转移.net core 3.1，为.NET 5做准备

OpenAuth.Mvc/Models/AuthenticateAttribute.cs

@@ -1,16 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Web;
-
-namespace OpenAuth.Mvc.Models
-{
-
-    /// <summary>
-    /// 必须认证
-    /// </summary>
-    public class AuthenticateAttribute : Attribute
-    {
-        
-    }
-}

OpenAuth.Mvc/Models/JobjectModelBinder.cs

@@ -1,4 +1,5 @@
-using System.Web.Mvc;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Newtonsoft.Json.Linq;
 
 namespace OpenAuth.Mvc.Models
@@ -9,17 +10,30 @@ namespace OpenAuth.Mvc.Models
     /// </summary>
     public class JobjectModelBinder :IModelBinder
     {
-        public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
+        public Task BindModelAsync(ModelBindingContext bindingContext)
         {
-            //todo:需要判断前端是否是FormData
             var obj = new JObject();
-            var request = controllerContext.HttpContext.Request;
-            foreach (var key in request.Form.AllKeys)
-            {
-                obj[key] = request.Form[key];
-            }
-            return obj;
-        }
 
+            //// Specify a default argument name if none is set by ModelBinderAttribute
+            //var modelName = bindingContext.BinderModelName;
+            //if (string.IsNullOrEmpty(modelName))
+            //{
+            //    modelName = "obj";
+            //}
+
+            //// Try to fetch the value of the argument by name
+            //var valueProviderResult =
+            //    bindingContext.ValueProvider.GetValue(modelName);
+
+            //这个地方会报StringValues的异常，好奇怪，只能调试源码了
+            var request = bindingContext.HttpContext.Request;
+            foreach (var item in request.Form)
+            {
+                obj[item.Key] = item.Value[0];
+            }
+
+            bindingContext.Result = ModelBindingResult.Success(obj);
+            return Task.CompletedTask;
+        }
     }
 }

OpenAuth.Mvc/Models/JsonBinderProvider.cs

@@ -0,0 +1,26 @@
+using System;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+using Microsoft.AspNetCore.Mvc.ModelBinding.Binders;
+using Newtonsoft.Json.Linq;
+using OpenAuth.Mvc.Models;
+
+namespace OpenAuth.Mvc
+{
+    public class JsonBinderProvider : IModelBinderProvider
+    {
+        public IModelBinder GetBinder(ModelBinderProviderContext context)
+        {
+            if(context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (context.Metadata.ModelType == typeof(JObject))
+            {
+                return new BinderTypeModelBinder(typeof(JobjectModelBinder));
+            }
+
+            return null;
+        }
+    }
+}

OpenAuth.Mvc/Models/OpenAuthFilter.cs

@@ -0,0 +1,89 @@
+using System.Linq;
+using System.Reflection;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using OpenAuth.App;
+using OpenAuth.App.Interface;
+using OpenAuth.Repository.Domain;
+
+namespace OpenAuth.Mvc.Models
+{
+    public class OpenAuthFilter : IActionFilter
+    {
+        private readonly IAuth _authUtil;
+        private readonly SysLogApp _logApp;
+
+        public OpenAuthFilter(IAuth authUtil, SysLogApp logApp)
+        {
+            _authUtil = authUtil;
+            _logApp = logApp;
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            var description =
+                (Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor;
+
+            //添加有允许匿名的Action，可以不用登录访问，如Login/Index
+            var anonymous = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
+            if (anonymous != null)
+            {
+                return;
+            }
+
+            if (!_authUtil.CheckLogin())
+            {
+                context.Result = new RedirectResult("/Login/Index");
+                return;
+            }
+
+            //------------------------以下内容都需要登录--------------------------------------------
+
+            //如果是ajax请求的，跳过模块授权认证
+            var headers = context.HttpContext.Request.Headers;
+            var xreq = headers.ContainsKey("x-requested-with");
+            if (xreq && headers["x-requested-with"] == "XMLHttpRequest")
+            {
+                return;
+            }
+
+            var Controllername = description.ControllerName.ToLower();
+            var Actionname = description.ActionName.ToLower();
+            //控制器白名单，在该名单中的控制器，需要登录，但不需要授权
+            var whiteController = new[] {"usersession","home","redirects"};
+            if (whiteController.Contains(Controllername))
+            {
+                return;
+            }
+            
+            //URL白名单
+            var whiteurls = new[] {"usermanager/changepassword", "usermanager/profile"};
+            if (whiteurls.Contains(Controllername + "/" + Actionname))
+            {
+                return;
+            }
+
+            var currentModule = _authUtil.GetCurrentUser().Modules.FirstOrDefault(u => u.Url.ToLower().Contains(Controllername));
+            //当前登录用户没有Action记录
+            if (currentModule == null)
+            {
+                context.Result = new RedirectResult("/Error/Auth");
+            }
+
+            _logApp.Add(new SysLog
+            {
+                Content = $"用户访问",
+                Href = $"{Controllername}/{Actionname}",
+                CreateName = _authUtil.GetUserName(),
+                CreateId = _authUtil.GetCurrentUser().User.Id,
+                TypeName = "访问日志"
+            });
+        }
+
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+            return;
+        }
+    }
+}