vipwan/Biwen.QuickApi

提供对Antiforgery防伪令牌检测的支持

Closed this issue · 0 comments

vipwan commented

提供对Antiforgery防伪令牌检测的支持

设置: public override bool IsAntiforgeryEnabled => true;

注意 缺省状态是不做验证的,所以需要验证务必设置为true

如果要禁止请设置IsAntiforgeryEnabled =false;
.NET8同时支持使用 builder.DisableAntiforgery(); 和设置 IsAntiforgeryEnabled =false;

    [QuickApi("ant-ui")]
    public class AntUI : BaseQuickApiWithoutRequest<IResultResponse>
    {
        private readonly IAntiforgery _antiforgery;
        private readonly IHttpContextAccessor _httpContextAccessor;
        public AntUI(IAntiforgery antiforgery, IHttpContextAccessor httpContextAccessor)
        {
            _antiforgery = antiforgery;
            _httpContextAccessor = httpContextAccessor;
        }

        public override async Task<IResultResponse> ExecuteAsync(EmptyRequest request)
        {
            var token = _antiforgery.GetAndStoreTokens(_httpContextAccessor.HttpContext!);
            var html = $"""
              <html>
                <body>
                 <h3>Upload a image test</h3>
                  <form name="form1" action="/quick/ant" method="post" enctype="multipart/form-data">
                    <input name="{token.FormFieldName}" type="hidden" value="{token.RequestToken}"/>
                    <input type="file" name="file" placeholder="Upload an image..." accept=".jpg,.png" />
                    <input type="submit" />
                  </form> 
                </body>
              </html>
            """;
            await Task.CompletedTask;
            return Results.Content(html, "text/html").AsRspOfResult();
        }
    }


    public class AntRequest : BaseRequest<AntRequest>
    {
        /// <summary>
        /// 上传的文件
        /// </summary>
        public IFormFile? File { get; set; }

        public AntRequest()
        {
            RuleFor(x => x.File).NotNull();
        }
    }

    [QuickApi("ant", Verbs = Verb.POST)]
    public class AntApi : BaseQuickApi<AntRequest, IResultResponse>
    {
        /// <summary>
        /// 启动防伪验证
        /// </summary>
        public override bool IsAntiforgeryEnabled => true;

        public override async Task<IResultResponse> ExecuteAsync(AntRequest request)
        {
            await Task.CompletedTask;
            //return "Successed!".AsRspOfResult();
            return Results.File(request.File!.OpenReadStream(), "image/png").AsRspOfResult();
        }

        public override RouteHandlerBuilder HandlerBuilder(RouteHandlerBuilder builder)
        {
            //上传文件必须使用 multipart/form-data
            builder.Accepts<AntRequest>("multipart/form-data");
            return base.HandlerBuilder(builder);
        }
    }