40 lines
1.3 KiB
C#
40 lines
1.3 KiB
C#
|
using System.Security.Claims;
|
|||
|
|
|
|||
|
|
namespace Avalonia_Services.Core
|
|||
|
|
{
|
|||
|
|
/// <summary>
|
|||
|
|
/// 鉴权服务抽象 —— 各宿主按自己的方式实现(JWT / Cookie / Token 等)。
|
|||
|
|
/// </summary>
|
|||
|
|
public interface IAuthService
|
|||
|
|
{
|
|||
|
|
/// <summary>
|
|||
|
|
/// 验证请求并返回用户主体;返回 null 表示未授权。
|
|||
|
|
/// </summary>
|
|||
|
|
Task<ClaimsPrincipal?> AuthenticateAsync(ServiceEndpointContext context);
|
|||
|
|
|
|||
|
|
/// <summary>
|
|||
|
|
/// 检查当前用户是否有指定权限。
|
|||
|
|
/// </summary>
|
|||
|
|
Task<bool> AuthorizeAsync(ClaimsPrincipal user, string policy);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/// <summary>
|
|||
|
|
/// 无需鉴权的默认实现(开发/公开 API 场景)。
|
|||
|
|
/// </summary>
|
|||
|
|
public sealed class AnonymousAuthService : IAuthService
|
|||
|
|
{
|
|||
|
|
/// <inheritdoc />
|
|||
|
|
public Task<ClaimsPrincipal?> AuthenticateAsync(ServiceEndpointContext context)
|
|||
|
|
{
|
|||
|
|
// 匿名用户,始终通过
|
|||
|
|
var identity = new ClaimsIdentity("anonymous");
|
|||
|
|
return Task.FromResult<ClaimsPrincipal?>(new ClaimsPrincipal(identity));
|
|||
|
|
}
|
|||
|
|
/// <inheritdoc />
|
|||
|
|
public Task<bool> AuthorizeAsync(ClaimsPrincipal user, string policy)
|
|||
|
|
{
|
|||
|
|
return Task.FromResult(true);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|