public bool Validate(string encodeJwt, JWTTokenOptions setting)
{
var success = true;
var jwtArr = encodeJwt.Split('.');
var header = JsonConvert.DeserializeObject <Dictionary <string, string> >(Base64UrlEncoder.Decode(jwtArr[0]));
var payLoad = JsonConvert.DeserializeObject <Dictionary <string, string> >(Base64UrlEncoder.Decode(jwtArr[1]));
byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]));
var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(setting.SecurityKey));
//首先验证签名是否正确(必须的)
//string encode = Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))));
string sign = jwtArr[2];
string path1 = Path.Combine(Directory.GetCurrentDirectory(), "key.public.json");
string publicKey = File.ReadAllText(path1);
var rsa = new RSAHelper(RSAType.RSA2, Encoding.UTF8, "", publicKey);
bool bOK = rsa.Verify("", publicKey);
//success = success && string.Equals(sign, decrypt);
if (!success)
{
return(success);//签名不正确直接返回
}
//其次验证是否在有效期内(也应该必须)
var now = ToUnixEpochDate(DateTime.UtcNow);
success = success && (now >= long.Parse(payLoad["nbf"].ToString()) && now < long.Parse(payLoad["exp"].ToString()));
return(success);
}
public string GetToken(string userName, string password)
{
bool success = ((userName == "user") && (password == "111"));
if (!success)
{
return("");
}
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
//创建用户身份标识
var claims = new Claim[]
{
new Claim(ClaimTypes.Sid, userName),
new Claim(ClaimTypes.Name, userName),
new Claim(ClaimTypes.Role, "user"),
};
//创建令牌
var token = new JwtSecurityToken(
issuer: jwtTokenOptions.Issuer,
audience: jwtTokenOptions.Audience,
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddDays(1),
signingCredentials: jwtTokenOptions.Credentials
);
string jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
return(jwtToken);
}
public IActionResult TokenCustomerValidateTest()
{
Dictionary <string, object> payLoad = new Dictionary <string, object>();
payLoad.Add("sub", "rober");
payLoad.Add("jti", Guid.NewGuid().ToString());
payLoad.Add("nbf", null);
payLoad.Add("exp", null);
payLoad.Add("iss", "roberIssuer");
payLoad.Add("aud", "roberAudience");
payLoad.Add("age", 30);
var encodeJwt = JWTTokenOptions.CreateToken(payLoad, 30);
var result = JWTTokenOptions.Validate(encodeJwt, (load) =>
{
var success = true;
//验证是否包含aud 并等于 roberAudience
success = success && load["aud"]?.ToString() == "roberAudience";
//验证age>20等
int.TryParse(load["age"].ToString(), out int age);
//Assert.IsTrue(age > 30);
//其他验证 jwt的标识 jti是否加入黑名单等
return(success);
});
//Assert.IsTrue(result);
return(Content(""));
}
public string GetToken(string UserName = "******")
{
JWTTokenOptions jwtModel = new JWTTokenOptions();
//下面代码自行封装
//var claims = new List<Claim>();
//claims.AddRange(new[]
//{
// new Claim("UserName", UserName),
// new Claim(JwtRegisteredClaimNames.Sub, UserName),
// new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
// new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.Now.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)
//});
//创建用户身份标识
var claims = new Claim[]
{
new Claim(ClaimTypes.Sid, UserName),
new Claim(ClaimTypes.Name, UserName),
new Claim(ClaimTypes.Role, "user"),
};
DateTime now = DateTime.UtcNow;
var jwtSecurityToken = new JwtSecurityToken(
issuer: jwtModel.Issuer,
audience: jwtModel.Audience,
claims: claims,
notBefore: now,
expires: DateTime.Now.AddDays(1),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtModel.SecurityKey)), SecurityAlgorithms.HmacSha256)
);
string token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
return(token);
}
public async Task <string> GetToken(string username)
{
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions(webApiConfig.JWTIssuer, webApiConfig.JWTAudience, webApiConfig.JWTSecurityKey, webApiConfig.JWTExpires);
//创建用户身份标识
var claims = new Claim[]
{
new Claim(ClaimTypes.Sid, username),
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.Role, "user"),
};
//创建令牌
var token = new JwtSecurityToken(
issuer: jwtTokenOptions.Issuer,
