From 8fbffb0a261cf273c5bc55bd912287eca0e75092 Mon Sep 17 00:00:00 2001
From: xiaju <1784803958@qq.com>
Date: Fri, 31 Oct 2025 15:50:51 +0800
Subject: [PATCH] 1

---
 SGGL/BLL/BLL.csproj                           |   1 +
 SGGL/BLL/Common/TokenHelper.cs                | 127 ++++++++++++++++++
 SGGL/FineUIPro.Web/common/PageBase.cs         |  32 +++++
 .../PublishProfiles/FolderProfile.pubxml.user |  18 +--
 4 files changed, 169 insertions(+), 9 deletions(-)
 create mode 100644 SGGL/BLL/Common/TokenHelper.cs

diff --git a/SGGL/BLL/BLL.csproj b/SGGL/BLL/BLL.csproj
index 98079fd0..0c4bfeb6 100644
--- a/SGGL/BLL/BLL.csproj
+++ b/SGGL/BLL/BLL.csproj
@@ -179,6 +179,7 @@
     <Compile Include="Common\AttachFileService.cs" />
     <Compile Include="Common\CodeRecordsService.cs" />
     <Compile Include="Common\CommonService.cs" />
+    <Compile Include="Common\TokenHelper.cs" />
     <Compile Include="Common\HttpHelper.cs" />
     <Compile Include="Common\CreateQRCodeService.cs" />
     <Compile Include="Common\IDCardValid.cs" />
diff --git a/SGGL/BLL/Common/TokenHelper.cs b/SGGL/BLL/Common/TokenHelper.cs
new file mode 100644
index 00000000..035d62b5
--- /dev/null
+++ b/SGGL/BLL/Common/TokenHelper.cs
@@ -0,0 +1,127 @@
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+using Newtonsoft.Json;
+
+namespace BLL
+{
+    /// <summary>
+    /// Token加密解密工具类
+    /// 用于iframe跨域自动登录的token处理
+    /// </summary>
+    public static class TokenHelper
+    {
+        // 默认密钥，建议从配置文件中读取
+        private static readonly string SecretKey = "cncec-subqhse-256bit-secret-key-for-auth-token";
+
+        /// <summary>
+        /// 加密Token
+        /// </summary>
+        /// <param name="plainText">明文</param>
+        /// <returns>加密后的Base64字符串</returns>
+        public static string EncryptToken(string plainText)
+        {
+            try
+            {
+                // 确保密钥长度为32字节（256位）
+                string key = SecretKey.PadRight(32, '0').Substring(0, 32);
+
+                using (var aes = Aes.Create())
+                {
+                    aes.Key = Encoding.UTF8.GetBytes(key);
+                    aes.IV = new byte[16]; // 使用固定IV，简化实现
+                    aes.Mode = CipherMode.CBC;
+                    aes.Padding = PaddingMode.PKCS7;
+
+                    using (var encryptor = aes.CreateEncryptor())
+                    using (var msEncrypt = new MemoryStream())
+                    {
+                        using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
+                        using (var swEncrypt = new StreamWriter(csEncrypt))
+                        {
+                            swEncrypt.Write(plainText);
+                        }
+                        return Convert.ToBase64String(msEncrypt.ToArray());
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                throw new Exception($"Token加密失败: {ex.Message}", ex);
+            }
+        }
+
+        /// <summary>
+        /// 解密Token
+        /// </summary>
+        /// <param name="cipherText">加密的Base64字符串</param>
+        /// <returns>解密后的明文</returns>
+        public static string DecryptToken(string cipherText)
+        {
+            try
+            {
+                // 确保密钥长度为32字节（256位）
+                string key = SecretKey.PadRight(32, '0').Substring(0, 32);
+
+                using (var aes = Aes.Create())
+                {
+                    aes.Key = Encoding.UTF8.GetBytes(key);
+                    aes.IV = new byte[16]; // 使用固定IV，与加密一致
+                    aes.Mode = CipherMode.CBC;
+                    aes.Padding = PaddingMode.PKCS7;
