using FutureMailAPI.Services; using FutureMailAPI.Models; namespace FutureMailAPI.Middleware { public class OAuthAuthenticationMiddleware { private readonly RequestDelegate _next; private readonly ILogger _logger; public OAuthAuthenticationMiddleware(RequestDelegate next, ILogger logger) { _next = next; _logger = logger; } public async Task InvokeAsync(HttpContext context, IOAuthService oauthService) { // 检查是否需要OAuth认证 var endpoint = context.GetEndpoint(); if (endpoint != null) { // 如果端点标记为AllowAnonymous,则跳过认证 var allowAnonymousAttribute = endpoint.Metadata.GetMetadata(); if (allowAnonymousAttribute != null) { await _next(context); return; } } // 检查Authorization头 var authHeader = context.Request.Headers.Authorization.FirstOrDefault(); if (authHeader != null && authHeader.StartsWith("Bearer ")) { var token = authHeader.Substring("Bearer ".Length).Trim(); // 验证令牌 var validationResult = await oauthService.ValidateTokenAsync(token); if (validationResult.Success) { // 获取访问令牌信息 var accessToken = await oauthService.GetAccessTokenAsync(token); if (accessToken != null) { // 将用户信息添加到HttpContext context.Items["UserId"] = accessToken.UserId; context.Items["UserEmail"] = accessToken.User.Email; context.Items["AccessToken"] = accessToken; await _next(context); return; } } } // 如果没有有效的令牌,返回401未授权 context.Response.StatusCode = 401; await context.Response.WriteAsync("未授权访问"); } } }