project-redbud/FunGame-Server
6
1
Fork 0
mirror of https://github.com/project-redbud/FunGame-Server.git synced 2025-04-23 04:29:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加 JWT Token 吊销机制

Browse Source
This commit is contained in:
milimoe 2025-03-12 21:54:29 +08:00
parent b7b0ac1f37
commit fc5fb61ae8
Signed by: milimoe
GPG Key ID: 05D280912DA6C69E
8 changed files with 122 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
FunGame.Server/Controllers/DataRequestController.cs
View File

@ -569,6 +569,7 @@ namespace Milimoe.FunGame.Server.Controller
// 验证登录
if (username != null && password != null)
{
password = password.Encrypt(username);
ServerHelper.WriteLine("[" + DataRequestSet.GetTypeString(DataRequestType.Login_Login) + "] Username: " + username);
if (SQLHelper != null)
{
@ -769,6 +770,7 @@ namespace Milimoe.FunGame.Server.Controller
string password = DataRequest.GetDictionaryJsonObject<string>(requestData, UserQuery.Column_Password) ?? "";
if (username.Trim() != "" && password.Trim() != "")
{
password = password.Encrypt(username);
SQLHelper?.Execute(UserQuery.Update_Password(SQLHelper, username, password));
if (SQLHelper?.Success ?? false)
{

26
FunGame.WebAPI/Architecture/JwtAuthenticationMiddleware.cs Normal file
View File

@ -0,0 +1,26 @@
using Milimoe.FunGame.WebAPI.Services;
namespace Milimoe.FunGame.WebAPI.Architecture
{
public class JwtAuthenticationMiddleware(RequestDelegate next)
{
public async Task InvokeAsync(HttpContext context)
{
JWTService jwtService = context.RequestServices.GetRequiredService<JWTService>();
// 获取 JWT Token
string token = context.Request.Headers.Authorization.ToString().Replace("Bearer ", "");
// 检查 JWT 是否被吊销
if (jwtService.IsTokenRevoked(token))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync("{\"message\":\"此 Token 已吊销,请重新登录以获取 Token。\"}");
return;
}
await next(context);
}
}
}

5
FunGame.WebAPI/Controllers/AdapterController.cs
View File

@ -54,6 +54,11 @@ namespace Milimoe.FunGame.WebAPI.Controllers
}
return BadRequest(new SocketObject(SocketMessageType.System, model.Token, "请求未执行完毕,请等待!"));
}
catch (TimeoutException)
{
_logger.LogWarning("请求超时。");
return StatusCode(408);
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);

14
FunGame.WebAPI/Controllers/DataRequestController.cs
View File

@ -21,6 +21,15 @@ namespace Milimoe.FunGame.WebAPI.Controllers
{
RequestType = payload.RequestType
};
if (payload.RequestType == DataRequestType.RunTime_Logout || payload.RequestType == DataRequestType.Reg_Reg ||
payload.RequestType == DataRequestType.Login_Login || payload.RequestType == DataRequestType.Login_GetFindPasswordVerifyCode)
{
response.StatusCode = 400;
response.Message = $"请求类型 {DataRequestSet.GetTypeString(payload.RequestType)} 不允许通过此接口处理!";
return StatusCode(400, response);
}
if (model.RequestID == Guid.Empty)
{
Guid uid = Guid.NewGuid();
@ -58,6 +67,11 @@ namespace Milimoe.FunGame.WebAPI.Controllers
return BadRequest(response);
}
}
catch (TimeoutException)
{
_logger.LogWarning("请求超时。");
return StatusCode(408);
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);

5
FunGame.WebAPI/Controllers/GamingRequestController.cs
View File

@ -67,6 +67,11 @@ namespace Milimoe.FunGame.WebAPI.Controllers
return BadRequest(response);
}
}
catch (TimeoutException)
{
_logger.LogWarning("请求超时。");
return StatusCode(408);
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);

