search

petrsvihlik / WopiHost

ASP.NET Core MVC implementation of the WOPI protocol. Enables integration with WOPI clients such as Office Online Server.
Other
193 stars 74 forks source link

Conflicting method/path combination "POST wopi/Files/{id}" for actions #167

Open qq312888991 opened 3 weeks ago

qq312888991 commented 3 weeks ago

version:3.0.0 image

This is my code:

using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using WopiHost.Abstractions;

namespace TestWOPI.Core.Wopi;

public class MyWopiSecurityHandler : IWopiSecurityHandler
{
    private readonly string _secretKey; // 用于生成和验证令牌的密钥  

    public MyWopiSecurityHandler(string secretKey)
    {
        _secretKey = secretKey;
    }

    public SecurityToken GenerateAccessToken(string user, string resourceId)
    {
        // 这里你可以根据需求自定义生成访问令牌的逻辑  
        var securityKey = new SymmetricSecurityKey(Convert.FromBase64String(_secretKey));
        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

        var claims = new[]
        {
            new Claim(ClaimTypes.Name, user),
            new Claim("resourceId", resourceId)
        };

        var token = new JwtSecurityToken(
            issuer: "your-issuer",
            audience: "your-audience",
            claims: claims,
            expires: DateTime.Now.AddHours(1),
            signingCredentials: credentials
        );

        return token;
    }

    public ClaimsPrincipal GetPrincipal(string token)
    {
        var handler = new JwtSecurityTokenHandler();
        var jwtToken = handler.ReadToken(token) as JwtSecurityToken;

        if (jwtToken == null)
        {
            return null; // 或者抛出异常  
        }

        var identity = new ClaimsIdentity(jwtToken.Claims, "Jwt");
        return new ClaimsPrincipal(identity);
    }

    public bool IsAuthorized(ClaimsPrincipal principal, string resourceId, WopiAuthorizationRequirement operation)
    {
        // 这里可以实现你自己的授权逻辑  
        // 例如,检查用户的角色、权限等  
        if (principal.Identity.IsAuthenticated)
        {
            // 简单示例:检查资源ID  
            // 实际逻辑可能会更复杂,可能需要从数据库或其他存储中验证用户权限  
            return true; // 或者根据实际情况返回 true/false  
        }

        return false;
    }

    public string WriteToken(SecurityToken token)
    {
        var handler = new JwtSecurityTokenHandler();
        return handler.WriteToken(token);
    }
}

Startup.cs

services.AddSingleton<IWopiSecurityHandler>(new MyWopiSecurityHandler("your-base64-secret-key"));
petrsvihlik commented 1 week ago

please provide the exact steps to reproduce