 Authorize 属性且指定了 CustomBearer 认证方案,跳过 JWT 吊销检查
Endpoint? endpoint = context.GetEndpoint();
IReadOnlyList<AuthorizeAttribute>? authorizeAttributes = endpoint?.Metadata.GetOrderedMetadata<AuthorizeAttribute>();
if (authorizeAttributes != null)
{
foreach (AuthorizeAttribute authorizeAttribute in authorizeAttributes)
{
if (authorizeAttribute.AuthenticationSchemes == "APIBearer" || authorizeAttribute.AuthenticationSchemes == "CustomBearer")
{
await next(context);
return;
}
}
}
// 检查 JWT 是否被吊销
if (jwtService.IsTokenRevoked(token))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync("{\"message\":\"此 Token 已吊销,请重新登录以获取 Token。\"}");
await context.Response.WriteAsync("{\"message\":\"此 Token 无效或已吊销,请重新登录以获取 Token。\"}");
return;
}