/// <summary>获取登录回跳地址</summary>
/// <param name="logId"></param>
/// <returns></returns>
public virtual String GetLoginUrl(String logId)
{
var url = LoginUrl;
var log = AppLog.FindByID(logId.ToLong());
if (log != null)
{
url += url.Contains("?") ? "&" : "?";
url += $"ssoAppId={log.AppId}";
}
return(url.AppendReturn("/Sso/Auth2?id=" + logId));
}
/// <summary>根据Code获取令牌</summary>
/// <param name="client_id"></param>
/// <param name="client_secret"></param>
/// <param name="code"></param>
/// <returns></returns>
public virtual String[] GetTokens(String client_id, String client_secret, String code)
{
var log = AppLog.FindByID(code.ToLong());
if (log == null)
{
throw new ArgumentOutOfRangeException(nameof(code), "Code已过期!");
}
if (Log != null)
{
WriteLog("Token appid={0} code={1} token={2} {3}", log.AppName, code, log.AccessToken, log.CreateUser);
}
log.Action = nameof(GetTokens);
log.Update();
return(new[] { log.AccessToken, log.RefreshToken });
}
/// <summary>根据验证结果获取跳转回子系统的Url</summary>
/// <param name="key"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual String GetResult(String key, IManageUser user)
{
var log = AppLog.FindByID(key.ToLong());
if (log == null)
{
throw new ArgumentOutOfRangeException(nameof(key), "操作超时,请重试!");
}
var prv = GetProvider();
var code = log.ID + "";
// 建立令牌
log.AccessToken = prv.Encode(user.Name, DateTime.Now.AddSeconds(Expire));
log.RefreshToken = code + "." + Rand.NextString(16);
log.CreateUser = user + "";
if (Log != null)
{
WriteLog("Authorize appid={0} code={2} redirect_uri={1} {3}", log.AppName, log.RedirectUri, code, user);
}
log.Action = nameof(GetResult);
log.Update();
var url = log.RedirectUri;
if (url.Contains("?"))
{
url += "&";
}
else
{
url += "?";
}
url += "code=" + code;
if (!log.State.IsNullOrEmpty())
{
url += "&state=" + log.State;
}
return(url);
}
/// <summary>根据Code获取令牌</summary>
/// <param name="code"></param>
/// <returns></returns>
public virtual TokenInfo GetToken(String code)
{
var log = AppLog.FindByID(code.ToLong());
if (log == null || log.CreateTime.AddMinutes(5) < DateTime.Now)
{
throw new ArgumentOutOfRangeException(nameof(code), "Code已过期!");
}
if (Log != null)
{
WriteLog("Token appid={0} code={1} token={2} {3}", log.AppName, code, log.AccessToken, log.CreateUser);
}
log.Action = nameof(GetToken);
log.Update();
var expire = 0;
if (log.App != null)
{
expire = log.App.TokenExpire;
}
var set = NewLife.Cube.Setting.Current;
if (expire <= 0)
{
expire = set.TokenExpire;
}
return(new TokenInfo
{
AccessToken = log.AccessToken,
RefreshToken = log.RefreshToken,
Expire = expire
});
}
/// <summary>根据验证结果获取跳转回子系统的Url</summary>
/// <param name="key"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual String GetResult(String key, IManageUser user)
{
var log = AppLog.FindByID(key.ToLong());
if (log == null)
{
throw new ArgumentOutOfRangeException(nameof(key), "操作超时,请重试!");
}
var prv = GetProvider();
var code = log.ID + "";
var token = CreateToken(log.App, user.Name, null, $"{log.App?.Name}#{user.Name}");
// 建立令牌
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user + "";
log.Action = nameof(GetResult);
if (Log != null)
{
WriteLog("Authorize appid={0} code={2} redirect_uri={1} {3}", log.AppName, log.RedirectUri, code, user);
}
// 校验角色
var ids = log.App?.RoleIds?.SplitAsInt();
if (ids != null && ids.Length > 0 && user is XCode.Membership.User user2)
{
if (!user2.Roles.Any(r => ids.Contains(r.ID)))
{
log.Success = false;
log.Remark = $"该应用[{log.AppName}]不支持用户所属角色登录!";
log.Update();
throw new InvalidOperationException(log.Remark);
}
}
log.Update();
var url = log.RedirectUri;
switch ((log.ResponseType + "").ToLower())
{
case "token":
if (url.Contains("?"))
{
url += "&";
}
else
{
url += "?";
}
if (!log.State.IsNullOrEmpty())
{
url += "state=" + HttpUtility.UrlEncode(log.State);
}
url += "#token=" + HttpUtility.UrlEncode(log.AccessToken);
break;
case "code":
default:
if (url.Contains("?"))
{
url += "&";
}
else
{
url += "?";
}
url += "code=" + code;
if (!log.State.IsNullOrEmpty())
{
url += "&state=" + HttpUtility.UrlEncode(log.State);
}
break;
}
return(url);
}
/// <summary>根据验证结果获取跳转回子系统的Url</summary>
/// <param name="key"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual String GetResult(String key, IManageUser user)
{
var log = AppLog.FindByID(key.ToLong());
if (log == null)
{
throw new ArgumentOutOfRangeException(nameof(key), "操作超时,请重试!");
}
var prv = GetProvider();
var code = log.ID + "";
var token = CreateToken(log.App, user.Name, code);
// 建立令牌
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user + "";
if (Log != null)
{
WriteLog("Authorize appid={0} code={2} redirect_uri={1} {3}", log.AppName, log.RedirectUri, code, user);
}
log.Action = nameof(GetResult);
log.Update();
var url = log.RedirectUri;
switch ((log.ResponseType + "").ToLower())
{
case "token":
if (url.Contains("?"))
{
url += "&";
}
else
{
url += "?";
}
if (!log.State.IsNullOrEmpty())
{
url += "state=" + log.State;
}
url += "#token=" + log.AccessToken;
break;
case "code":
default:
if (url.Contains("?"))
{
url += "&";
}
else
{
url += "?";
}
url += "code=" + code;
if (!log.State.IsNullOrEmpty())
{
url += "&state=" + log.State;
}
break;
}
return(url);
}