audience: jwtTokenOptions.Audience,
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddMinutes(webApiConfig.JWTExpires),
signingCredentials: jwtTokenOptions.Credentials
);
string jwtToken = await Task.Run(() => new JwtSecurityTokenHandler().WriteToken(token));
return(jwtToken);
}
/// <summary>
///
/// </summary>
/// <param name="services"></param>
/// <param name="_tokenOptions"></param>
private static void _AddJwt(IServiceCollection services, JWTTokenOptions _tokenOptions)
{
services.AddSingleton(_tokenOptions);
services.AddSingleton <IJWTFactory, JWTFactory>();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true
};
jwtOptions.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
context.Token = context.HttpContext.Request.Headers[_tokenOptions.TokenName];
return(Task.CompletedTask);
}
};
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
#region Filter
services.AddControllers(o =>
{
o.Filters.Add(typeof(CustomExceptionFilterAttribute));
o.Filters.Add(typeof(LogActionFilterAttribute));
});
#endregion
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "Zhaoxi.MSACommerce.UserMicroservice", Version = "v1"
});
});
#region 务注入
services.AddTransient <OrangeContext, OrangeContext>();
services.AddTransient <CacheClientDB, CacheClientDB>();
services.AddTransient <IUserService, UserService>();
#endregion
#region 配置文件注入
services.Configure <MySqlConnOptions>(this.Configuration.GetSection("MysqlConn"));
services.Configure <RedisConnOptions>(this.Configuration.GetSection("RedisConn"));
#endregion
#region jwt校验 HS
JWTTokenOptions tokenOptions = new JWTTokenOptions();
Configuration.Bind("JWTTokenOptions", tokenOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)//Scheme
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
//JWT有一些默认的属性,就是给鉴权时就可以筛选了
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateLifetime = false, //是否验证失效时间
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidAudience = tokenOptions.Audience, //
ValidIssuer = tokenOptions.Issuer, //Issuer,这两项和前面签发jwt的设置一致
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenOptions.SecurityKey))
};
});
#endregion
#region 跨域
//services.AddCors(options =>
//{
// options.AddPolicy("default", policy =>
// {
// policy.AllowAnyOrigin()
// .AllowAnyHeader()
// .AllowAnyMethod();
// });
//});
#endregion
}
public JWTTokenController(JWTTokenOptions tokenOptions
, JwtTokenHelper jwtTokenHelper
, IUserService userService)
{
this.tokenOptions = tokenOptions;
this.jwtTokenHelper = jwtTokenHelper;
this.userService = userService;
}
public JWTHSAuthorizeMiddleware(RequestDelegate next,
DBRouteValueDictionary routeDict,
MyConfig myConfig)
{
this._next = next;
this.routeDict = routeDict;
jWTTokenOptions = myConfig.JWTTokenOptions;
}
public TokenController(
JWTTokenOptions tokenOptions,
IUserClient _userClient,
IUserFunctionClient _userFunctionClient)
{
_tokenOptions = tokenOptions;
userClient = _userClient;
userFunctionClient = _userFunctionClient;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddTransient <ICustomJWTService, CustomHSJWTService>();
services.Configure <ConfigInformation>(Configuration.GetSection("ConfigInformation"));
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "authwebapi", Version = "v1"
});
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
{
Description = "在下框中输入请求头中需要添加Jwt授权Token:Bearer Token",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
BearerFormat = "JWT",
Scheme = "Bearer"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
}
});
});
#region jwt校验 HS
JWTTokenOptions tokenOptions = new JWTTokenOptions();
Configuration.Bind("JWTTokenOptions", tokenOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)//Scheme
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
//JWT有一些默认的属性,就是给鉴权时就可以筛选了
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateLifetime = true, //是否验证失效时间
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidAudience = tokenOptions.Audience, //
ValidIssuer = tokenOptions.Issuer, //Issuer,这两项和前面签发jwt的设置一致
