as is

2026-03-30 11:07:30 +08:00
parent 2c44b3a4b2
commit d4a8e71733
74 changed files with 1751 additions and 421 deletions
--- a/StopShopping.AdminApi/Extensions/AuthExtensions.cs
+++ b/StopShopping.AdminApi/Extensions/AuthExtensions.cs
@@ -0,0 +1,56 @@
+using System.Text;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Net.Http.Headers;
+using StopShopping.Services;
+
+namespace StopShopping.AdminApi.Extensions;
+
+public static class JwtExtensions
+{
+    public static IServiceCollection AddAuthServices(this IServiceCollection services, IConfiguration jwtOptions)
+    {
+        services.Configure<JwtOptions>(jwtOptions);
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddJwtBearer(jwtBearerOptions =>
+            {
+                var jwtConfiguration = jwtOptions.Get<JwtOptions>()!;
+
+                var signingKey = new SymmetricSecurityKey(
+                    Encoding.UTF8.GetBytes(jwtConfiguration.SigningKey!)
+                );
+
+                jwtBearerOptions.MapInboundClaims = false;
+                jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidAudience = jwtConfiguration.ValidAudience,
+                    ValidIssuer = jwtConfiguration.ValidIssuer,
+                    IssuerSigningKey = signingKey,
+                    ClockSkew = TimeSpan.FromSeconds(30) //宽容时间，30秒后才失效
+                };
+                jwtBearerOptions.Events = new JwtBearerEvents
+                {
+                    OnMessageReceived = async (context) =>
+                    {
+                        var accessTokenService = context.HttpContext.RequestServices.GetRequiredService<IAccessTokenService>();
+                        var authorizationHeader = context.Request.Headers[HeaderNames.Authorization];
+                        if (authorizationHeader.Count == 0)
+                        {
+                            context.Fail($"未找到{HeaderNames.Authorization}请求头");
+                        }
+                        else
+                        {
+                            var token = authorizationHeader.First()!.Split(" ").Last();
+                            if (string.IsNullOrWhiteSpace(token))
+                                context.Fail("未找到token");
+                            if (await accessTokenService.IsAccessTokenBlacklistAsync(token))
+                                context.Fail("token已失效");
+                        }
+                    }
+                };
+            });
+        services.AddAuthorization();
+
+        return services;
+    }
+}