rakor
/
gateway
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
38 KiB
 
Tree: fd676201ec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fd676201ec'
${ noResults }
gateway/HuiXin.Gateway.Ocelot/Extensions/OcelotExtensions.cs

64 lines
2.5 KiB
Raw Blame History

using HuiXin.Gateway.Ocelot.Authorizers;
using HuiXin.Gateway.Ocelot.Configurations;
using HuiXin.Gateway.Ocelot.Middlewares;
using Ocelot.Authorization;
using Ocelot.DependencyInjection;
using Ocelot.Infrastructure.Claims.Parser;
using Ocelot.Middleware;
using Ocelot.Provider.Consul;
using System.Security.Claims;
namespace HuiXin.Gateway.Ocelot.Extensions
{
public static class OcelotExtensions
{
public static IServiceCollection AddMyOcelot(this IServiceCollection services, IConfiguration configuration)
{
services.AddOcelot().AddConsul();
services.AddSingleton<IRolesAuthorizer, HttpRolesAuthorizer>();
services.Configure<RolesAuthorizerConfiguration>(configuration.GetSection("RolesAuthorizer"));
return services;
}
public static IApplicationBuilder UseMyOcelot(this WebApplication app)
{
app.UseMiddleware<AccessLoggingMiddleware>();
app.UseOcelot(new OcelotPipelineConfiguration
{
PreQueryStringBuilderMiddleware = async (context, next) =>
{
var claimsParser = app.Services.GetRequiredService<IClaimsParser>();
var values = claimsParser.GetValuesByClaimType(context.User.Claims, ClaimsIdentity.DefaultRoleClaimType);
if (values.IsError)
{
context.Items.UpsertErrors(values.Errors);
return;
}
if (values.Data == null || values.Data.Count == 0)
{
context.Items.SetError(new UserDoesNotHaveClaimError("token中未包含角色信息"));
return;
}
var downstreamRoute = context.Items.DownstreamRoute();
var url = downstreamRoute.DownstreamPathTemplate.Value;
context.Items.TemplatePlaceholderNameAndValues().ForEach(nv =>
{
url = url.Replace(nv.Name, nv.Value);
});
var rolesAuthorizer = app.Services.GetRequiredService<IRolesAuthorizer>();
var result = await rolesAuthorizer.Authorize(values.Data, url);
if (result.IsError)
{
context.Items.UpsertErrors(result.Errors);
return;
}
await next.Invoke();
}
}).Wait();
return app;
}
}
}