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenOptions.SecurityKey)) //拿到SecurityKey
};
});
#endregion
}
public TokenProviderMiddleware(
RequestDelegate next,
IOptions <JWTTokenOptions> options,
IAuthenticationSchemeProvider schemes
)
{
_next = next;
_options = options.Value;
Schemes = schemes;
}
public int SaveAuthorize(string SecurityKey)
{
JWTTokenOptions jWTTokenOptions = new JWTTokenOptions();
jWTTokenOptions.Audience = myConfig.JWTTokenOptions.Audience;
jWTTokenOptions.Issuer = myConfig.JWTTokenOptions.Issuer;
jWTTokenOptions.SecurityKey = SecurityKey;
jsonFileHelper.Write <JWTTokenOptions>("JWTTokenOptions", jWTTokenOptions);
myConfig.JWTTokenOptions = jWTTokenOptions;
return(100);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
services.AddControllers();
// 注册Swagger服务
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "SSOServiceAPI", Version = "v1"
});
});
//注册数据库连接
services.AddScoped <DbContext, LeoGXGDBContext>();
string LeoGXGDB_base_connection = Configuration.GetConnectionString("LeoGXGDBContextReadDataBase");
services.AddDbContext <LeoGXGDBContext>(options => options.UseSqlServer(LeoGXGDB_base_connection));
//cookies
services.AddAuthentication("CookieAuthentication").AddCookie("CookieAuthentication", options =>
{
options.Cookie.Name = "myCookie"; //设置统一的Cookie名称
options.LoginPath = "/Home/Index";
options.Cookie.Domain = "localhost"; //设置Cookie的域为根域,这样所有子域都可以发现这个Cookie
options.ExpireTimeSpan = new TimeSpan(1, 0, 0); //默认14天
}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwtBearerOptions =>
{
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = jwtTokenOptions.Key,
ValidateIssuer = true,
ValidIssuer = jwtTokenOptions.Issuer,
ValidateAudience = true,
ValidAudience = jwtTokenOptions.Audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
});
//services.Configure<JwtConfig>(Configuration.GetSection("Authentication:JwtBearer"));
services.Configure <CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.None;
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public IServiceProvider ConfigureServices(IServiceCollection services)
{
// 从文件读取密钥
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, true, out RSAParameters keyParams) == false)
{
keyParams = RSAUtils.GenerateAndSaveKey(keyDir);
}
JWTTokenOptions _tokenOptions = new JWTTokenOptions();
_tokenOptions.Key = new RsaSecurityKey(keyParams);
_tokenOptions.Issuer = "EcpB2bIssuer"; // 签发者名称
_tokenOptions.Credentials = new SigningCredentials(_tokenOptions.Key, SecurityAlgorithms.RsaSha256Signature);
// 添加到 IoC 容器 有可能报错 改为不是单例
services.AddSingleton(_tokenOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true
};
});
services.AddDataProtection(options =>
{
options.ApplicationDiscriminator = "localhost";
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = "localhost";
options.Cookie.Name = ".AspNetCore.Cookies";
});
services.AddMvc();
return
(Util.AutofacIoc.AutofacHelp.AutofacProviderBuilderCore(
services,
ApplicationContainer,
new B2b.ClientRegisterModuleIoc.GrpcClientModule()
));
}
/// <summary>
/// 启用Jwt验证
/// </summary>
/// <param name="services"></param>
/// <param name="hosting"></param>
public static void AddJwt(this IServiceCollection services, IWebHostEnvironment hosting)
{
// 从文件读取密钥
string keyDir = hosting.ContentRootPath;
if (!EncryptorHelper.TryGetKeyParameters(keyDir, true, out RSAParameters keyParams))
{
keyParams = EncryptorHelper.GenerateRSAKeysAndSave(keyDir);
}
JWTTokenOptions _tokenOptions = new JWTTokenOptions();
_tokenOptions.Key = new RsaSecurityKey(keyParams);
_tokenOptions.Credentials = new SigningCredentials(_tokenOptions.Key, SecurityAlgorithms.RsaSha256Signature);
_AddJwt(services, _tokenOptions);
}
public static void ConfigureJwt(this IServiceCollection services, JWTTokenOptions tokenOptions)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(opt =>
{
opt.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
ValidAudience = tokenOptions.Audience,
ValidateIssuer = true,