+
+                    using (var decryptor = aes.CreateDecryptor())
+                    using (var msDecrypt = new MemoryStream(Convert.FromBase64String(cipherText)))
+                    using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
+                    using (var srDecrypt = new StreamReader(csDecrypt))
+                    {
+                        return srDecrypt.ReadToEnd();
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                throw new Exception($"Token解密失败: {ex.Message}", ex);
+            }
+        }
+
+        /// <summary>
+        /// 生成认证Token
+        /// </summary>
+        /// <param name="userId">用户ID</param>
+        /// <param name="source">来源标识</param>
+        /// <returns>加密的Token</returns>
+        public static string GenerateAuthToken(string userId, string source = "qhse.cncecoa.com")
+        {
+            var tokenData = new
+            {
+                user_id = userId,
+                timestamp = DateTimeOffset.Now.ToUnixTimeSeconds(),
+                source = source,
+                random = Guid.NewGuid().ToString("N").Substring(0, 8) // 添加8位随机数增强安全性
+            };
+
+            string json = JsonConvert.SerializeObject(tokenData);
+            return EncryptToken(json);
+        }
+
+        /// <summary>
+        /// 验证Token格式
+        /// </summary>
+        /// <param name="token">Token字符串</param>
+        /// <returns>是否为有效的Base64格式</returns>
+        public static bool IsValidTokenFormat(string token)
+        {
+            try
+            {
+                Convert.FromBase64String(token);
+                return true;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/SGGL/FineUIPro.Web/common/PageBase.cs b/SGGL/FineUIPro.Web/common/PageBase.cs
index f88df4a0..a4be674d 100644
--- a/SGGL/FineUIPro.Web/common/PageBase.cs
+++ b/SGGL/FineUIPro.Web/common/PageBase.cs
@@ -111,6 +111,38 @@ namespace FineUIPro.Web
 
             string a = Request.ServerVariables["HTTP_REFERER"];
             string Referer = Request.Headers["Referer"];
+            // 检查auth_token参数实现iframe自动登录
+            string authToken = Request.QueryString["auth_token"];
+            if (!string.IsNullOrEmpty(authToken) && this.CurrUser == null)
+            {
+                try
+                {
+                    // 解密并验证token
+                    string decryptedToken = BLL.TokenHelper.DecryptToken(authToken);
+                    var tokenData = JsonConvert.DeserializeObject<dynamic>(decryptedToken);
+
+                    // 验证时间戳（2小时有效期）
+                    long timestamp = tokenData.timestamp;
+                    if (DateTimeOffset.Now.ToUnixTimeSeconds() - timestamp <= 7200) // 2小时 = 7200秒
+                    {
+                        // 验证用户ID
+                        string userId = tokenData.user_id;
+                        if (userId == Const.sysglyId)
+                        {
+                            var user = UserService.GetUserByUserId(Const.sysglyId);
+                            if (user != null)
+                            {
+                                this.Session["CurrUser"] = user;
+                                BLL.LogService.AddLog(Const.sysglyId, "iframe Token自动登录成功");
+                            }
+                        }
+                    }
+                }
+                catch (Exception ex)
+                {
+                    BLL.LogService.AddLog("", $"iframe Token自动登录失败：{ex.Message}");
+                }
+            }
 
             if (a == null)
             {
