public async Task <PaginationResult <PermissionSummary> > GetPermissionsAsync(PermissionOptions options)
{
var itemCount = await _permissionRepository.GetCountAsync();
var result = new PaginationResult <PermissionSummary>(options, itemCount);
if (itemCount == 0)
{
return(result);
}
var permissions = await _permissionRepository.GetPermissionsAsync(result.Offset, result.Limit);
result.Items = permissions
.Select(x => new PermissionSummary
{
Id = x.Id,
Code = x.Code,
Name = x.Name,
IsEnabled = x.IsEnabled,
})
.ToList();
return(result);
}
public MainSettingsSection(IWebDriver driver, Navigator navigator)
: base(driver, navigator)
{
AddSection = new PermissionOptions(driver, navigator, "add");
EditSection = new PermissionOptions(driver, navigator, "edit");
DeleteSection = new PermissionOptions(driver, navigator, "delete");
}
public static IServiceCollection AddPermission(this IServiceCollection services, Action <PermissionOptions> optionAction)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
if (optionAction == null)
{
throw new ArgumentNullException(nameof(optionAction));
}
var options = new PermissionOptions();
optionAction.Invoke(options);
foreach (var extension in options.Extensions)
{
extension.AddServices(services);
}
services.AddScoped <IPermissionHandler, DefaultPermissionHandler>();
services.AddSingleton <IPermissionRoleProvider, DefaultPermissionRoleProvider>();
services.AddMemoryCache();
services.AddHostedService <PermissionBackgroundService>();
return(services);
}
public override async Task <PaginatePermissionsResponse> PaginatePermissions(PaginatePermissionsRequest request, ServerCallContext context)
{
var options = new PermissionOptions
{
PageIndex = request.PageIndex,
PageSize = request.PageSize,
};
var permissions = await _authorizationApp.GetPermissionsAsync(options);
var items = permissions.Items.Select(x => new PaginatePermissionsResponse.Types.Permission
{
Id = x.Id,
Code = x.Code,
Name = x.Name,
IsEnabled = x.IsEnabled,
});
var result = new PaginatePermissionsResponse
{
PageIndex = permissions.PageIndex,
PageSize = permissions.PageSize,
ItemCount = permissions.ItemCount,
};
result.Items.AddRange(items);
return(result);
}
/// <summary>
/// 加载权限配置
/// </summary>
/// <param name="options">Identity配置</param>
/// <param name="permissionOptions">权限配置</param>
public static void Load(this IdentityOptions options, PermissionOptions permissionOptions)
{
if (options == null || permissionOptions == null)
{
return;
}
LoadPassword(options, permissionOptions);
LoadUser(options, permissionOptions);
}
/// <summary>
/// 加载密码配置
/// </summary>
private static void LoadPassword(IdentityOptions options, PermissionOptions permissionOptions)
{
options.Password.RequiredLength = permissionOptions.Password.MinLength;
options.Password.RequireNonAlphanumeric = permissionOptions.Password.NonAlphanumeric;
options.Password.RequireUppercase = permissionOptions.Password.Uppercase;
options.Password.RequireLowercase = false;
options.Password.RequireDigit = permissionOptions.Password.Digit;
options.Password.RequiredUniqueChars = permissionOptions.Password.UniqueChars;
}
public PermissionDefinitionManager(
IOptions <PermissionOptions> options,
IServiceProvider serviceProvider)
{
Options = options.Value;
_serviceProvider = serviceProvider;
_lazyPermissionDefinitions = new Lazy <Dictionary <string, PermissionDefinition> >(CreatePermissionDefinitions, true);
_lazyPermissionGroupDefinitions = new Lazy <Dictionary <string, PermissionGroupDefinition> >(CreatePermissionGroupDefinitions, true);
}
public AuthorizationHelper(IAuthorizationService authorizationService, IUsersApiClient usersClient, ILogger logger, IOptions <PermissionOptions> permissionOptions)
{
Guard.ArgumentNotNull(authorizationService, nameof(authorizationService));
Guard.ArgumentNotNull(usersClient, nameof(usersClient));
Guard.ArgumentNotNull(logger, nameof(logger));
Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions));
_authorizationService = authorizationService;
