protected virtual async Task UpdateApiResourceByInputAsync(ApiResource apiResource, ApiResourceCreateOrUpdateDto input)
{
if (await IsGrantAsync(IdentityServerPermissions.ApiResources.ManageClaims))
{
// 删除不存在的UserClaim
apiResource.UserClaims.RemoveAll(claim => !input.UserClaims.Contains(claim.Type));
foreach (var inputClaim in input.UserClaims)
{
var userClaim = apiResource.FindClaim(inputClaim);
if (userClaim == null)
{
apiResource.AddUserClaim(inputClaim);
}
}
}
if (await IsGrantAsync(IdentityServerPermissions.ApiResources.ManageScopes))
{
// 删除不存在的Scope
apiResource.Scopes.RemoveAll(scope => !input.Scopes.Any(inputScope => scope.Name == inputScope.Name));
foreach (var inputScope in input.Scopes)
{
var scope = apiResource.FindScope(inputScope.Name);
if (scope == null)
{
scope = apiResource.AddScope(
inputScope.Name, inputScope.DisplayName, inputScope.Description,
inputScope.Required, inputScope.Emphasize, inputScope.ShowInDiscoveryDocument);
}
else
{
scope.Required = inputScope.Required;
scope.Emphasize = inputScope.Emphasize;
scope.Description = inputScope.Description;
scope.DisplayName = inputScope.DisplayName;
scope.ShowInDiscoveryDocument = inputScope.ShowInDiscoveryDocument;
// 删除不存在的ScopeUserClaim
scope.UserClaims.RemoveAll(claim => !inputScope.UserClaims.Contains(claim.Type));
}
foreach (var inputScopeClaim in inputScope.UserClaims)
{
var scopeUserClaim = scope.FindClaim(inputScopeClaim);
if (scopeUserClaim == null)
{
scope.AddUserClaim(inputScopeClaim);
}
}
}
}
if (await IsGrantAsync(IdentityServerPermissions.ApiResources.ManageSecrets))
{
// 删除不存在的Secret
apiResource.Secrets.RemoveAll(secret => !input.Secrets.Any(inputSecret => secret.Type == inputSecret.Type && secret.Value == inputSecret.Value));
foreach (var inputSecret in input.Secrets)
{
// 第一次重复校验已经加密过的字符串
if (apiResource.FindSecret(inputSecret.Value, inputSecret.Type) == null)
{
var apiSecretValue = inputSecret.Value;
if (IdentityServerConstants.SecretTypes.SharedSecret.Equals(inputSecret.Type))
{
if (inputSecret.HashType == HashType.Sha256)
{
apiSecretValue = inputSecret.Value.Sha256();
}
else if (inputSecret.HashType == HashType.Sha512)
{
apiSecretValue = inputSecret.Value.Sha512();
}
}
// 加密之后还需要做一次校验 避免出现重复值
var secret = apiResource.FindSecret(apiSecretValue, inputSecret.Type);
if (secret == null)
{
apiResource.AddSecret(apiSecretValue, inputSecret.Expiration, inputSecret.Type, inputSecret.Description);
}
}
}
}
if (await IsGrantAsync(IdentityServerPermissions.ApiResources.ManageProperties))
{
// 删除不存在的属性
apiResource.Properties.RemoveAll(scope => !input.Properties.ContainsKey(scope.Key));
foreach (var property in input.Properties)
{
apiResource.Properties[property.Key] = property.Value;
}
}
}