diff --git a/SGGL/WebAPI/Properties/PublishProfiles/FolderProfile.pubxml.user b/SGGL/WebAPI/Properties/PublishProfiles/FolderProfile.pubxml.user
index e0759c07..54bb2575 100644
--- a/SGGL/WebAPI/Properties/PublishProfiles/FolderProfile.pubxml.user
+++ b/SGGL/WebAPI/Properties/PublishProfiles/FolderProfile.pubxml.user
@@ -6,7 +6,7 @@
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <_PublishTargetUrl>G:\发布\五环WebApi</_PublishTargetUrl>
-    <History>True|2025-10-29T08:22:27.7866967Z||;True|2025-10-29T11:19:32.1187038+08:00||;True|2025-10-24T15:59:19.4176668+08:00||;True|2025-10-23T10:17:32.2384443+08:00||;True|2025-10-23T10:09:35.0601937+08:00||;True|2025-10-23T09:59:27.2018799+08:00||;True|2025-09-29T15:39:36.8617347+08:00||;True|2025-09-29T11:28:10.9193152+08:00||;True|2025-09-29T10:59:58.2893583+08:00||;True|2025-09-23T16:56:39.6344263+08:00||;True|2025-09-23T16:44:57.4175593+08:00||;True|2025-09-23T16:44:35.0478492+08:00||;True|2025-09-23T16:06:50.5843534+08:00||;True|2025-09-22T20:54:35.9805610+08:00||;True|2025-09-22T20:45:58.7044128+08:00||;True|2025-09-22T20:40:46.7449595+08:00||;True|2025-09-22T15:14:22.9602725+08:00||;True|2025-09-22T15:08:27.5989706+08:00||;True|2025-09-22T14:54:19.5237685+08:00||;True|2025-09-18T09:53:17.9300539+08:00||;True|2025-09-16T19:11:12.4383069+08:00||;True|2025-09-02T11:14:00.9580707+08:00||;True|2025-09-02T10:52:20.0445598+08:00||;True|2025-08-29T17:56:01.6245615+08:00||;True|2025-08-29T17:55:41.2802685+08:00||;True|2025-08-09T21:27:40.2103961+08:00||;True|2025-08-06T15:31:52.1166645+08:00||;True|2025-08-04T18:56:13.9675910+08:00||;True|2025-07-23T11:12:18.0134770+08:00||;True|2025-07-23T10:36:09.9990536+08:00||;True|2025-07-23T10:35:51.8814789+08:00||;True|2025-07-21T17:46:45.4620710+08:00||;True|2025-07-21T17:40:43.9871097+08:00||;True|2025-07-21T17:29:11.9275869+08:00||;True|2025-07-21T17:05:21.7763763+08:00||;True|2025-07-18T17:55:59.4892329+08:00||;True|2025-07-18T11:08:56.2628896+08:00||;True|2025-07-18T10:53:44.2534260+08:00||;True|2025-07-18T10:27:52.6751668+08:00||;True|2025-07-18T10:03:09.1785776+08:00||;True|2025-07-18T10:02:38.1252107+08:00||;True|2025-07-17T18:19:07.5837609+08:00||;True|2025-07-17T15:40:11.9126705+08:00||;True|2025-07-11T17:54:03.0298703+08:00||;True|2025-07-11T16:19:50.3283029+08:00||;True|2025-07-11T15:49:22.5920473+08:00||;True|2025-07-02T14:39:27.0436873+08:00||;True|2025-07-02T11:18:29.1208369+08:00||;True|2025-07-01T15:52:16.6767496+08:00||;True|2025-07-01T10:14:59.0471052+08:00||;True|2025-06-28T11:40:36.0544739+08:00||;True|2025-06-27T15:10:24.4628086+08:00||;True|2025-06-27T10:31:14.8332810+08:00||;True|2025-06-27T10:13:13.3022394+08:00||;True|2025-06-26T23:51:04.1304509+08:00||;True|2025-06-26T23:34:06.4223762+08:00||;True|2025-06-26T22:42:08.9018138+08:00||;True|2025-06-26T22:16:01.8954571+08:00||;True|2025-06-26T21:19:42.2638204+08:00||;True|2025-06-25T23:22:39.7267591+08:00||;True|2025-06-25T23:19:33.2378458+08:00||;True|2025-06-25T22:18:16.2863303+08:00||;True|2025-06-25T22:10:29.2540175+08:00||;True|2025-06-25T22:00:58.5212166+08:00||;True|2025-06-25T22:00:31.2531214+08:00||;True|2025-06-25T18:33:01.5770030+08:00||;True|2025-06-25T17:47:33.7779622+08:00||;True|2025-06-25T17:40:26.9905954+08:00||;True|2025-06-20T11:24:58.4099232+08:00||;True|2025-06-19T16:42:45.2358810+08:00||;True|2025-06-16T19:28:10.6447738+08:00||;True|2025-06-12T11:00:02.3559090+08:00||;True|2025-06-12T10:40:29.0324520+08:00||;True|2025-06-04T23:24:01.0324973+08:00||;True|2025-06-04T18:39:41.7304136+08:00||;True|2025-06-04T11:23:17.3803405+08:00||;True|2025-06-04T11:04:32.4212196+08:00||;True|2025-05-26T19:19