msumshk/TakeoutSaaS.TenantApi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 禁止 TenantId=0 并改为系统租户

Browse Source
This commit is contained in:
root
2026-01-29 13:16:15 +00:00
parent 77836e270f
commit bc1c4cc41b
4 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Modules/TakeoutSaaS.Module.Tenancy/TenantResolutionMiddleware.cs
View File

@@ -89,18 +89,25 @@ public sealed class TenantResolutionMiddleware(
private static TenantContext ResolveTenant(HttpContext context, TenantResolutionOptions options)
{
var request = context.Request;
var isAuthenticated = context.User?.Identity?.IsAuthenticated == true;
// 1. Token Claim已认证请求必须以 Claim 为准,避免 Header 覆盖导致跨租户访问)
var claim = context.User?.FindFirst("tenant_id");
if (claim != null && long.TryParse(claim.Value, out var claimTenant))
if (claim != null && long.TryParse(claim.Value, out var claimTenant) && claimTenant > 0)
{
return new TenantContext(claimTenant, null, "claim:tenant_id");
}
// 1.1 (空行后) 已认证但缺少合法租户 Claim则视为未解析不允许 Header 覆盖)
if (isAuthenticated)
{
return TenantContext.Empty;
}
// 2. Header 中的租户 ID
if (!string.IsNullOrWhiteSpace(options.TenantIdHeaderName) &&
request.Headers.TryGetValue(options.TenantIdHeaderName, out var tenantHeader) &&
long.TryParse(tenantHeader.FirstOrDefault(), out var headerTenantId))
long.TryParse(tenantHeader.FirstOrDefault(), out var headerTenantId) &&
headerTenantId > 0)
{
return new TenantContext(headerTenantId, null, $"header:{options.TenantIdHeaderName}");
}
@@ -120,7 +127,7 @@ public sealed class TenantResolutionMiddleware(
var host = request.Host.Host;
if (!string.IsNullOrWhiteSpace(host))
{
if (options.DomainTenantMap.TryGetValue(host, out var tenantFromHost))
if (options.DomainTenantMap.TryGetValue(host, out var tenantFromHost) && tenantFromHost > 0)
{
return new TenantContext(tenantFromHost, null, $"host:{host}");
}
@@ -143,7 +150,7 @@ public sealed class TenantResolutionMiddleware(
return false;
}
return options.CodeTenantMap.TryGetValue(code, out tenantId);
return options.CodeTenantMap.TryGetValue(code, out tenantId) && tenantId > 0;
}
private static string? ResolveCodeFromHost(string host, string? rootDomain)