ValidIssuer = tokenOptions.Issuer,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenOptions.SecurityKey)),
ClockSkew = TimeSpan.Zero,
};
});
}
public string Validate(string encodeJwt, JWTTokenOptions setting)
{
string msg = "";
try
{
var success = true;
var jwtArr = encodeJwt.Split('.');
var header = JsonConvert.DeserializeObject <Dictionary <string, string> >(Base64UrlEncoder.Decode(jwtArr[0]));
var payLoad = JsonConvert.DeserializeObject <Dictionary <string, string> >(Base64UrlEncoder.Decode(jwtArr[1]));
//首先验证签名是否正确(必须的)
var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(setting.SecurityKey));
byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]));
string encode = Base64UrlEncoder.Encode(hs256.ComputeHash(buffer));
string sign = jwtArr[2];
success = string.Equals(sign, encode);
if (!success)
{
msg = "签名不正确";
return(msg);//签名不正确直接返回
}
//其次验证是否在有效期内(也应该必须)
var now = ToUnixEpochDate(DateTime.UtcNow);
success = (now < long.Parse(payLoad["exp"].ToString()));
if (!success)
{
msg = "授权码不在有效期内";
return(msg);//签名不正确直接返回
}
}
catch (Exception ex)
{
msg = ex.Message;
}
return(msg);
}
public static void AddSiteRegisterJwt(this IServiceCollection services, string Issuer, string audience)
{
// 从文件读取密钥
JWTTokenOptions _tokenOptions = new JWTTokenOptions();
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, false, out RSAParameters keyparams) == false)
{
_tokenOptions.Key = default(RsaSecurityKey);
}
else
{
_tokenOptions.Key = new RsaSecurityKey(keyparams);
}
_tokenOptions.Issuer = Issuer; // 设置签发者
_tokenOptions.Audience = audience; // 设置签收者,也就是这个应用服务器的名称
_tokenOptions.Credentials = new SigningCredentials(_tokenOptions.Key, SecurityAlgorithms.RsaSha256Signature);
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
//.AddRequirements(new ValidJtiRequirement()) // 添加上面的验证要求
.Build());
});
// 注册验证要求的处理器,可通过这种方式对同一种要求添加多种验证
//services.AddSingleton<IAuthorizationHandler, ValidJtiHandler>();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true
};
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//认证失败,会自动跳转到这个地址
options.LoginPath = "/Home/Login";
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwtBearerOptions =>
{
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = jwtTokenOptions.Key,
ValidateIssuer = true,
ValidIssuer = jwtTokenOptions.Issuer,
ValidateAudience = true,
ValidAudience = jwtTokenOptions.Audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
});
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
//options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public string GetToken(string UserName = "******")
{
JWTTokenOptions jwtModel = new JWTTokenOptions();
//创建用户身份标识
var claims = new Claim[]
{
new Claim(ClaimTypes.Sid, UserName),
new Claim(ClaimTypes.Name, UserName),
new Claim(ClaimTypes.Role, "user"),
};
DateTime now = DateTime.UtcNow;
var jwtSecurityToken = new JwtSecurityToken(
issuer: jwtModel.Issuer,
audience: jwtModel.Audience,
claims: claims,
notBefore: now,
expires: DateTime.Now.AddDays(1),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtModel.SecurityKey)), SecurityAlgorithms.HmacSha256)
);
string token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
return(token);
}
public JWTHSService(MyConfig myConfig)
{
this.jwtTokenOptions = myConfig.JWTTokenOptions;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(c => c.AddPolicy("any", p => p.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin()));
services.AddControllers();
// 注入动态api
services.AddDynamicWebApi();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "Zhaoxi.AglieFramework.BBS", Version = "v1"
});
c.DocInclusionPredicate((docName, description) => true);
});
#region jwt校验 HS
JWTTokenOptions tokenOptions = new JWTTokenOptions();
Configuration.Bind("JWTTokenOptions", tokenOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) //Scheme
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
//JWT有一些默认的属性,就是给鉴权时就可以筛选了
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateLifetime = true, //是否验证失效时间