_usersClient = usersClient;
_logger = logger;
_permissionOptions = permissionOptions.Value;
}
public PermissionChecker(
IOptions <PermissionOptions> options,
IServiceProvider serviceProvider,
ICurrentPrincipalAccessor principalAccessor,
IPermissionDefinitionManager permissionDefinitionManager)
{
PrincipalAccessor = principalAccessor;
PermissionDefinitionManager = permissionDefinitionManager;
Options = options.Value;
_lazyProviders = new Lazy <List <IPermissionValueProvider> >(() => Options.ValueProviders
.Select(c => serviceProvider.GetRequiredService(c) as IPermissionValueProvider)
.ToList(), true);
}
/// <summary>
/// 添加权限服务
/// </summary>
/// <param name="services">服务集合</param>
/// <param name="setupAction">配置操作</param>
public static IServiceCollection AddPermission(this IServiceCollection services, Action <PermissionOptions> setupAction = null)
{
var permissionOptions = new PermissionOptions();
setupAction?.Invoke(permissionOptions);
services.AddScoped <IdentityUserManager>();
services.AddScoped <IdentitySignInManager>();
services.AddIdentity <User, Role>(options => options.Load(permissionOptions))
.AddUserStore <UserRepository>()
.AddRoleStore <RoleRepository>()
.AddDefaultTokenProviders();
services.AddScoped <IdentityErrorDescriber, IdentityErrorChineseDescriber>();
services.AddLogging();
return(services);
}
public PermissionManager(
IServiceProvider provider,
ICacheClient cache,
IDiscordClient client,
ILogger <PermissionManager> logger,
IOptions <PermissionOptions> options,
ICommandManager commandManager)
{
_provider = provider;
_cache = cache;
_client = client;
_logger = logger;
_options = options.Value;
Permissions = commandManager.Commands.Select(c => c.Permission).Distinct().ToList();
_defaultPermissions = commandManager.Commands
.GroupBy(c => c.PermissionGroup)
.ToDictionary(
g => g.Key,
g => g.Select(c => new Permission(c.Permission, true)).Cast <IPermission>().ToList()
);
}
/// <summary>
/// 加载存储配置
/// </summary>
/// <param name="options">Identity配置</param>
/// <param name="permissionOptions">权限配置</param>
private static void LoadStore(IdentityOptions options, PermissionOptions permissionOptions)
{
options.Stores.MaxLengthForKeys = permissionOptions.Store.MaxLengthForKeys;
options.Stores.ProtectPersonalData = permissionOptions.Store.ProtectPersonalData;
}
/// <summary>
/// 加载存储配置
/// </summary>
private static void LoadStore(IdentityOptions options, PermissionOptions permissionOptions)
{
options.Stores.MaxLengthForKeys = permissionOptions.Store.MaxLengthForKeys;
}
/// <summary>
/// 加载用户配置
/// </summary>
private static void LoadUser(IdentityOptions options, PermissionOptions permissionOptions)
{
options.User.AllowedUserNameCharacters = permissionOptions.User.UserNameCharacters;
options.User.RequireUniqueEmail = permissionOptions.User.UniqueEmail;
}
public static PermissionOptions AddPostgreSql(this PermissionOptions options, Action <PermissionPostgreSqlOptions> actionOptions)
{
options.AddExtensions(new PostgreSqlOptionsExtensions(actionOptions));
return(options);
}
public DefaultPermission(IPermissionStore permissionStore, IOptionsMonitor <PermissionOptions> permissionOptions) : base(permissionStore)
{
PermissionOptions = permissionOptions.CurrentValue ?? new PermissionOptions();
}
/// <summary>
/// 加载登录锁定配置
/// </summary>
private static void LoadLockout(IdentityOptions options, PermissionOptions permissionOptions)
{
options.Lockout.AllowedForNewUsers = permissionOptions.Lockout.AllowedForNewUsers;
options.Lockout.DefaultLockoutTimeSpan = permissionOptions.Lockout.LockoutTimeSpan;
options.Lockout.MaxFailedAccessAttempts = permissionOptions.Lockout.MaxFailedAccessAttempts;
}
/// <summary>
/// 加载登录配置
/// </summary>
private static void LoadSignIn(IdentityOptions options, PermissionOptions permissionOptions)
{
options.SignIn.RequireConfirmedEmail = permissionOptions.SignIn.ConfirmedEmail;
options.SignIn.RequireConfirmedPhoneNumber = permissionOptions.SignIn.ConfirmedPhoneNumber;
