public static string GetToken(TokenModelJwt user)
{
var _jwtSetting = ServerJwtSetting.GetJwtSetting();
// 创建用户身份标识
var claims = new Claim[]
{
new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Id, user.Uid.ToString(), ClaimValueTypes.Integer32),
new Claim(JwtClaimTypes.Name, user.Name, ClaimValueTypes.String),
new Claim(JwtClaimTypes.Role, user.Role?.ToString(), ClaimValueTypes.Integer32)
};
// 创建令牌
var token = new JwtSecurityToken(
issuer: _jwtSetting.Issuer,
audience: _jwtSetting.Audience,
signingCredentials: _jwtSetting.Credentials,
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddSeconds(_jwtSetting.ExpireSeconds)
);
string jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
return(jwtToken);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.AddGrpc();
services.AddSingleton(new Appsettings());
services.AddScoped <ICache, MemoryCaching>();
services.AddScoped <IUser, AspNetUser>();
services.AddSingleton <TemplateConfig>();
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <IMemoryCache>(factory =>
{
var cache = new MemoryCache(new MemoryCacheOptions());
return(cache);
});
services.AddScoped <SqlSugar.ISqlSugarClient>(p => DBClientManage.GetSqlSugarClient());
services.AddSingleton <QuartzServicesClient>(p =>
{
Channel _channel = new Channel(Appsettings.app(new string[] { "AppSettings", "gRPCClient", "ConnectionString" }), ChannelCredentials.Insecure);
return(new QuartzServicesClient(_channel));
});
services.AddSignalR();
services.AddScoped <ICodeContext, CodeContext>();
services.AddAutoMapperSetup();
services.AddWebSocketManager();
services.AddQuartzManager();
var jwtSetting = ServerJwtSetting.GetJwtSetting();
// 角色与接口的权限要求参数
var permissionRequirement = new PermissionRequirement(
"/api/error", // 拒绝授权的跳转地址(目前无用)
new List <PermissionItemView>(),
ClaimTypes.Role, //基于角色的授权
jwtSetting.Issuer, //发行人
jwtSetting.Audience, //听众
jwtSetting.Credentials, //签名凭据
expiration: TimeSpan.FromSeconds(60 * 60) //接口的过期时间
);
services.AddAuthorization(options =>
{
options.AddPolicy("public", policy => policy.RequireRole("public").Build());
});
// 3、复杂的策略授权
services.AddAuthorization(options =>
{
options.AddPolicy(Permissions.Name,
policy => policy.Requirements.Add(permissionRequirement));
});
// 注入权限处理器
services.AddScoped <IAuthorizationHandler, PermissionHandler>();
services.AddSingleton(permissionRequirement);
services.AddAuthentication(o =>
{
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = nameof(ApiResponseHandler);
o.DefaultForbidScheme = nameof(ApiResponseHandler);
})
.AddJwtBearer(options =>
{
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = jwtSetting.Issuer,
ValidAudience = jwtSetting.Audience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSetting.SecurityKey)),
ClockSkew = TimeSpan.Zero
};
})
.AddScheme <AuthenticationSchemeOptions, ApiResponseHandler>(nameof(ApiResponseHandler), o => { });
services.AddSwaggerGen(option =>
{
option.SwaggerDoc("BlogVue", new OpenApiInfo
{
Version = "v1",
Title = "Framework.Core API",
Description = "API for Framework.Core",
});
// 开启加权小锁
option.OperationFilter <AddResponseHeadersFilter>();
option.OperationFilter <AppendAuthorizeToSummaryOperationFilter>();
// 在header中添加token,传递到后台
option.OperationFilter <SecurityRequirementsOperationFilter>();
// 必须是 oauth2
option.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Description = "JWT授权在下框中输入 Bearer Token值(注意两者之间是一个空格)",
Name = "Authorization", //jwt默认的参数名称
In = ParameterLocation.Header, //jwt默认存放Authorization信息的位置(请求头中)
Type = SecuritySchemeType.ApiKey
});
//// 配置apixml名称
option.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, $"{typeof(Startup).Assembly.GetName().Name}.xml"), true);
});
services.AddControllers(o =>
{
// 全局异常过滤
//o.Filters.Add(typeof(GlobalExceptionsFilter));
});
//去除Json序列化DateTime类型 T字符
services.AddControllers().AddJsonOptions(configure =>
{
configure.JsonSerializerOptions.Converters.Add(new DatetimeJsonConverter());
});
//DBStartup.SeedAsync().Wait();
}