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidAudience = tokenOptions.Audience, //
ValidIssuer = tokenOptions.Issuer, //Issuer,这两项和前面签发jwt的设置一致
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenOptions.SecurityKey)), //拿到SecurityKey
};
});
//定义了一个权限策略
services.AddAuthorization(options =>
{
options.AddPolicy("LevelPolicy",
policyBuilder => policyBuilder.RequireAssertion(context =>
int.Parse(context.User.Claims.First(c => c.Type.Equals("UserLevel")).Value) >= 4//UserLevel属性大于3
));
});
#endregion
#region HS256
services.AddScoped <IJWTService, JWTHSService>();
services.Configure <JWTTokenOptions>(this.Configuration.GetSection("JWTTokenOptions"));
services.Configure <MySqlConnOptions>(this.Configuration.GetSection("MySqlConn"));
#endregion
#region MyRegion
services.AddScoped <IUserService, UserService>();
services.AddScoped <IPostsService, PostsService>();
services.AddScoped <IPostTypeService, PostTypeService>();
services.AddScoped <IReplyService, ReplyService>();
services.AddScoped <IDbService, DbService>();
#endregion
#region redis
services.Configure <RedisConnOptions>(this.Configuration.GetSection("RedisConn"));
// 依赖注入 这个地方不太好
services.AddScoped <CacheClientDB, CacheClientDB>();
services.Configure <MySqlConnOptions>(this.Configuration.GetSection("MySqlConn"));
services.AddSingleton <DBConnectFactory, DBConnectFactory>();
#endregion
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
this.logger.LogInformation("正在对服务进行配置...");
#region 跨域
var isTrueStr = configuration["HttpKYUrls:isTrue"];
var httpUrlStr = configuration["HttpKYUrls:urlStr"];
services.AddCors(options =>
{
options.AddPolicy("AllowSameDomainHttp", builder =>
{
if (isTrueStr.Equals("true") && !string.IsNullOrWhiteSpace(httpUrlStr))
{
this.logger.LogInformation("注册跨域请求,指定路由为:" + httpUrlStr);
builder.WithOrigins(httpUrlStr.Split(','))
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials(); //允许处理cookie
}
else
{
this.logger.LogInformation("注册跨域请求,允许所有主机访问");
builder.AllowAnyMethod()
.AllowAnyHeader()
.AllowAnyOrigin() //允许所有来源的主机访问
.AllowCredentials();
}
});
});
#endregion
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddOptions();
services.Configure <WebApiConfig>(configuration.GetSection("WebApiConfig"));
services.AddTransient <IEventStore>(serviceProvider =>
new DapperEventStore(connStr,
serviceProvider.GetRequiredService <ILogger <DapperEventStore> >()));
var eventHandlerExecutionContext = new EventHandlerExecutionContext(services,
sc => sc.BuildServiceProvider());
services.AddSingleton <IEventHandlerExecutionContext>(eventHandlerExecutionContext);
// services.AddSingleton<IEventBus, PassThroughEventBus>();
services.AddDbContext <WebApiDbContext>(options => options.UseSqlServer(connStr));
var connectionFactory = new ConnectionFactory {
HostName = "localhost"
};
services.AddSingleton <IEventBus>(sp => new RabbitMQEventBus(connectionFactory,
sp.GetRequiredService <ILogger <RabbitMQEventBus> >(),
sp.GetRequiredService <IEventHandlerExecutionContext>(),
RMQ_EXCHANGE,
queueName: RMQ_QUEUE));
#region 用户登录验证
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions(
configuration["WebApiConfig:JWTIssuer"],
configuration["WebApiConfig:JWTAudience"],
configuration["WebApiConfig:JWTSecurityKey"],
Convert.ToInt32(configuration["WebApiConfig:JWTExpires"])
);
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//认证失败,会自动跳转到这个地址
options.LoginPath = "/Home/Login";
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwtBearerOptions =>
{
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = jwtTokenOptions.Key,
ValidateIssuer = true,
ValidIssuer = jwtTokenOptions.Issuer,
ValidateAudience = true,
ValidAudience = jwtTokenOptions.Audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(Convert.ToInt32(configuration["WebApiConfig:JWTClockSkew"]))
};
});
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
//options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
#endregion
this.logger.LogInformation("服务配置完成,已注册到IoC容器!");
}
public TokenController(JWTTokenOptions tokenOptions, AuthDbContext dbContext)
