feat: 认证管理实时获取token

chore: 移除无用的库
fix: 修复signalR无法认证的问题
2025-08-13 14:36:01 +08:00 · 2025-08-13 14:34:50 +08:00 · 2025-08-13 14:32:41 +08:00
5 changed files with 38 additions and 20 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -18,7 +18,6 @@
        "axios": "^1.11.0",
        "echarts": "^5.6.0",
        "highlight.js": "^11.11.1",
-        "konva": "^9.3.20",
        "lodash": "^4.17.21",
        "log-symbols": "^7.0.0",
        "lucide-vue-next": "^0.525.0",
@ -3738,7 +3737,8 @@
          "url": "https://github.com/sponsors/lavrton"
        }
      ],
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
    },
    "node_modules/lightningcss": {
      "version": "1.29.2",
--- a/package.json
+++ b/package.json
@ -22,7 +22,6 @@
    "axios": "^1.11.0",
    "echarts": "^5.6.0",
    "highlight.js": "^11.11.1",
-    "konva": "^9.3.20",
    "lodash": "^4.17.21",
    "log-symbols": "^7.0.0",
    "lucide-vue-next": "^0.525.0",
--- a/server/Program.cs
+++ b/server/Program.cs
@ -64,6 +64,37 @@ try
            };
            options.Authority = $"http://{Global.LocalHost}:5000";
            options.RequireHttpsMetadata = false;
+
+            // We have to hook the OnMessageReceived event in order to
+            // allow the JWT authentication handler to read the access
+            // token from the query string when a WebSocket or
+            // Server-Sent Events request comes in.
+
+            // Sending the access token in the query string is required when using WebSockets or ServerSentEvents
+            // due to a limitation in Browser APIs. We restrict it to only calls to the
+            // SignalR hub in this code.
+            // See https://docs.microsoft.com/aspnet/core/signalr/security#access-token-logging
+            // for more information about security considerations when using
+            // the query string to transmit the access token.
+            options.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    var accessToken = context.Request.Query["access_token"];
+
+                    // If the request is for our hub...
+                    var path = context.HttpContext.Request.Path;
+                    if (!string.IsNullOrEmpty(accessToken) && (
+                            path.StartsWithSegments("/hubs/JtagHub") ||
+                            path.StartsWithSegments("/hubs/ProgressHub")
+                        ))
+                    {
+                        // Read the token out of the query string
+                        context.Token = accessToken;
+                    }
+                    return Task.CompletedTask;
+                }
+            };
        });
    // Add JWT Token Authorization Policy
    builder.Services.AddAuthorization(options =>
--- a/server/src/Controllers/VideoStreamController.cs
+++ b/server/src/Controllers/VideoStreamController.cs
@ -11,6 +11,7 @@ using server.Services;
 /// </summary>
 [ApiController]
 [Authorize]
+[EnableCors("Users")]
 [Route("api/[controller]")]
 public class VideoStreamController : ControllerBase
 {
@ -64,7 +65,6 @@ public class VideoStreamController : ControllerBase
    /// </summary>
    /// <returns>服务状态信息</returns>
    [HttpGet("ServiceStatus")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(VideoStreamServiceStatus), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public IResult GetServiceStatus()
@ -85,7 +85,6 @@ public class VideoStreamController : ControllerBase
    }

    [HttpGet("MyEndpoint")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(VideoStreamEndpoint), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public IResult MyEndpoint()
@ -109,7 +108,6 @@ public class VideoStreamController : ControllerBase
    /// </summary>
    /// <returns>连接测试结果</returns>
    [HttpPost("TestConnection")]
-    [EnableCors("Users")]
    [ProducesResponseType(typeof(bool), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(Exception), StatusCodes.Status500InternalServerError)]
    public async Task<IResult> TestConnection()
@ -143,6 +141,8 @@ public class VideoStreamController : ControllerBase
    }

    [HttpPost("SetVideoStreamEnable")]
+    [ProducesResponseType(typeof(object), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
    public async Task<IActionResult> SetVideoStreamEnable(bool enable)
    {
        try
--- a/src/utils/AuthManager.ts
+++ b/src/utils/AuthManager.ts
@ -212,30 +212,18 @@ export class AuthManager {
  }

  public static createAuthenticatedJtagHubConnection() {
-    const token = this.getToken();
-    if (isNull(token)) {
-      router.push("/login");
-      throw Error("Token Null!");
-    }
-
    return new HubConnectionBuilder()
      .withUrl("http://127.0.0.1:5000/hubs/JtagHub", {
-        accessTokenFactory: () => token,
+        accessTokenFactory: () => this.getToken() ?? "",
      })
      .withAutomaticReconnect()
      .build();
  }

  public static createAuthenticatedProgressHubConnection() {
-    const token = this.getToken();
-    if (isNull(token)) {
-      router.push("/login");
-      throw Error("Token Null!");
-    }
-
    return new HubConnectionBuilder()
      .withUrl("http://127.0.0.1:5000/hubs/ProgressHub", {
-        accessTokenFactory: () => token,
+        accessTokenFactory: () => this.getToken() ?? "",
      })
      .withAutomaticReconnect()
      .build();
Author	SHA1	Message	Date
SikongJueluo	76342553ad	feat: 认证管理实时获取token	2025-08-13 14:36:01 +08:00
SikongJueluo	efcdee2109	chore: 移除无用的库	2025-08-13 14:34:50 +08:00
SikongJueluo	37156c937a	fix: 修复signalR无法认证的问题	2025-08-13 14:32:41 +08:00