:09.7246357+08:00||;True|2025-05-26T19:16:39.1283077+08:00||;True|2025-05-26T19:09:24.1561616+08:00||;True|2025-04-07T16:11:44.5172315+08:00||;True|2025-04-02T18:10:22.8695984+08:00||;True|2025-04-02T17:59:51.2978116+08:00||;True|2025-04-02T17:50:55.8630437+08:00||;True|2025-04-02T17:49:22.5114405+08:00||;True|2025-04-02T17:47:11.0650205+08:00||;True|2025-04-02T17:39:09.8576853+08:00||;True|2025-04-02T17:38:15.3079030+08:00||;True|2025-04-02T17:22:03.6735964+08:00||;True|2025-04-02T17:19:04.4220913+08:00||;True|2025-04-02T17:17:14.0244636+08:00||;True|2025-04-02T17:11:09.6583011+08:00||;True|2025-04-02T17:07:23.6330597+08:00||;True|2025-04-02T16:58:45.4070649+08:00||;True|2025-04-02T16:50:20.5907511+08:00||;True|2025-04-02T16:44:18.5351224+08:00||;True|2025-04-02T16:31:11.1297141+08:00||;True|2025-04-02T16:18:43.1126995+08:00||;True|2025-04-02T14:50:42.5384021+08:00||;True|2025-04-01T10:53:08.9403414+08:00||;</History>
+    <History>True|2025-10-30T07:58:05.2014433Z||;True|2025-10-29T16:22:27.7866967+08:00||;True|2025-10-29T11:19:32.1187038+08:00||;True|2025-10-24T15:59:19.4176668+08:00||;True|2025-10-23T10:17:32.2384443+08:00||;True|2025-10-23T10:09:35.0601937+08:00||;True|2025-10-23T09:59:27.2018799+08:00||;True|2025-09-29T15:39:36.8617347+08:00||;True|2025-09-29T11:28:10.9193152+08:00||;True|2025-09-29T10:59:58.2893583+08:00||;True|2025-09-23T16:56:39.6344263+08:00||;True|2025-09-23T16:44:57.4175593+08:00||;True|2025-09-23T16:44:35.0478492+08:00||;True|2025-09-23T16:06:50.5843534+08:00||;True|2025-09-22T20:54:35.9805610+08:00||;True|2025-09-22T20:45:58.7044128+08:00||;True|2025-09-22T20:40:46.7449595+08:00||;True|2025-09-22T15:14:22.9602725+08:00||;True|2025-09-22T15:08:27.5989706+08:00||;True|2025-09-22T14:54:19.5237685+08:00||;True|2025-09-18T09:53:17.9300539+08:00||;True|2025-09-16T19:11:12.4383069+08:00||;True|2025-09-02T11:14:00.9580707+08:00||;True|2025-09-02T10:52:20.0445598+08:00||;True|2025-08-29T17:56:01.6245615+08:00||;True|2025-08-29T17:55:41.2802685+08:00||;True|2025-08-09T21:27:40.2103961+08:00||;True|2025-08-06T15:31:52.1166645+08:00||;True|2025-08-04T18:56:13.9675910+08:00||;True|2025-07-23T11:12:18.0134770+08:00||;True|2025-07-23T10:36:09.9990536+08:00||;True|2025-07-23T10:35:51.8814789+08:00||;True|2025-07-21T17:46:45.4620710+08:00||;True|2025-07-21T17:40:43.9871097+08:00||;True|2025-07-21T17:29:11.9275869+08:00||;True|2025-07-21T17:05:21.7763763+08:00||;True|2025-07-18T17:55:59.4892329+08:00||;True|2025-07-18T11:08:56.2628896+08:00||;True|2025-07-18T10:53:44.2534260+08:00||;True|2025-07-18T10:27:52.6751668+08:00||;True|2025-07-18T10:03:09.1785776+08:00||;True|2025-07-18T10:02:38.1252107+08:00||;True|2025-07-17T18:19:07.5837609+08:00||;True|2025-07-17T15:40:11.9126705+08:00||;True|2025-07-11T17:54:03.0298703+08:00||;True|2025-07-11T16:19:50.3283029+08:00||;True|2025-07-11T15:49:22.5920473+08:00||;True|2025-07-02T14:39:27.0436873+08:00||;True|2025-07-02T11:18:29.1208369+08:00||;True|2025-07-01T15:52:16.6767496+08:00||;True|2025-07-01T10:14:59.0471052+08:00||;True|2025-06-28T11:40:36.0544739+08:00||;True|2025-06-27T15:10:24.4628086+08:00||;True|2025-06-27T10:31:14.8332810+08:00||;True|2025-06-27T10:13:13.3022394+08:00||;True|2025-06-26T23:51:04.1304509+08:00||;True|2025-06-26T23:34:06.4223762+08:00||;True|2025-06-26T22:42:08.9018138+08:00||;True|2025-06-26T22:16:01.8954571+08:00||;True|2025-06-26T21:19:42.2638204+08:00||;True|2025-06-25T23:22:39.7267591+08:00||;True|2025-06-25T23:19:33.2378458+08:00||;True|2025-06-25T22:18:16.2863303+08:00||;True|2025-06-25T22:10:29.2540175+08:00||;True|2025-06-25T22:00:58