// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
bool enable = Configuration.GetSection("Redis:Enabled").Get <bool>();
if (enable)
{
}
Console.WriteLine();
#region swagger
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo()
{
Title = "MiMall API",
Version = "v1",
Description = "框架说明文档",
Contact = new Microsoft.OpenApi.Models.OpenApiContact()
{
Email = "*****@*****.**",
Name = "MiMall",
Url = new Uri("https://www.cnblogs.com/licm/")
}
});
//xml注释文档
string basePath = Directory.GetCurrentDirectory();
string fileName = Assembly.GetExecutingAssembly().GetName().Name;
string xmlPath = Path.Combine(basePath, fileName + ".xml");
options.IncludeXmlComments(xmlPath, true);
//model xml注释文档
string modelPath = basePath.Substring(0, basePath.LastIndexOf(fileName));
string xmlModelPath = Path.Combine(basePath, "MiMall.Model.xml");
options.IncludeXmlComments(xmlModelPath);
//jwt 接口权限认证
//添加安全定义
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
{
Description = "在下框中输入请求头中需要添加Jwt授权Token:Bearer Token", //提示信息描述
Name = "Authorization", //键名称
In = ParameterLocation.Header, //参数定义为头部请求参数
Type = SecuritySchemeType.ApiKey, //参数类型为apikey
BearerFormat = "JWT", //持票人格式为jwt
Scheme = "Bearer" //验证体系为Bearer
});
//添加安全需求
options.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme()
{
Reference = new OpenApiReference()
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
}, new string[] { }
}
});
});
#endregion
#region Authentication && JWT
JwtAuthModel model = Configuration.GetSection("JwtAuthModel").Get <JwtAuthModel>();
services.AddAuthentication("Bearer")
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = model.Issuer,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(model.SigningKey)),
ValidateAudience = true,
ValidAudience = model.Audience,
RequireExpirationTime = true, //是否验证过期时间
ValidateLifetime = true, //是否验证过期时间
ClockSkew = TimeSpan.Zero ////这个是缓冲过期时间,也就是说,即使我们配置了过期时间,这里也要考虑进去,过期时间+缓冲,默认好像是7分钟,你可以直接设置为0
};
//自定义Token获取方式
options.Events = new Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents()
{
OnMessageReceived = context =>
{
//接收到请求消息后调用 (在Url中添加access_token=[token])
context.Token = context.Request.Cookies["access_token"];
return(Task.CompletedTask);
},
OnTokenValidated = context =>
{
//在token验证成功后调用
return(Task.CompletedTask);
},
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("act", "expired");
}
//在token验证失败后调用
return(Task.CompletedTask);
},
OnChallenge = context =>
{
//未授权时调用
return(Task.CompletedTask);
},
OnForbidden = context =>
{
//被禁止时调用
return(Task.CompletedTask);
}
};
}); //.AddCookie();
#endregion
#region Authorization
services.AddAuthorization(options =>
{
options.AddPolicy("Client", policy => policy.RequireRole("Client").Build());
//或
options.AddPolicy("SystemOrAdmin", policy => policy.RequireRole("System", "Admin").Build());
options.AddPolicy("everyone", policy => policy.RequireRole("System", "Admin", "Client", "Partner").Build());
//并
options.AddPolicy("SystemAndAdmin", policy => policy.RequireRole("System")
.RequireRole("Admin").Build());
});
#endregion
#region Cors
services.AddCors(options =>
{
//允许所有源,头文件、方法访问
options.AddPolicy("any", policy =>
{
policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
});
});
#endregion
}
public TModel <dynamic> Login(string username, string password)
{
var user = _usersService.FirstOrDefault(u => u.UserName == username && u.Userpwd == password).Result;
if (user == null)
{
return(new TModel <dynamic>()
{
status = 20,
message = "用户名或密码错误",
Data = user
});
}
else
{
string reoleNmae = _userRoleService.Find(user.RoleId).Result.RoleName;
//声明参数
Claim[] claims =
{
new Claim(JwtRegisteredClaimNames.AuthTime, DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss fff")),
new Claim(JwtRegisteredClaimNames.Sub, user.UserId.ToString()),
new Claim(ClaimTypes.Role, reoleNmae)
};
//读取配置文件
JwtAuthModel model = _configuration.GetSection("JwtAuthModel").Get <JwtAuthModel>();
//创建token对象
JwtSecurityToken token = new JwtSecurityToken(
issuer: model.Issuer, //发行人
audience: model.Audience, //订阅人
claims: claims, //声明参数
expires: DateTime.Now.AddSeconds(model.AccessExpiration), //过期时间
signingCredentials: new SigningCredentials(
new SymmetricSecurityKey(Encoding.ASCII.GetBytes(model.SigningKey)), //密钥
SecurityAlgorithms.HmacSha256) //加密方式
);
//生成token字符串
string jwtString = new JwtSecurityTokenHandler().WriteToken(token);
//获取刷新token
string refTokens = GenerateRefreshToken();
//写入cookie
Response.Cookies.Append("access_token", jwtString, new CookieOptions()
{
Expires = DateTime.Now.AddMinutes(30)
});//访问token
Response.Cookies.Append("refresh_token", refTokens, new CookieOptions()
{
Expires = DateTime.Now.AddDays(7) //过期时间 7天
}); //刷新token
//获取token
string cookie = Request.Cookies["access_token"];
return(new TModel <dynamic>()
{
status = 0,
message = "success",
Data = new
{
user
//,jwtString
}
});
}
}
