diff --git a/src/NPin.Web/NPinWebModule.cs b/src/NPin.Web/NPinWebModule.cs index 7cd4d81..68c1e21 100644 --- a/src/NPin.Web/NPinWebModule.cs +++ b/src/NPin.Web/NPinWebModule.cs @@ -1,7 +1,9 @@ using System.Globalization; +using System.Text; using System.Threading.RateLimiting; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Cors; +using Microsoft.IdentityModel.Tokens; using Microsoft.OpenApi.Models; using Newtonsoft.Json.Converters; using NPin.Application; @@ -13,6 +15,8 @@ using NPin.Framework.AspNetCore.Microsoft.AspNetCore.Builder; using NPin.Framework.AspNetCore.Microsoft.Extensions.DependencyInjection; using NPin.Framework.TenantManagement.Application; using NPin.Framework.Upms.Application; +using NPin.Framework.Upms.Domain.Shared.Consts; +using NPin.Framework.Upms.Domain.Shared.Options; using NPin.SqlSugarCore; using Volo.Abp.AspNetCore.Authentication.JwtBearer; using Volo.Abp.AspNetCore.MultiTenancy; @@ -169,11 +173,70 @@ public class NPinWebModule : AbpModule }); // 配置 JWT 鉴权 - // var jwtOptions = configuration.GetSection(nameof(JwtOptions)) + var jwtOptions = configuration.GetSection(nameof(JwtOptions)).Get(); + var refreshJwtOptions = configuration.GetSection(nameof(RefreshJwtOptions)).Get(); context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) - // .AddJwtBearer(opt => { }) - // .AddJwtBearer(opt => { }) + // access_token + .AddJwtBearer(opt => + { + opt.TokenValidationParameters = new TokenValidationParameters + { + ClockSkew = TimeSpan.Zero, + ValidateIssuerSigningKey = true, + ValidIssuer = jwtOptions.Issuer, + ValidAudience = jwtOptions.Audience, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SecurityKey)) + }; + opt.Events = new JwtBearerEvents + { + OnMessageReceived = ctx => + { + var accessToken = ctx.Request.Headers["access_token"]; + if (string.IsNullOrEmpty(accessToken)) + { + accessToken = ctx.Request.Query["access_token"]; + } + + if (!string.IsNullOrEmpty(accessToken)) + { + ctx.Token = accessToken; + } + + return Task.CompletedTask; + } + }; + }) + // refresh_token + .AddJwtBearer(TokenTypeConst.Refresh, opt => + { + opt.TokenValidationParameters = new TokenValidationParameters + { + ClockSkew = TimeSpan.Zero, + ValidateIssuerSigningKey = true, + ValidIssuer = refreshJwtOptions.Issuer, + ValidAudience = refreshJwtOptions.Audience, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(refreshJwtOptions.SecurityKey)) + }; + opt.Events = new JwtBearerEvents + { + OnMessageReceived = ctx => + { + var refreshToken = ctx.Request.Headers["refresh_token"]; + if (string.IsNullOrEmpty(refreshToken)) + { + refreshToken = ctx.Request.Query["refresh_token"]; + } + + if (!string.IsNullOrEmpty(refreshToken)) + { + ctx.Token = refreshToken; + } + + return Task.CompletedTask; + } + }; + }) .AddQQ(opt => { configuration.GetSection("OAuth:QQ").Bind(opt); }) .AddGitee(opt => { configuration.GetSection("OAuth:Gitee").Bind(opt); });