Acasă Explorează Ajutor
Autentificare
wei.chen
/
VMMB
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Ramură: feature/司机端
Ramuri Etichete
VMMB
/
VMMB.Blazor.Web-master
/
EasyTemplate.Tool
/
Util
/
AntiforgeryExtensions.cs

AntiforgeryExtensions.cs 2.8 KB
Permalink Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. using Microsoft.AspNetCore.Builder;
    2. 

  2. using Microsoft.AspNetCore.Http;
    3. 

  3. using Microsoft.AspNetCore.Mvc;
    4. 

  4. using Microsoft.AspNetCore.Routing;
    5. 

  5. using System;
    6. 

  6. using System.Linq;
    7. 

  7. 

  8. namespace EasyTemplate.Tool.Util
    9. 

  9. {
    10. 

  10.     /// <summary>
    11. 

  11.     /// 在每次请求到达 EndpointMiddleware 之前,移除 Endpoint 的 antiforgery 相关 metadata,
    12. 

  12.     /// 从而避免框架检查到 antiforgery metadata 时要求 app.UseAntiforgery()。
    13. 

  13.     /// 注意:此方式会全局禁用基于 Endpoint metadata 的 antiforgery 要求,请确保 API 使用其他鉴权(如 JWT)。
    14. 

  14.     /// </summary>
    15. 

  15.     public static class AntiforgeryExtensions
    16. 

  16.     {
    17. 

  17.         public static IApplicationBuilder UseRemoveAntiforgeryMetadataGlobally(this IApplicationBuilder app)
    18. 

  18.         {
    19. 

  19.             return app.Use(async (context, next) =>
    20. 

  20.             {
    21. 

  21.                 var endpoint = context.GetEndpoint();
    22. 

  22.                 if (endpoint != null)
    23. 

  23.                 {
    24. 

  24.                     var original = endpoint.Metadata.ToArray();
    25. 

  25. 

  26.                     // 明确要移除的 antiforgery 相关类型
    27. 

  27.                     var antiforgeryTypes = new Type[]
    28. 

  28.                     {
    29. 

  29.                         typeof(AutoValidateAntiforgeryTokenAttribute),
    30. 

  30.                         typeof(ValidateAntiForgeryTokenAttribute),
    31. 

  31.                         typeof(IgnoreAntiforgeryTokenAttribute)
    32. 

  32.                     };
    33. 

  33. 

  34.                     var filtered = original.Where(m => !antiforgeryTypes.Any(t => t.IsInstanceOfType(m))).ToArray();
    35. 

  35. 

  36.                     var needReplace = original.Length != filtered.Length || !original.SequenceEqual(filtered);
    37. 

  37.                     if (needReplace)
    38. 

  38.                     {
    39. 

  39.                         var newEndpoint = new Endpoint(endpoint.RequestDelegate, new EndpointMetadataCollection(filtered), endpoint.DisplayName);
    40. 

  40.                         // 将新的 endpoint 设置到当前请求上下文,后续 EndpointMiddleware 会使用它
    41. 

  41.                         context.SetEndpoint(newEndpoint);
    42. 

  42.                     }
    43. 

  43.                 }
    44. 

  44. 

  45.                 await next();
    46. 

  46.             });
    47. 

  47.         }
    48. 

  48. 

  49.         // 保留一个兼容的短路方法(如果需要)
    50. 

  50.         public static IApplicationBuilder UseAntiforgeryValidation(this IApplicationBuilder app)
    51. 

  51.         {
    52. 

  52.             return app.Use(async (context, next) =>
    53. 

  53.             {
    54. 

  54.                 var endpoint = context.GetEndpoint();
    55. 

  55.                 if (endpoint?.Metadata?.GetMetadata<IgnoreAntiforgeryTokenAttribute>() != null)
    56. 

  56.                 {
    57. 

  57.                     await next();
    58. 

  58.                     return;
    59. 

  59.                 }
    60. 

  60. 

  61.                 var path = context.Request.Path.Value ?? string.Empty;
    62. 

  62.                 if (path.StartsWith("/api/", StringComparison.OrdinalIgnoreCase))
    63. 

  63.                 {
    64. 

  64.                     await next();
    65. 

  65.                     return;
    66. 

  66.                 }
    67. 

  67. 

  68.                 await next();
    69. 

  69.             });
    70. 

  70.         }
    71. 

  71.     }
    72. 

  72. }
    73.