/// <summary>
/// Map entity to dto
/// </summary>
/// <param name="entity">Object to extension</param>
/// <param name="addAuthors">Indicate if add authors data in dto</param>
public static ScopeDto Map(this Scope entity, bool addAuthors)
{
if (entity == null)
{
return(null);
}
ScopeDto dto = new ScopeDto();
if (entity.Valid)
{
dto.Id = entity.Id;
if (addAuthors)
{
AuthorMap.Map(dto, entity);
}
}
else
{
dto.AddNotifications(entity.Notifications);
}
dto.Name = entity.Name;
dto.AccessKey = entity.AccessKey;
dto.AllowLogin = entity.AllowLogin;
dto.IsActive = entity.IsActive;
return(dto);
}
public async Task <ResultResponseDto> AddScope(ScopeDto dto)
{
if (!dto.IsValid())
{
return(Result.ReFailure <ResultResponseDto>("请求参数错误", ResultCodes.InvalidParameter));
}
if (base.State == null)
{
return(Result.ReFailure <ResultResponseDto>("API资源不存在", ResultCodes.InvalidParameter));
}
ApiScope scope = Mapper.Map <ApiScope>(dto);
if (!scope.IsValid())
{
return(Result.ReFailure <ResultResponseDto>("请求参数错误", ResultCodes.InvalidParameter));
}
IApiResourceRepositories dataStore = this.ServiceProvider.GetRequiredService <IApiResourceRepositories>();
if (await dataStore.GetScopeIdAsync(scope.Name) > 0)
{
return(Result.ReFailure <ResultResponseDto>(scope.Name + "Api范围已经存在", ResultCodes.InvalidParameter));
}
this.State.Scopes.Add(scope);
await base.WriteStateAsync();
return(Result.ReSuccess <ResultResponseDto>());
}
/// <summary>
/// Map dto to response
/// </summary>
/// <param name="dto">Scope dto object instance</param>
public static ScopeResponse Map(this ScopeDto dto)
=> new ScopeResponse(dto.Id)
{
Name = dto.Name,
AccessKey = dto.AccessKey,
AllowLogin = dto.AllowLogin,
IsActive = dto.IsActive
};
private void CollectScopeAssociatedInfo(IdentityUow uow, ScopeDto scopeDto)
{
scopeDto.ScopeClaims = uow.Store.List <ScopeClaim>(set => set.Where(x => x.ScopeKey == scopeDto.Key))
.Select(x => MappingService.Map <ScopeClaimDto>(x))
.ToList();
scopeDto.ScopeSecrets = uow.Store.List <ScopeSecret>(set => set.Where(x => x.ScopeKey == scopeDto.Key))
.Select(x => MappingService.Map <ScopeSecretDto>(x))
.ToList();
}
/// <summary>
/// Map entity to dto
/// </summary>
/// <param name="entity">Object to extension</param>
/// <param name="dto">Scope Dto object</param>
public static Scope Map(this Scope entity, ScopeDto dto)
{
if (dto != null)
{
entity.Name = dto.Name;
entity.AccessKey = dto.AccessKey != Guid.Empty ? dto.AccessKey : entity.AccessKey;
entity.AllowLogin = dto.AllowLogin;
entity.IsActive = dto.IsActive;
}
return(entity);
}
public async Task <FileServiceJwt> VerifyJwt(AuthJwt auth)
{
try
{
// check signature
var publicKey = await this._configService.Get("JWTPublicKeys");
//var cer = new X509Certificate2(Convert.FromBase64String(publicKey));
var rsa = CertificateHelper.GetPublicKey(auth.Jwt, publicKey);// (RSA)(cer.PublicKey.Key);
var validationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = new RsaSecurityKey(rsa),
ValidateIssuer = false,
};
var result = new JwtSecurityTokenHandler().ValidateToken(auth.Jwt, validationParameters, out SecurityToken securityToken);
var validateToken = securityToken as JwtSecurityToken;
string scopeStr = validateToken.Claims.FirstOrDefault(c => c.Type == "scope")?.Value;
