首頁 探索 說明
註冊 登入
yandaniu
/
qlhb
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: f28fc73328
分支列表 標籤列表
qlhb
/
Ropin.Inspection.Api
/
Common
/
Token
/
TokenHelper.cs

TokenHelper.cs 8.5 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. using Microsoft.Extensions.Options;
    2. 

  2. using Microsoft.IdentityModel.Tokens;
    3. 

  3. using System;
    4. 

  4. using System.Collections.Generic;
    5. 

  5. using System.IdentityModel.Tokens.Jwt;
    6. 

  6. using System.Linq;
    7. 

  7. using System.Security.Claims;
    8. 

  8. using System.Text;
    9. 

  9. using System.Threading.Tasks;
    10. 

  10. using Ropin.Inspection.Model;
    11. 

  11. using Ropin.Inspection.Model.ViewModel;
    12. 

  12. 

  13. namespace Ropin.Inspection.Api.Common.Token
    14. 

  14. {
    15. 

  15.     public enum TokenType
    16. 

  16.     {
    17. 

  17.         AccessToken = 1,
    18. 

  18.         RefreshToken = 2
    19. 

  19.     }
    20. 

  20.     public class TokenHelper : ITokenHelper
    21. 

  21.     {
    22. 

  22.         private readonly IOptions<JWTConfig> _options;
    23. 

  23.         public TokenHelper(IOptions<JWTConfig> options)
    24. 

  24.         {
    25. 

  25.             _options = options;
    26. 

  26.         }
    27. 

  27. 

  28.         public Token CreateAccessToken(TsysUserDetailViewModel user)
    29. 

  29.         {
    30. 

  30.             Claim[] claims = { new Claim(ClaimTypes.NameIdentifier, user.C_UserID.ToString()), new Claim(ClaimTypes.Name, user.C_Name), new Claim(ClaimTypes.Role, user.RoleIds) ,new Claim(ClaimTypes.PrimaryGroupSid, user.C_OrgCode.ToString()) };
    31. 

  31. 

  32.             return CreateToken(claims, TokenType.AccessToken);
    33. 

  33.         }
    34. 

  34. 

  35.         public ComplexToken CreateToken(TsysUserDetailViewModel user)
    36. 

  36.         {
    37. 

  37.             Claim[] claims = { 
    38. 

  38.                 new Claim(ClaimTypes.NameIdentifier, user.C_UserID.ToString()), 
    39. 

  39.                 new Claim(ClaimTypes.Name, user.C_Name),
    40. 

  40.                 new Claim(ClaimTypes.Role, user.RoleNames??""),
    41. 

  41.                 new Claim(ClaimTypes.Rsa, user.C_LicenseCode),
    42. 

  42.                 new Claim(ClaimTypes.Sid, user.LicenseTypeCode),
    43. 

  43.                 new Claim(ClaimTypes.Actor, user.OrgTypeCode),
    44. 

  44.                 new Claim(ClaimTypes.PrimaryGroupSid, user.C_OrgCode.ToString())};
    45. 

  45. 

  46. 

  47.             return new ComplexToken
    48. 

  48.             {
    49. 

  49.                 AccessToken = CreateToken(claims, TokenType.AccessToken),
    50. 

  50.                 RefreshToken = CreateToken(claims, TokenType.RefreshToken),
    51. 

  51.                 User = user
    52. 

  52.             };
    53. 

  53.         }
    54. 

  54. 

  55.         /// <summary>
    56. 

  56.         /// 用于创建AccessToken和RefreshToken。
    57. 

  57.         /// 这里AccessToken和RefreshToken只是过期时间不同
    58. 

  58.         /// 因为RefreshToken只是用于刷新AccessToken,其内容可以简单一些。
    59. 

  59.         /// 而AccessToken可能会附加一些其他的Claim。
    60. 

  60.         /// </summary>
    61. 

  61.         /// <param name="claims"></param>
    62. 

  62.         /// <param name="tokenType"></param>
    63. 

  63.         /// <returns></returns>
    64. 

  64.         private Token CreateToken(Claim[] claims, TokenType tokenType)
    65. 

  65.         {
    66. 

  66.             claims = claims.Append(new Claim("TokenType", tokenType.ToString())).ToArray();
    67. 

  67.             var now = DateTime.Now;
    68. 

  68.             var expires = now.Add(TimeSpan.FromMinutes(tokenType.Equals(TokenType.AccessToken) ? _options.Value.AccessTokenExpiresMinutes : _options.Value.RefreshTokenExpiresMinutes));
    69. 

  69.             var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.IssuerSigningKey));
    70. 

  70.             var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
    71. 

  71.             var token = new JwtSecurityToken(
    72. 

  72.                 issuer: _options.Value.Issuer,
    73. 

  73.                 audience: _options.Value.Audience,
    74. 

  74.                 claims: claims,
    75. 

  75.                 notBefore: now,
    76. 

  76.                 expires: expires,
    77. 

  77.                 //签名证书
    78. 

  78.                 signingCredentials: creds);
    79. 

  79.         //signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.IssuerSigningKey)), SecurityAlgorithms.HmacSha256));
    80. 

  80.             return new Token { TokenContent = new JwtSecurityTokenHandler().WriteToken(token), Expires = expires };
    81. 

  81.         }
    82. 

  82. 

  83.         public ComplexToken RefreshTokenByClaimsPrincipal(ClaimsPrincipal claimsPrincipal)
    84. 