.5212166+08:00||;True|2025-06-25T22:00:31.2531214+08:00||;True|2025-06-25T18:33:01.5770030+08:00||;True|2025-06-25T17:47:33.7779622+08:00||;True|2025-06-25T17:40:26.9905954+08:00||;True|2025-06-20T11:24:58.4099232+08:00||;True|2025-06-19T16:42:45.2358810+08:00||;True|2025-06-16T19:28:10.6447738+08:00||;True|2025-06-12T11:00:02.3559090+08:00||;True|2025-06-12T10:40:29.0324520+08:00||;True|2025-06-04T23:24:01.0324973+08:00||;True|2025-06-04T18:39:41.7304136+08:00||;True|2025-06-04T11:23:17.3803405+08:00||;True|2025-06-04T11:04:32.4212196+08:00||;True|2025-05-26T19:19:09.7246357+08:00||;True|2025-05-26T19:16:39.1283077+08:00||;True|2025-05-26T19:09:24.1561616+08:00||;True|2025-04-07T16:11:44.5172315+08:00||;True|2025-04-02T18:10:22.8695984+08:00||;True|2025-04-02T17:59:51.2978116+08:00||;True|2025-04-02T17:50:55.8630437+08:00||;True|2025-04-02T17:49:22.5114405+08:00||;True|2025-04-02T17:47:11.0650205+08:00||;True|2025-04-02T17:39:09.8576853+08:00||;True|2025-04-02T17:38:15.3079030+08:00||;True|2025-04-02T17:22:03.6735964+08:00||;True|2025-04-02T17:19:04.4220913+08:00||;True|2025-04-02T17:17:14.0244636+08:00||;True|2025-04-02T17:11:09.6583011+08:00||;True|2025-04-02T17:07:23.6330597+08:00||;True|2025-04-02T16:58:45.4070649+08:00||;True|2025-04-02T16:50:20.5907511+08:00||;True|2025-04-02T16:44:18.5351224+08:00||;True|2025-04-02T16:31:11.1297141+08:00||;True|2025-04-02T16:18:43.1126995+08:00||;True|2025-04-02T14:50:42.5384021+08:00||;</History>
     <LastFailureDetails />
   </PropertyGroup>
   <ItemGroup>
@@ -86,22 +86,22 @@
       <publishTime>10/28/2024 14:02:50</publishTime>
     </File>
     <File Include="bin/App_global.asax.compiled">
-      <publishTime>10/29/2025 16:22:27</publishTime>
+      <publishTime>10/30/2025 15:58:04</publishTime>
     </File>
     <File Include="bin/App_global.asax.dll">
-      <publishTime>10/29/2025 16:22:27</publishTime>
+      <publishTime>10/30/2025 15:58:04</publishTime>
     </File>
     <File Include="bin/Aspose.Words.dll">
       <publishTime>12/06/2024 20:13:58</publishTime>
     </File>
     <File Include="bin/BLL.dll">
-      <publishTime>10/29/2025 11:19:09</publishTime>
+      <publishTime>10/30/2025 15:57:39</publishTime>
     </File>
     <File Include="bin/BLL.dll.config">
       <publishTime>12/26/2024 09:46:52</publishTime>
     </File>
     <File Include="bin/BLL.pdb">
-      <publishTime>10/29/2025 11:19:09</publishTime>
+      <publishTime>10/30/2025 15:57:39</publishTime>
     </File>
     <File Include="bin/BouncyCastle.Crypto.dll">
       <publishTime>12/18/2020 05:32:28</publishTime>
@@ -389,13 +389,13 @@
       <publishTime>02/09/2013 00:42:28</publishTime>
     </File>
     <File Include="bin/WebAPI.dll">
-      <publishTime>10/29/2025 16:22:07</publishTime>
+      <publishTime>10/30/2025 15:57:43</publishTime>
     </File>
     <File Include="bin/WebAPI.pdb">
-      <publishTime>10/29/2025 16:22:07</publishTime>
+      <publishTime>10/30/2025 15:57:43</publishTime>
     </File>
     <File Include="bin/WebAPI.xml">
-      <publishTime>10/29/2025 16:22:07</publishTime>
+      <publishTime>10/30/2025 15:57:43</publishTime>
     </File>
     <File Include="bin/WebGrease.dll">
       <publishTime>01/23/2014 21:57:34</publishTime>
@@ -479,7 +479,7 @@
       <publishTime>10/28/2024 14:02:50</publishTime>
     </File>
     <File Include="PrecompiledApp.config">
-      <publishTime>10/29/2025 16:22:08</publishTime>
+      <publishTime>10/30/2025 15:57:45</publishTime>
     </File>
     <File Include="Scripts/bootstrap.js">
       <publishTime>10/28/2024 14:02:50</publishTime>