JWT
一.概述
JWT 在前后端项目中 保护API
三部分组成{
1头部:令牌的类型(JWT)和所使用的签名算法
载荷:(JSON): 主体内容(非敏感信息)
签名:使用指定的算法对头部、载荷以及密钥进行签名,确保令牌在传输过程中不被篡改
}
下包
二.实现
1.配置Program
//用于访问当前 HTTP 请求的上下文信息
builder.Services.AddHttpContextAccessor();
//注册JWT
//JWT认证
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
//取出私钥
var secretByte = Encoding.UTF8.GetBytes(builder.Configuration["JwtSettings:SecretKey"]);
options.TokenValidationParameters = new TokenValidationParameters()
{
//验证发布者
ValidateIssuer = true,
ValidIssuer = builder.Configuration["JwtSettings:Issuer"],
//验证接收者
ValidateAudience = true,
ValidAudience = builder.Configuration["JwtSettings:Audience"],
//验证是否过期
ValidateLifetime = true,
//验证私钥
IssuerSigningKey = new SymmetricSecurityKey(secretByte)
};
});
//鉴权中间件
app.UseAuthentication();
//授权中间件
app.UseAuthorization();
2.生成Token
public class TokenHelper
{
//读appsetings.json配置文件用的
private readonly IConfiguration _configuration;
//JwtSecurityTokenHandler 用来生成和验证JwtToken
private readonly JwtSecurityTokenHandler _jwtSecurityTokenHandler;
public TokenHelper(IConfiguration configuration, JwtSecurityTokenHandler jwtSecurityTokenHandler)
{
_configuration = configuration;
_jwtSecurityTokenHandler = jwtSecurityTokenHandler;
}
/// <summary>
/// 创建加密JwtToken
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public string CreateJwtToken<T>(T user)
{
//设置加密算法类型
var signingAlogorithm = SecurityAlgorithms.HmacSha256;
//加载载荷用户信息
var claimList = this.CreateClaimList(user);
//Signature
//取出私钥并以utf8编码字节输出
var secretByte = Encoding.UTF8.GetBytes(_configuration["JwtSettings:SecretKey"]);
//使用非对称算法对私钥进行加密
var signingKey = new SymmetricSecurityKey(secretByte);
//使用HmacSha256来验证加密后的私钥生成数字签名
var signingCredentials = new SigningCredentials(signingKey, signingAlogorithm);
//生成Token
var Token = new JwtSecurityToken(
issuer: _configuration["JwtSettings:Issuer"], //发布者
audience: _configuration["JwtSettings:Audience"], //接收者
claims: claimList, //存放的用户信息
notBefore: DateTime.UtcNow, //发布时间
expires: DateTime.UtcNow.AddDays(1), //有效期设置为1天
signingCredentials //数字签名
);
//生成字符串token
var TokenStr = new JwtSecurityTokenHandler().WriteToken(Token);
return TokenStr;
}
public T GetToken<T>(string Token)
{
Type t = typeof(T);
object objA = Activator.CreateInstance(t);
var b = _jwtSecurityTokenHandler.ReadJwtToken(Token);
foreach (var item in b.Claims)
{
PropertyInfo _Property = t.GetProperty(item.Type);
if (_Property != null && _Property.CanRead)
{
_Property.SetValue(objA, item.Value, null);
}
}
return (T)objA;
}
/// <summary>
/// 创建包含用户信息的CalimList
/// </summary>
/// <param name="authUser">User</param>
/// <returns></returns>
private List<Claim> CreateClaimList<T>(T authUser)
{
//获取用户数据类型
var Class = typeof(T);
//返回List 载荷信息
List<Claim> claimList = new List<Claim>();
//Class.GetProperties() 获取数据类型的所有属性
foreach (var item in Class.GetProperties())
{
//获取属性名称 item.Name
//获取属性值 item.GetValue(authUser) 转成 string
claimList.Add(new Claim(item.Name, Convert.ToString(item.GetValue(authUser))));
}
return claimList;
}
}
3.登录方法(成功 赋值Token)
/// <summary>
/// 登录
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="password">密码</param>
/// <returns></returns>
[AllowAnonymous]
[HttpGet]
public IActionResult Login(string userName, string password)
{
var obj = _userService.Login(userName, password);
//传参过去的 实体
var token = _tokenHelper.CreateJwtToken(obj.userInfo);
return Ok(new
{
obj.code,
obj.msg,
obj.userId,
obj.userInfo,
obj.userName,
token
});
}
4.为了方便项目发布 随时修改秘钥等,必要信息放在配置文件里
"JwtSettings": {
"SecretKey": "sldkjfsdoifjweoifjweoifjwoeijfoweij", // 密钥Key 必须16位以上
"Issuer": "http://localhost:5000", // 发行人
"Audience": "http://localhost:5000/api" // 受众
}
5.Swagger添加JWT
//添加SwaggerUI
builder.Services.AddSwaggerGen(a =>
{
#region 开启Swagger认证
a.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
{
Description = "在下框中输入请求头中需要添加Jwt授权Token:Bearer Token",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
BearerFormat = "JWT",
Scheme = "Bearer"
});
a.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
}
});
#endregion
});
注入
//注入TokenHelper
builder.Services.AddScoped(typeof(TokenHelper));
builder.Services.AddScoped(typeof(JwtSecurityTokenHandler));
或者在 AUTOMapper中
builder.RegisterType<JwtSecurityTokenHandler>();
builder.RegisterType<TokenHelper>();
封装Axios
import axios from "axios";
const instance = axios.create({
// 调用的api地址
//baseURL: "http://localhost:35891/",
timeout: 50000,
});
//添加请求拦截器
instance.interceptors.request.use(
function (config) {
if (sessionStorage.getItem('token') != null) {
config.headers.Authorization = `Bearer ${sessionStorage.getItem('token')}`;
}
return config;
}
);
//导出对象/实例
export default instance;