{
_tokenOptions = tokenOptions;
_dbContext = dbContext;
}
public JWTRSService(MyConfig myConfig)
{
this._JWTTokenOptions = myConfig.JWTTokenOptions;
}
//private readonly ILogger _logger;
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
/*
* ********************RateLimit***********************
*/
// needed to load configuration from appsettings.json
services.AddOptions();
// needed to store rate limit counters and ip rules
services.AddMemoryCache();
//load general configuration from appsettings.json
services.Configure <IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting"));
//load ip rules from appsettings.json
services.Configure <IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
// inject counter and rules stores
services.AddSingleton <IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton <IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
services.Configure <RedisSetting>(Configuration);
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.Secure = CookieSecurePolicy.None;
});
//HealthyChecks
//具体信息参照源码 https://github.com/xabaril/AspNetCore.Diagnostics.HealthChecks
//services.AddHealthChecks()
// .AddMySql(Configuration.GetConnectionString("DefaultConnection"))
// .AddRedis(Configuration.GetConnectionString("RedisConnection")
//);
//services.AddHealthChecksUI();
//mysql
//多个数据库上下文可以使用池减少开销,略微增加性能
services.AddDbContext <BaseEduContext>(options =>
options.UseLazyLoadingProxies().UseMySql(
Configuration.GetConnectionString("DefaultConnection"),
//弹性连接,命令超时
mySqlOptions => mySqlOptions.EnableRetryOnFailure().CommandTimeout(3)));
//PostGre
//services.AddDbContextPool<BaseEduContext>(options =>
// options.UseLazyLoadingProxies().UseNpgsql(
// Configuration.GetConnectionString("PostGreSQLConnection"),
// //弹性连接,命令超时
// mySqlOptions => mySqlOptions.EnableRetryOnFailure().CommandTimeout(3)));
//
services.AddTransient(typeof(IAsyncRepository <>), typeof(SugarRepository <>));
services.AddTransient(typeof(IRepository <>), typeof(SugarRepository <>));
services.AddScoped <IAccount, Account>();
services.AddScoped <IRabbitMQDealJanus, RabbitMQDealJanus>();
services.AddSingleton <IEsClientProvider, EsClientProvider>();
services.AddMediatR(typeof(PingHandler).Assembly,
typeof(Pong1).Assembly, typeof(Pong2).Assembly);
//services.AddSingleton<RpcClient>();
services.AddSingleton <ConnectionMultiplexer>(sp =>
{
var settings = sp.GetRequiredService <IOptions <RedisSetting> >().Value;
//也可以直接使用Configuration获取redis连接信息
var configuration = ConfigurationOptions.Parse(settings.RedisConnectionString, true);
configuration.ResolveDns = true;
return(ConnectionMultiplexer.Connect(configuration));
});
//services.AddHostedService<TimedHostedService>();
//services.AddHostedService<RabbitHostedService>();
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(x =>
{
x.LoginPath = new PathString("/Account/Login");
x.ExpireTimeSpan = new TimeSpan(0, 0, 30, 0, 0);
//x.CookieSecure = CookieSecurePolicy.None;
x.Cookie.SecurePolicy = CookieSecurePolicy.None;
//x.AccessDeniedPath = "";
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
//颁发机构
ValidIssuer = "https://localhost:44343/",
//颁发给谁
ValidAudience = "api",
//签名秘钥
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Consts.Secret))
};
});
//
services.AddControllersWithViews(options =>
{
//options.RespectBrowserAcceptHeader = true; // false by default
//options.OutputFormatters.Add(new XmlSerializerOutputFormatter());
//options.OutputFormatters.Add(new XmlDataContractSerializerOutputFormatter());
options.Filters.Add(typeof(HttpGlobalExceptionFilter));
options.Filters.Add(typeof(ValidateModelStateFilter));
})
//忽略循环引用
//.AddJsonOptions(options => options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore)
.SetCompatibilityVersion(CompatibilityVersion.Latest);
// Register the Swagger generator, defining 1 or more Swagger documents
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "My API", Version = "v1"
});
// Set the comments path for the Swagger JSON and UI.