  84.         {
    85. 

  85.             if (claimsPrincipal!=null)
    86. 

  86.             {
    87. 

  87.                 //claimsPrincipal.Claims.Any(m => m.Type.Equals("TokenType") && m.Value.Equals(TokenType.RefreshToken.ToString()))
    88. 

  88.                 if (claimsPrincipal.Claims.Any(m => m.Type == ("TokenType") && m.Value == (TokenType.RefreshToken.ToString())))
    89. 

  89.                 {
    90. 

  90.                     var code = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.NameIdentifier));
    91. 

  91.                     var name = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Name));
    92. 

  92.                     var RoleNames = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Role));
    93. 

  93.                     var License = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Rsa));
    94. 

  94.                     var LicenseTypeCode = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Sid));
    95. 

  95.                     var OrgTypeCode = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Actor));
    96. 

  96.                     var PrimaryGroupSid = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.PrimaryGroupSid));
    97. 

  97.                     if (null != code)
    98. 

  98.                     {
    99. 

  99.                         //return CreateAccessToken(new TsysUserDetailViewModel { C_UserID = Guid.Parse(code.Value) , C_Name = name.Value ,RoleNames = RoleNames.Value});
    100. 

  100.                         return  CreateToken(new TsysUserDetailViewModel
    101. 

  101.                         {
    102. 

  102.                             C_UserID = Guid.Parse(code.Value),
    103. 

  103.                             C_Name = name.Value,
    104. 

  104.                             RoleNames = RoleNames.Value,
    105. 

  105.                             C_OrgCode = Guid.Parse(PrimaryGroupSid.Value),
    106. 

  106.                             C_LicenseCode = License.Value,
    107. 

  107.                             LicenseTypeCode = LicenseTypeCode.Value,
    108. 

  108.                             OrgTypeCode = OrgTypeCode.Value
    109. 

  109.                         });
    110. 

  110.                     }
    111. 

  111.                 }
    112. 

  112.             }
    113. 

  113.             return null;
    114. 

  114.         }
    115. 

  115.         public ComplexToken RefreshToken(string refreshToken)
    116. 

  116.         {
    117. 

  117.             ClaimsPrincipal claimsPrincipal = GetClaimsPrincipalByToken(refreshToken);
    118. 

  118.             return RefreshTokenByClaimsPrincipal(claimsPrincipal);
    119. 

  119.         }
    120. 

  120. 

  121.         private ClaimsPrincipal GetClaimsPrincipalByToken(string token)
    122. 

  122.         {
    123. 

  123.             try
    124. 

  124.             {
    125. 

  125.                 var tokenValidationParameters = new TokenValidationParameters
    126. 

  126.                 {
    127. 

  127.                     ValidateIssuer = false,
    128. 

  128.                     ValidateAudience = false,
    129. 

  129.                     ValidateIssuerSigningKey = true,
    130. 

  130.                     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.IssuerSigningKey)),
    131. 

  131.                     ClockSkew = TimeSpan.Zero,
    132. 

  132.                     ValidateLifetime = false // 不验证过期时间!!!
    133. 

  133.                 };
    134. 

  134. 

  135.                 var jwtTokenHandler = new JwtSecurityTokenHandler();
    136. 

  136. 

  137.                 var claimsPrincipal =
    138. 

  138.                     jwtTokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken);
    139. 

  139. 

  140.                 var validatedSecurityAlgorithm = validatedToken is JwtSecurityToken jwtSecurityToken
    141. 

  141.                                                  && jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256,
    142. 

  142.                                                      StringComparison.InvariantCultureIgnoreCase);
    143. 

  143. 

  144.                 return validatedSecurityAlgorithm ? claimsPrincipal : null;
    145. 

  145.             }
    146. 

  146.             catch
    147. 

  147.             {
    148. 

  148.                 return null;
    149. 

  149.             }
    150. 

  150.         }
    151. 

  151. 

  152.         public Token RefreshToken(ClaimsPrincipal claimsPrincipal)
    153. 

  153.         {
    154. 

  154.             if (claimsPrincipal.Claims.Any(m => m.Type.Equals("TokenType") && m.Value.Equals(TokenType.RefreshToken.ToString())))
    155. 

  155.             {
    156. 

  156.                 var code = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.NameIdentifier));
    157. 

  157.                 var name = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Name));
    158. 

  158.                 var RoleNames = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Role));
    159. 

  159.                 var PrimaryGroupSid = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.PrimaryGroupSid));
    160. 

  160.                 var LicenseCode = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Rsa));
    161. 

  161.                 var LicenseTypeCode = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Sid));
    162. 

  162.                 var OrgTypeCode = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.Actor));
    163. 

  163.                 if (null != code)
    164. 

  164.                 {
    165. 

  165.                     return CreateAccessToken(new TsysUserDetailViewModel { C_UserID = Guid.Parse(code.Value) ,C_LicenseCode = LicenseCode.Value, LicenseTypeCode = LicenseTypeCode.Value, C_Name = name.Value ,RoleNames = RoleNames.Value, C_OrgCode = Guid.Parse(PrimaryGroupSid.Value),OrgTypeCode = OrgTypeCode.Value });
    166. 

  166.                 }
    167. 

  167.             }
    168. 

  168. 

  169.             return null;
    170. 

  170.         }
    171. 

  171.     }
    172. 

  172. }
    173.