using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace XiangYi.Api.Tests.AdminApi;
///
/// 后台管理测试用认证处理器
///
public class AdminTestAuthHandler : AuthenticationHandler
{
public const string AuthenticationScheme = "AdminTestScheme";
public const string TestAdminId = "1";
public AdminTestAuthHandler(
IOptionsMonitor options,
ILoggerFactory logger,
UrlEncoder encoder)
: base(options, logger, encoder)
{
}
protected override Task HandleAuthenticateAsync()
{
// 检查是否有Authorization头
if (!Request.Headers.ContainsKey("Authorization"))
{
return Task.FromResult(AuthenticateResult.NoResult());
}
var authHeader = Request.Headers["Authorization"].ToString();
if (string.IsNullOrEmpty(authHeader) || !authHeader.StartsWith("Bearer "))
{
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization header"));
}
var token = authHeader.Substring("Bearer ".Length).Trim();
if (string.IsNullOrEmpty(token))
{
return Task.FromResult(AuthenticateResult.Fail("No token provided"));
}
// 从token中解析管理员ID(测试用,格式:admin-token-{adminId})
var adminId = TestAdminId;
if (token.StartsWith("admin-token-"))
{
adminId = token.Substring("admin-token-".Length);
}
// 检查是否是无权限token
var permissions = new List { "user:list", "user:view", "user:edit", "banner:list", "banner:add", "banner:edit", "banner:delete" };
if (token == "admin-token-no-permission")
{
permissions = new List(); // 无权限
}
var claims = new List
{
new Claim(ClaimTypes.NameIdentifier, adminId),
new Claim(ClaimTypes.Name, "TestAdmin"),
new Claim(ClaimTypes.Role, "admin"),
};
// 添加权限声明
foreach (var permission in permissions)
{
claims.Add(new Claim("permission", permission));
}
var identity = new ClaimsIdentity(claims, AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, AuthenticationScheme);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}