Laservall_solidworks_inject/Server/AuthTokenMiddleware.cs

using System;
using System.Net;

namespace Laservall.Solidworks.Server
{
    /// <summary>
    /// Per-session auth token. Passed to browser via URL fragment (#token=xxx),
    /// returned via Authorization: Bearer header or ?token= query param.
    /// </summary>
    internal sealed class AuthTokenMiddleware
    {
        private readonly string _token;

        public AuthTokenMiddleware()
        {
            _token = Guid.NewGuid().ToString("N");
        }

        public string Token => _token;

        public bool IsAuthorized(HttpListenerRequest request)
        {
            if (request.Url.AbsolutePath == "/")
            {
                return true;
            }

            string authHeader = request.Headers["Authorization"];
            if (!string.IsNullOrEmpty(authHeader))
            {
                const string bearerPrefix = "Bearer ";
                if (authHeader.StartsWith(bearerPrefix, StringComparison.OrdinalIgnoreCase))
                {
                    string headerToken = authHeader.Substring(bearerPrefix.Length).Trim();
                    if (string.Equals(headerToken, _token, StringComparison.Ordinal))
                    {
                        return true;
                    }
                }
            }

            // ?token= fallback for SSE/download (can't set custom headers)
            string queryToken = request.QueryString["token"];
            if (!string.IsNullOrEmpty(queryToken))
            {
                return string.Equals(queryToken, _token, StringComparison.Ordinal);
            }

            return false;
        }

        public static void RejectUnauthorized(HttpListenerResponse response)
        {
            response.StatusCode = 401;
            response.ContentType = "application/json; charset=utf-8";
            byte[] body = System.Text.Encoding.UTF8.GetBytes("{\"error\":\"Unauthorized\"}");
            response.ContentLength64 = body.Length;
            response.OutputStream.Write(body, 0, body.Length);
            response.Close();
        }
    }
}
新增 BOM 管理服务端 API 与前端集成支持本次提交主要内容如下： - 新增基于 HttpListener 的本地 BOM 服务端，支持 SPA 前端页面、BOM 数据流、导出、保存、设置等接口，并实现路由、鉴权、心跳监控、端口自动分配。 - 增加 BOM 数据提供接口及 SolidWorks COM API 交互实现，支持属性读写、装配结构解析、批量保存。 - 新增服务端数据传输 DTO、各类 API Handler、静态文件处理、STA 线程调度器。 - 新增 WPF 列配置窗口、进度窗口、BOM 视图模型，支持列配置、批量操作、进度反馈等 UI 功能。 - 优化整体前后端交互与用户体验，提升 BOM 管理系统功能性与扩展性。 2026-03-20 09:33:27 +08:00			`using System;`
			`using System.Net;`

			`namespace Laservall.Solidworks.Server`
			`{`
			`/// <summary>`
			`/// Per-session auth token. Passed to browser via URL fragment (#token=xxx),`
			`/// returned via Authorization: Bearer header or ?token= query param.`
			`/// </summary>`
			`internal sealed class AuthTokenMiddleware`
			`{`
			`private readonly string _token;`

			`public AuthTokenMiddleware()`
			`{`
			`_token = Guid.NewGuid().ToString("N");`
			`}`

			`public string Token => _token;`

			`public bool IsAuthorized(HttpListenerRequest request)`
			`{`
			`if (request.Url.AbsolutePath == "/")`
			`{`
			`return true;`
			`}`

			`string authHeader = request.Headers["Authorization"];`
			`if (!string.IsNullOrEmpty(authHeader))`
			`{`
			`const string bearerPrefix = "Bearer ";`
			`if (authHeader.StartsWith(bearerPrefix, StringComparison.OrdinalIgnoreCase))`
			`{`
			`string headerToken = authHeader.Substring(bearerPrefix.Length).Trim();`
			`if (string.Equals(headerToken, _token, StringComparison.Ordinal))`
			`{`
			`return true;`
			`}`
			`}`
			`}`

			`// ?token= fallback for SSE/download (can't set custom headers)`
			`string queryToken = request.QueryString["token"];`
			`if (!string.IsNullOrEmpty(queryToken))`
			`{`
			`return string.Equals(queryToken, _token, StringComparison.Ordinal);`
			`}`

			`return false;`
			`}`

			`public static void RejectUnauthorized(HttpListenerResponse response)`
			`{`
			`response.StatusCode = 401;`
			`response.ContentType = "application/json; charset=utf-8";`
			`byte[] body = System.Text.Encoding.UTF8.GetBytes("{\"error\":\"Unauthorized\"}");`
			`response.ContentLength64 = body.Length;`
			`response.OutputStream.Write(body, 0, body.Length);`
			`response.Close();`
			`}`
			`}`
			`}`