91 lines
3.1 KiB
C#
91 lines
3.1 KiB
C#
using Fengling.AuthService.DTOs;
|
|
using Fengling.AuthService.Models;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using OpenIddict.Abstractions;
|
|
using OpenIddict.Server.AspNetCore;
|
|
using System.Security.Claims;
|
|
using static OpenIddict.Abstractions.OpenIddictConstants;
|
|
|
|
namespace Fengling.AuthService.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class AuthController : ControllerBase
|
|
{
|
|
private readonly SignInManager<ApplicationUser> _signInManager;
|
|
private readonly UserManager<ApplicationUser> _userManager;
|
|
private readonly IOpenIddictApplicationManager _applicationManager;
|
|
private readonly IOpenIddictAuthorizationManager _authorizationManager;
|
|
private readonly IOpenIddictScopeManager _scopeManager;
|
|
private readonly ILogger<AuthController> _logger;
|
|
|
|
public AuthController(
|
|
SignInManager<ApplicationUser> signInManager,
|
|
UserManager<ApplicationUser> userManager,
|
|
IOpenIddictApplicationManager applicationManager,
|
|
IOpenIddictAuthorizationManager authorizationManager,
|
|
IOpenIddictScopeManager scopeManager,
|
|
ILogger<AuthController> logger)
|
|
{
|
|
_signInManager = signInManager;
|
|
_userManager = userManager;
|
|
_applicationManager = applicationManager;
|
|
_authorizationManager = authorizationManager;
|
|
_scopeManager = scopeManager;
|
|
_logger = logger;
|
|
}
|
|
|
|
[HttpPost("login")]
|
|
public async Task<IActionResult> Login([FromBody] LoginRequest request)
|
|
{
|
|
var user = await _userManager.FindByNameAsync(request.UserName);
|
|
if (user == null || user.IsDeleted)
|
|
{
|
|
return Unauthorized(new { error = "用户不存在" });
|
|
}
|
|
|
|
if (user.TenantId != request.TenantId)
|
|
{
|
|
return Unauthorized(new { error = "租户不匹配" });
|
|
}
|
|
|
|
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);
|
|
if (!result.Succeeded)
|
|
{
|
|
return Unauthorized(new { error = "用户名或密码错误" });
|
|
}
|
|
|
|
var token = await GenerateTokenAsync(user);
|
|
return Ok(token);
|
|
}
|
|
|
|
private async Task<LoginResponse> GenerateTokenAsync(ApplicationUser user)
|
|
{
|
|
var claims = new List<System.Security.Claims.Claim>
|
|
{
|
|
new(Claims.Subject, user.Id.ToString()),
|
|
new(Claims.Name, user.UserName ?? string.Empty),
|
|
new(Claims.Email, user.Email ?? string.Empty),
|
|
new("tenant_id", user.TenantId.ToString())
|
|
};
|
|
|
|
var roles = await _userManager.GetRolesAsync(user);
|
|
foreach (var role in roles)
|
|
{
|
|
claims.Add(new Claim(Claims.Role, role));
|
|
}
|
|
|
|
var identity = new System.Security.Claims.ClaimsIdentity(claims, "Server");
|
|
var principal = new System.Security.Claims.ClaimsPrincipal(identity);
|
|
|
|
return new LoginResponse
|
|
{
|
|
AccessToken = "token-placeholder",
|
|
RefreshToken = "refresh-placeholder",
|
|
ExpiresIn = 3600,
|
|
TokenType = "Bearer"
|
|
};
|
|
}
|
|
}
|