using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using WopiHost.Abstractions;
namespace TestWOPI.Core.Wopi;
public class MyWopiSecurityHandler : IWopiSecurityHandler
{
private readonly string _secretKey; // 用于生成和验证令牌的密钥
public MyWopiSecurityHandler(string secretKey)
{
_secretKey = secretKey;
}
public SecurityToken GenerateAccessToken(string user, string resourceId)
{
// 这里你可以根据需求自定义生成访问令牌的逻辑
var securityKey = new SymmetricSecurityKey(Convert.FromBase64String(_secretKey));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(ClaimTypes.Name, user),
new Claim("resourceId", resourceId)
};
var token = new JwtSecurityToken(
issuer: "your-issuer",
audience: "your-audience",
claims: claims,
expires: DateTime.Now.AddHours(1),
signingCredentials: credentials
);
return token;
}
public ClaimsPrincipal GetPrincipal(string token)
{
var handler = new JwtSecurityTokenHandler();
var jwtToken = handler.ReadToken(token) as JwtSecurityToken;
if (jwtToken == null)
{
return null; // 或者抛出异常
}
var identity = new ClaimsIdentity(jwtToken.Claims, "Jwt");
return new ClaimsPrincipal(identity);
}
public bool IsAuthorized(ClaimsPrincipal principal, string resourceId, WopiAuthorizationRequirement operation)
{
// 这里可以实现你自己的授权逻辑
// 例如,检查用户的角色、权限等
if (principal.Identity.IsAuthenticated)
{
// 简单示例:检查资源ID
// 实际逻辑可能会更复杂,可能需要从数据库或其他存储中验证用户权限
return true; // 或者根据实际情况返回 true/false
}
return false;
}
public string WriteToken(SecurityToken token)
{
var handler = new JwtSecurityTokenHandler();
return handler.WriteToken(token);
}
}
version:3.0.0
This is my code:
Startup.cs