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
//services.AddSwaggerGenNewtonsoftSupport();
services.AddCors(options =>
{
options.AddPolicy("janus", p => p.AllowAnyOrigin());
});
// https://github.com/aspnet/Hosting/issues/793
// the IHttpContextAccessor service is not registered by default.
// the clientId/clientIp resolvers use it.
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
// configuration (resolvers, counter key builders)
services.AddSingleton <IRateLimitConfiguration, RateLimitConfiguration>();
services.AddSignalR();
//使用autofac替换容器后,启动速度会慢很多。
services.AddOptions();
//var container = new ContainerBuilder();
//container.Populate(services);
////向容器注入服务示例
////container.RegisterType<Account>().AsSelf().As<IAccount>().InstancePerLifetimeScope();
////container.RegisterGeneric(typeof(SugarRepository<>)).As(typeof(IRepository<>));
//return new AutofacServiceProvider(container.Build());
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddSession();
services.AddCors(
option => option.AddPolicy("cors",
policy => policy.AllowAnyHeader().AllowAnyMethod().AllowCredentials()
//地址最后不要加斜杠“/”(((φ(◎ロ◎;)φ)))
.WithOrigins(Configuration.GetSection("SiteSetting:CorsOrigin").Get <string[]>())));
//services.AddControllersWithViews().AddControllersAsServices()
// .AddRazorRuntimeCompilation();
services.AddCustomMvc();
services.Configure <FileManagerOptions>(options => Configuration.GetSection("FileOptions").Bind(options));
services.AddAutoMapper(
configAction =>
{
configAction.AddAutoMaperConfig(typeof(UserDto).Assembly, typeof(PluginInfoDto).Assembly);
},
new Assembly[] { });
services.AddEFCore(Configuration, option =>
{
switch (option.FactoryName)
{
case "sfdb":
{
option.EntityAssemblies.Add(typeof(User).Assembly);
option.EntityAssemblies.Add(typeof(PluginInfo).Assembly);
break;
}
}
});
#if DEBUG
//services.AddServices(new Assembly[] { typeof(Docker.Crawler.CrawlerOptions).Assembly });
#endif
services.AddServices(new Assembly[] { typeof(UserService).Assembly });
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
services.AddSingleton <JWTTokenOptions>(provider => jwtTokenOptions);
//cookies登陆
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
o.Cookie.Name = "qystack.top";
o.Cookie.HttpOnly = false;
//o.LoginPath = new PathString("/Home/Index");
//o.LogoutPath = new PathString("/Account/Login");
//开启跨域cookie
o.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
// 是否验证颁发者
ValidateIssuer = true,
// 是否验证访问群体
ValidateAudience = true,
// 是否验证生存期
ValidateLifetime = true,
// 验证Token的时间偏移量
ClockSkew = TimeSpan.FromSeconds(30),
// 是否验证安全密钥
ValidateIssuerSigningKey = true,
// 访问群体
ValidAudience = jwtTokenOptions.Audience,
// 颁发者
ValidIssuer = jwtTokenOptions.Issuer,
// 安全密钥
IssuerSigningKey = jwtTokenOptions.Key,
};
});
//.AddQQ(options =>
//{
// options.ClientId = Configuration["OAuths:QQ:ClientId"];
// options.ClientSecret = Configuration["OAuths:QQ:ClientSecret"];
//});
services.AddCache(config => config.UseInMemory());;
services.AddScoped <IEnviromentContext, EnviromentContext>();
services.AddAutoMigration(options =>
{
options.MigrationPath = Path.Combine("app_data", "Migrations");
options.BackupBasePath = Path.Combine("app_data", "MigrationsBackup");
#if DEBUG
options.PgDumpPath = @"E:\Program Files\PostgreSQL\10\bin";
#endif
});
services.AddSearchEngine(new LuceneIndexerOptions()
{
Path = Path.Combine("app_data", "lucene_index")
