fix: 修复signalR无法认证的问题

2025-08-13 14:32:32 +08:00 · 2025-08-13 14:32:32 +08:00 · 37156c937a
parent 6e84953740
commit 37156c937a
2 changed files with 34 additions and 3 deletions
--- a/server/Program.cs
+++ b/server/Program.cs
@ -64,6 +64,37 @@ try
            };
            options.Authority = $"http://{Global.LocalHost}:5000";
            options.RequireHttpsMetadata = false;
+
+            // We have to hook the OnMessageReceived event in order to
+            // allow the JWT authentication handler to read the access
+            // token from the query string when a WebSocket or
+            // Server-Sent Events request comes in.
+
+            // Sending the access token in the query string is required when using WebSockets or ServerSentEvents
+            // due to a limitation in Browser APIs. We restrict it to only calls to the
+            // SignalR hub in this code.
+            // See https://docs.microsoft.com/aspnet/core/signalr/security#access-token-logging
+            // for more information about security considerations when using
+            // the query string to transmit the access token.
+            options.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    var accessToken = context.Request.Query["access_token"];
+
+                    // If the request is for our hub...
+                    var path = context.HttpContext.Request.Path;
+                    if (!string.IsNullOrEmpty(accessToken) && (
+                            path.StartsWithSegments("/hubs/JtagHub") ||
+                            path.StartsWithSegments("/hubs/ProgressHub")
+                        ))
+                    {
+                        // Read the token out of the query string
+                        context.Token = accessToken;
+                    }
+                    return Task.CompletedTask;
+                }
+            };
        });
    // Add JWT Token Authorization Policy
    builder.Services.AddAuthorization(options =>
--- a/server/src/Controllers/VideoStreamController.cs
+++ b/server/src/Controllers/VideoStreamController.cs
@ -11,6 +11,7 @@ using server.Services;
 /// </summary>
 [ApiController]
 [Authorize]
+[EnableCors("Users")]
 [Route("api/[controller]")]
 public class VideoStreamController : ControllerBase
 {
@ -64,7 +65,6 @@ public class VideoStreamController : ControllerBase
    /// </summary>
    /// <returns>服务状态信息</returns>
    [HttpGet("ServiceStatus")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(VideoStreamServiceStatus), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public IResult GetServiceStatus()
@ -85,7 +85,6 @@ public class VideoStreamController : ControllerBase
    }

    [HttpGet("MyEndpoint")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(VideoStreamEndpoint), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public IResult MyEndpoint()
@ -109,7 +108,6 @@ public class VideoStreamController : ControllerBase
    /// </summary>
    /// <returns>连接测试结果</returns>
    [HttpPost("TestConnection")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(bool), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public async Task<IResult> TestConnection()
@ -143,6 +141,8 @@ public class VideoStreamController : ControllerBase
    }

    [HttpPost("SetVideoStreamEnable")]
+    [ProducesResponseType(typeof(object), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
    public async Task<IActionResult> SetVideoStreamEnable(bool enable)
    {
        try