48
FunGame.WebAPI/Controllers/UserController.cs
View File

@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Milimoe.FunGame.Core.Api.Utility;
using Milimoe.FunGame.Core.Library.Constant;
@ -13,10 +14,8 @@ namespace Milimoe.FunGame.WebAPI.Controllers
{
[ApiController]
[Route("[controller]")]
public class UserController(JWTService jwtTokenService, ILogger<AdapterController> logger) : ControllerBase
public class UserController(RESTfulAPIListener apiListener, JWTService jwtTokenService, ILogger<AdapterController> logger) : ControllerBase
{
private readonly ILogger<AdapterController> _logger = logger;
[HttpPost("reg")]
public IActionResult Reg([FromBody] RegDTO dto)
{
@ -46,7 +45,7 @@ namespace Milimoe.FunGame.WebAPI.Controllers
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);
logger.LogError("Error: {e}", e);
}
return BadRequest("服务器暂时无法处理注册请求。");
}
@ -56,12 +55,17 @@ namespace Milimoe.FunGame.WebAPI.Controllers
{
try
{
PayloadModel<DataRequestType> response = new()
{
RequestType = DataRequestType.Login_Login
};
string msg = "用户名或密码不正确。";
string clientIP = HttpContext.Connection.RemoteIpAddress?.ToString() + ":" + HttpContext.Connection.RemotePort;
ServerHelper.WriteLine(ServerHelper.MakeClientName(clientIP) + " 通过 RESTful API 连接至服务器,正在登录 . . .", InvokeMessageType.Core);
string username = dto.Username;
string password = dto.Password;
RESTfulAPIListener? apiListener = RESTfulAPIListener.Instance;
if (apiListener != null)
{
// 移除旧模型
@ -90,7 +94,14 @@ namespace Milimoe.FunGame.WebAPI.Controllers
model.GetUsersCount();
string token = jwtTokenService.GenerateToken(username);
Config.ConnectingPlayerCount--;
return Ok(new { BearerToken = token, OpenToken = model.Token });
response.StatusCode = 200;
response.Message = "登录成功!";
response.Data = new()
{
{ "bearerToken", token },
{ "openToken", model.Token }
};
return Ok(response);
}
}
else msg = "服务器暂时无法处理登录请求。";
@ -100,26 +111,37 @@ namespace Milimoe.FunGame.WebAPI.Controllers
Config.ConnectingPlayerCount--;
ServerHelper.WriteLine(msg, InvokeMessageType.Core);
return Unauthorized(msg);
response.Message = msg;
response.StatusCode = 401;
return Unauthorized(response);
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);
logger.LogError("Error: {e}", e);
}
return BadRequest("服务器暂时无法处理登录请求。");
return BadRequest();
}
[HttpPost("refresh")]
[Authorize]
public IActionResult Refresh([FromBody] LoginDTO dto)
public IActionResult Refresh()
{
try
{
return Ok(jwtTokenService.GenerateToken(dto.Username));
string oldToken = HttpContext.Request.Headers.Authorization.ToString().Replace("Bearer ", "");
// 吊销
jwtTokenService.RevokeToken(oldToken);
// 生成
string username = User.FindFirstValue(ClaimTypes.NameIdentifier) ?? "";
string newToken = jwtTokenService.GenerateToken(username);
return Ok(newToken);
}
catch (Exception e)
{
_logger.LogError("Error: {e}", e);
logger.LogError("Error: {e}", e);
}
return BadRequest();
}

10
FunGame.WebAPI/Program.cs
View File

@ -1,5 +1,6 @@
using System.Net.WebSockets;
using System.Reflection;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Text.Json.Serialization;
@ -146,7 +147,8 @@ try
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"] ?? "undefined"))
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"] ?? "undefined")),
NameClaimType = ClaimTypes.NameIdentifier
};
}).AddScheme<AuthenticationSchemeOptions, CustomBearerAuthenticationHandler>("CustomBearer", options => { });
builder.Logging.AddConsole(options =>
@ -155,6 +157,8 @@ try
});
builder.Services.AddSingleton<ConsoleFormatter, CustomConsoleFormatter>();
// 其他依赖注入
builder.Services.AddHttpClient();
builder.Services.AddMemoryCache();
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<IUserContext, HttpUserContext>();
builder.Services.AddSingleton(listener);
@ -174,8 +178,6 @@ try
throw new NoUserLogonException();
});
builder.Services.AddHttpClient();
WebApplication app = builder.Build();
// 启用 CORS
@ -194,6 +196,8 @@ try
app.UseHttpsRedirection();
app.UseMiddleware<JwtAuthenticationMiddleware>();
app.UseAuthorization();
app.MapControllers();

29
FunGame.WebAPI/Services/JWTService.cs
View File

@ -1,11 +1,12 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Microsoft.Extensions.Caching.Memory;
using Microsoft.IdentityModel.Tokens;
using Milimoe.FunGame.Core.Library.Constant;
namespace Milimoe.FunGame.WebAPI.Services
{
public class JWTService(IConfiguration configuration)
public class JWTService(IConfiguration configuration, IMemoryCache memoryCache)
{
public string GenerateToken(string username)
{
@ -29,5 +30,31 @@ namespace Milimoe.FunGame.WebAPI.Services
return new JwtSecurityTokenHandler().WriteToken(token);
}
public void RevokeToken(string token)
{
// 从 Token 中提取过期时间
JwtSecurityToken jwtSecurityToken = new JwtSecurityTokenHandler().ReadJwtToken(token);
string? expiryClaim = jwtSecurityToken.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Exp)?.Value;
if (expiryClaim != null && long.TryParse(expiryClaim, out long expiryUnixTimestamp))
{
DateTime expiryDateTime = DateTimeOffset.FromUnixTimeSeconds(expiryUnixTimestamp).LocalDateTime;
TimeSpan remainingTime = expiryDateTime - DateTime.Now;
// 将 Token 存储到 MemoryCache 中,过期时间为 Token 的剩余有效期
memoryCache.Set(token, true, remainingTime);
}
else
{
memoryCache.Set(token, true, TimeSpan.FromMinutes(30));
}
}
public bool IsTokenRevoked(string token)
{
// 检查 Token 是否被吊销
return memoryCache.TryGetValue(token, out _);
}
}
}