string jti = validateToken.Claims.FirstOrDefault(c => c.Type == "jti")?.Value;
string iss = validateToken.Claims.FirstOrDefault(c => c.Type == "iss")?.Value;
ScopeDto scope = new ScopeDto();
if (!string.IsNullOrEmpty(scopeStr))
{
scope = JsonConvert.DeserializeObject <ScopeDto>(scopeStr);
}
//LogHelper.Info($"Check ip: JWT->{scope.ip}, FileService->{auth.IP}");
//此处ip校验,在对部分域名使用vpn加速情况下,可能造成ip不一致,所以暂时去掉
/*
* if (scope.ip != auth.IP && scope.ip != "127.0.0.1")
* {
* throw new UnauthorizedException();
* }
*/
VerifyJti(jti);
return(new FileServiceJwt()
{
ExpireInDays = scope.fileExpireInDays,
SiteId = scope.siteId,
AppId = iss
});
}
catch (Exception ex)
{
LogHelper.Error(ex, ex.Message);
throw new UnauthorizedException();
}
}
/// <summary>
/// Map dto to entity
/// </summary>
/// <param name="dto">Object to extension</param>
/// <param name="setId">Set dto id into entity</param>
public static Scope Map(this ScopeDto dto, bool setId)
{
Scope entity;
if (setId)
{
entity = new Scope(dto.Id);
}
else
{
entity = new Scope();
}
entity.Name = dto.Name;
entity.AccessKey = dto.AccessKey;
entity.AllowLogin = dto.AllowLogin;
entity.IsActive = dto.IsActive;
return(entity);
}
public ScopeDto AddOrUpdateScope(ScopeDto scopeDto)
{
ScopeDto updatedScopeDto = null;
Execute(uow =>
{
var scope = uow.Store.AddOrUpdate(MappingService.Map <Scope>(scopeDto).AsNewEntity(),
x => x.Name == scopeDto.Name);
updatedScopeDto = MappingService.Map <ScopeDto>(scope);
if (scopeDto.ScopeClaims != null)
{
foreach (var scopeClaim in
scopeDto.ScopeClaims.Select(
scopeClaimDto => MappingService.Map <ScopeClaim>(scopeClaimDto).WithScope(scope)))
{
uow.Store.AddOrUpdate(scopeClaim, x => x.Name == scopeClaim.Name);
}
}
if (scopeDto.ScopeSecrets != null)
{
foreach (var scopeSecret in
scopeDto.ScopeSecrets.Select(
scopeSecretDto => MappingService.Map <ScopeSecret>(scopeSecretDto).WithScope(scope)))
{
uow.Store.AddOrUpdate(scopeSecret, x => x.Type == scopeSecret.Type);
}
}
CollectScopeAssociatedInfo(uow, updatedScopeDto);
uow.Cache.HashSetAsync(KeyToScopeHash, updatedScopeDto.Name, Serializer.Serialize(updatedScopeDto))
.Wait();
});
return(updatedScopeDto);
}
/// <summary>
/// Authenticate application in the system and generate the access-key (token)
/// </summary>
/// <param name="cancellationToken">A System.Threading.CancellationToken to observe while waiting for the task to complete</param>
private async Task <IActionResult> AuthenticateApplicationAsync(CancellationToken cancellationToken)
{
if (!AppKey.HasValue || !AppAccess.HasValue)
{
return(Unauthorized(_localizer["SCOPE_NOT_DEFINED"].Value));
}
ScopeDto scope = await _scopeAppService.GetByKeyAsync(AppKey.Value, cancellationToken);
if (scope == null || scope.AccessKey != AppAccess.Value)
{
return(Unauthorized(_localizer["INVALID_APP_KEY_ACCESS"].Value));
}
if (!scope.AllowLogin || !scope.IsActive)
{
return(Unauthorized(_localizer["APP_LOGIN_DIALLOW"].Value));
}
string token = _tokenHelper.GenerateTokenAplication(scope.Id, scope.Name, out DateTime? expiresIn);
AuthenticateResponse result = new AuthenticateResponse(token, expiresIn, null, null);
return(Ok(result));
}
/// <summary> /// Map dto to entity /// </summary> /// <param name="dto">Object to extension</param> public static Scope Map(this ScopeDto dto) => Map(dto, false);
