61c3a27192
添加OAuth2认证相关配置文件和服务实现,包括环境变量配置、PKCE流程支持、token管理等功能。主要变更: - 新增OAuth2配置文件 - 实现OAuth2服务层 - 更新请求拦截器支持token自动刷新 - 修改认证API和store以支持OAuth2流程
103 lines
3.0 KiB
C#
103 lines
3.0 KiB
C#
using System.Reflection;
|
|
using Fengling.AuthService.Data;
|
|
using Fengling.AuthService.Models;
|
|
using Fengling.Console.Repositories;
|
|
using Fengling.Console.Services;
|
|
using OpenIddict.Abstractions;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.Text;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Services.AddControllers();
|
|
|
|
builder.Services.AddDbContext<ApplicationDbContext>(options =>
|
|
{
|
|
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection"));
|
|
});
|
|
|
|
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>()
|
|
.AddEntityFrameworkStores<ApplicationDbContext>()
|
|
.AddDefaultTokenProviders();
|
|
|
|
builder.Services.AddHttpContextAccessor();
|
|
|
|
builder.Services.AddHttpClient();
|
|
builder.Services.AddScoped<IOAuthClientService, OAuthClientService>();
|
|
builder.Services.AddScoped<IUserRepository, UserRepository>();
|
|
builder.Services.AddScoped<ITenantRepository, TenantRepository>();
|
|
builder.Services.AddScoped<IRoleRepository, RoleRepository>();
|
|
|
|
builder.Services.AddScoped<IUserService, UserService>();
|
|
builder.Services.AddScoped<ITenantService, TenantService>();
|
|
builder.Services.AddScoped<IRoleService, RoleService>();
|
|
|
|
builder.Services.AddOpenIddict()
|
|
.AddCore(options =>
|
|
{
|
|
options.UseEntityFrameworkCore().UseDbContext<ApplicationDbContext>();
|
|
});
|
|
|
|
var jwtKey = builder.Configuration["Jwt:Key"];
|
|
var jwtIssuer = builder.Configuration["Jwt:Issuer"];
|
|
var jwtAudience = builder.Configuration["Jwt:Audience"];
|
|
|
|
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidateAudience = true,
|
|
ValidateLifetime = true,
|
|
ValidateIssuerSigningKey = true,
|
|
ValidIssuer = jwtIssuer,
|
|
ValidAudience = jwtAudience,
|
|
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey ?? throw new InvalidOperationException("JWT Key is not configured")))
|
|
};
|
|
});
|
|
|
|
builder.Services.AddAuthorization();
|
|
|
|
builder.Services.AddCors(options =>
|
|
{
|
|
options.AddPolicy("AllowAll", policy =>
|
|
{
|
|
policy.AllowAnyOrigin()
|
|
.AllowAnyMethod()
|
|
.AllowAnyHeader();
|
|
});
|
|
});
|
|
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen(c =>
|
|
{
|
|
c.SwaggerDoc("v1", new() { Title = "Fengling.Console API", Version = "v1" });
|
|
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
|
|
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
|
|
if (File.Exists(xmlPath))
|
|
{
|
|
c.IncludeXmlComments(xmlPath);
|
|
}
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI(c =>
|
|
{
|
|
c.SwaggerEndpoint("/swagger/v1/swagger.json", "Fengling.Console API V1");
|
|
});
|
|
|
|
app.UseCors("AllowAll");
|
|
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.MapControllers();
|
|
|
|
app.Run();
|