});
services.AddSingleton <HtmlEncoder>(
HtmlEncoder.Create(allowedRanges: new[] {
UnicodeRanges.All
}));
services.ConfigureDynamicProxy(
config => config.AddInterceptor(Configuration)
);
services.PluginSetup(Configuration);
services.AddHangFire(Configuration);
services.AddCapWithRabbitMQ(Configuration, options => { options.UseDashboard(); });
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddIpRateLimitings(Configuration);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton(new Appsettings(Configuration));
services.AddSingleton <BlogActionFilter>();
services.AddScoped(typeof(IUser), typeof(UserDal));
services.AddSingleton(typeof(ILog), typeof(LogDal));
services.AddControllers(option =>
{
option.Filters.Add <BlogExceptionFilter>();
})
.AddNewtonsoftJson(options =>
{
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); //使用驼峰
options.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Local;
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; //设置时间格式
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; //忽略循环引用
//options.SerializerSettings.Converters.Add(new UnixTimeStampConverter());
});
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
#region 跨域
services.AddCors(options =>
{
options.AddPolicy("any", builder =>
{
builder.WithOrigins("*");
});
});
#endregion
#region JWTToken
JWTTokenOptions jwtTokenOptions = new JWTTokenOptions();
services.Configure <JWTTokenOptions>(this.Configuration.GetSection("JWTToken"));
jwtTokenOptions = this.Configuration.GetSection("JWTToken").Get <JWTTokenOptions>();
//configuration.Bind("JWTToken", jwtTokenOptions);
services.AddSingleton <JWTTokenOptions>(jwtTokenOptions);
services.AddAuthentication(option =>
{
//认证middleware配置
option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
//获取或设置要使用的Microsoft.IdentityModel.Tokens.SecurityKey用于签名验证
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtTokenOptions.Secret)),
//获取或设置一个string,它表示将使用的有效发行者检查代币的发行者
ValidIssuer = jwtTokenOptions.Issuer,
//获取或设置一个字符串,该字符串表示将用于检查的有效受众反对令牌的观众
ValidAudience = jwtTokenOptions.Audience,
ValidateIssuer = false,
ValidateAudience = false,
//允许的服务器时间偏移量
ClockSkew = TimeSpan.Zero,
//是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
#endregion
#region Swagger
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("V1", new OpenApiInfo
{
Version = "V1",
Title = "BlogManagement API Doc-V1",
Description = "BlogManagement API接口文档-V1版",
Contact = new OpenApiContact {
Name = "BlogSystem", Email = "*****@*****.**"
},
});
options.OrderActionsBy(x => x.RelativePath);
options.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "BlogManagement.xml"));
options.OperationFilter <AddResponseHeadersFilter>();
options.OperationFilter <AppendAuthorizeToSummaryOperationFilter>();
options.OperationFilter <SecurityRequirementsOperationFilter>();
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme()
{
Description = "在下框中输入请求头中需要添加Jwt授权Token:Bearer Token",
Name = "Authorization",
In = ParameterLocation.Header,
Scheme = "bearer",
Type = SecuritySchemeType.ApiKey,
BearerFormat = "JWT"
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference()
{
Id = "Bearer", Type = ReferenceType.SecurityScheme
}
},
Array.Empty <string>()
}
});
});
#endregion
}
public LoginController(JWTTokenOptions jwtTokenOptions, IUser user)
{
this._jwtTokenOptions = jwtTokenOptions;
this._user = user;
}
