【netcore基礎】wwwroot下靜態資源文件訪問權限控制

本文參考以下博問

https://q.cnblogs.com/q/107836

 

業務要求

上傳的資源文件（.mp3 .mp4等）只有購買了以後纔能有權限訪問，因此對上傳的資源文件目錄進行訪問權限控制

地址舉例

https://localhost:5001/assets/upload/images/20181018/0d9819d2-14d2-47eb-a763-be9d19c69e42.mp4

後面的文件目錄是對應上 wwwroot 下，上傳的資源目錄，正常狀況下全部用戶均可以訪問，這裏咱們要控制權限，只有購買訂單的用戶才能訪問。

 

首先

在 Startup.cs 文件的 Configure 方法裏配置以下代碼

            app.UseWhen(
                c => c.Request.Path.Value.Contains("assets"), _ => _.UseMiddleware<AuthorizeStaticFilesMiddleware>());

            app.UseStaticFiles();

這裏咱們判斷包含關鍵字的請求才會交給 AuthorizeStaticFilesMiddleware 中間件去處理。

AuthorizeStaticFilesMiddleware  代碼

using GeduData.Server;
using GeduService.Interface;
using GeduService.Req;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;

namespace GeduDistributionApi.Extension
{
    public class AuthorizeStaticFilesMiddleware
    {
        private readonly RequestDelegate _next;
        private readonly IResourceService _resourceService;

        public AuthorizeStaticFilesMiddleware(
            RequestDelegate next

            , IResourceService resourceService
            )
        {
            _next = next;
            _resourceService = resourceService;
        }

        public async Task Invoke(HttpContext context, IAuthorizationService authorService)
        {
            var url = context.Request.GetAbsoluteUri();
            var sid = context.Request.Headers["sid"].ToString();
            if (string.IsNullOrEmpty(sid))
            {
                throw new GeduException("resource 403 forbidden sid is empty");
            }

            var result = _resourceService.ValidateResourceAuthor(new ValidateResourceAuthorReq { Url = url, SID = sid, }); if (result.IsSucess == false)
            {
                await context.ForbidAsync();
            }

            await _next(context);
        }

    }
}

 

這裏咱們獲取到請求頭的 sid ，這個 sid 是咱們本身定義的登陸受權，能夠理解爲 token，裏面附帶了用戶信息

下面就是業務邏輯處理的代碼，供參考

 public ValidateResourceAuthorResp ValidateResourceAuthor(ValidateResourceAuthorReq req)
        {
            var loginUser = UserHelper._GetUser(req.SID);

            if (string.IsNullOrEmpty(req.Url))
            {
                throw new GeduException("url is empty");
            }
            //https://localhost:5001/assets/upload/images/20181018/0d9819d2-14d2-47eb-a763-be9d19c69e42.jpg
            req.Url = req.Url.Trim().ToLower();

            if (req.Url.EndsWith(".mp4") || req.Url.EndsWith(".mp3"))
            {
                //...
            }
            
            return new ValidateResourceAuthorResp
            {
                IsSucess = true,
            };
        }

 

這裏就能夠寫本身的訂單查詢，資源權限的邏輯代碼了，根據業務需求自定義

搞定