}
public Token(IMemoryCache cache, IOptionsMonitor <PermissionOptions> optionsMonitor)
{
_cache = cache;
_options = optionsMonitor?.CurrentValue ?? new PermissionOptions();
}
/// <summary>
/// 权限控制核心,即必须的配置
/// </summary>
/// <param name="services"></param>
/// <param name="action"></param>
public static void AddCorePermission(this IServiceCollection services, Action <PermissionOptions> action)
{
services.AddSingleton <IToken, Token>();
#region 身份验证
var permissionOption = new PermissionOptions();
action(permissionOption);
//addAuthentication不放到AddPermissionCore方法里,是为了外部可自己配置
// 当未通过authenticate时(如无token或是token出错时),会返回401,当通过了authenticate但没通过authorize时,会返回403。
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(
CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//下面的委托方法只会在第一次cookie验证时调用,调用时会用到上面的permissionOption变量,但其实permissionOption变量是在以前已经初始化的,所以在此方法调用之前,permissionOption变量不会被释放
options.Cookie.Name = "auth";
options.AccessDeniedPath = permissionOption.AccessDeniedPath; // 当403时,返回到无授权界面
options.LoginPath = permissionOption.LoginPath; // 当401时,返回到登录界面,会自动在url后加上returnUrl=xxx
options.ExpireTimeSpan = permissionOption.ExpireTimeSpan != default ? permissionOption.ExpireTimeSpan : new TimeSpan(12, 0, 0);
options.ForwardDefaultSelector = context =>
{
string authorization = context.Request.Headers["Authorization"];
//身份验证的顺序为jwt、cookie
if (authorization != null && authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
return(JwtBearerDefaults.AuthenticationScheme);
}
else
{
return(CookieAuthenticationDefaults.AuthenticationScheme);
}
};
var cookieAuthenticationEvents = new CookieAuthenticationEvents
{
OnSignedIn = context =>
{
return(Task.CompletedTask);
},
OnSigningOut = context =>
{
return(Task.CompletedTask);
}
};
options.Events = cookieAuthenticationEvents;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
// jwt可用对称和非对称算法进行验签
SecurityKey key;
if (permissionOption.IsAsymmetric)
{
key = new RsaSecurityKey(RSAHelper.GetRSAParametersFromFromPublicPem(permissionOption.RsaPublicKey));
}
else
{
key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(permissionOption.SymmetricSecurityKey));
}
options.TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = PermissionConstant.userIdClaim,
RoleClaimType = PermissionConstant.roleIdsClaim,
ValidIssuer = permissionOption.Issuer,
ValidAudience = permissionOption.Audience,
IssuerSigningKey = key,
ValidateIssuer = false,
ValidateAudience = false
};
var jwtBearerEvents = new JwtBearerEvents
{
OnMessageReceived = context =>
{
return(Task.CompletedTask);
},
OnTokenValidated = context =>
{
return(Task.CompletedTask);
},
OnAuthenticationFailed = context =>
{
return(Task.CompletedTask);
}
};
options.Events = jwtBearerEvents;
});
#endregion
#region 授权
//权限控制只要在配置IServiceCollection,不需要额外配置app管道
//权限控制参考:https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2
//handler和requirement有几种关系:1 handler对多requirement(此时handler实现IAuthorizationHandler);1对1(实现AuthorizationHandler<PermissionRequirement>),和多对1
//所有的handler都要注入到services,用services.AddSingleton<IAuthorizationHandler, xxxHandler>(),而哪个requirement用哪个handler,低层会自动匹配。最后将requirement对到policy里即可
services.AddAuthorization(options =>
{
// 增加鉴权策略,并告知这个策略要判断用户是否获得了PermissionRequirement这个Requirement
options.AddPolicy(PermissionConstant.PermissionAuthorizePolicy, policyBuilder =>
{
policyBuilder.AddRequirements(new PermissionRequirement());
});
//options.AddPolicy(PermissionConstant.OnlyAuthenticationPolicy, policyBuilder =>
// {
// policyBuilder.AddRequirements(new OnlyAuthenticationRequirement());
// });
});
services.AddScoped <IAuthorizationHandler, PermissionRequirementHandler>();
services.AddMemoryCache();
services.TryAddScoped <IApplicationContext, ApplicationContext>();
services.AddHttpContextAccessor();
services.Configure(action);
#endregion
}
public static PermissionOptions AddInMemory(this PermissionOptions options)
{
options.AddExtensions(new InMemoryOptionsExtensions());
return(options);
}
