using System.Text; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.IdentityModel.Tokens; using Microsoft.Net.Http.Headers; using StopShopping.Services; namespace StopShopping.Api.Extensions; public static class JwtExtensions { public static IServiceCollection AddAuthServices(this IServiceCollection services, IConfiguration jwtOptions) { services.Configure(jwtOptions); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(jwtBearerOptions => { var jwtConfiguration = jwtOptions.Get()!; var signingKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(jwtConfiguration.SigningKey!) ); jwtBearerOptions.MapInboundClaims = false; jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters { ValidAudience = jwtConfiguration.ValidAudience, ValidIssuer = jwtConfiguration.ValidIssuer, IssuerSigningKey = signingKey, ClockSkew = TimeSpan.FromSeconds(30) //宽容时间,30秒后才失效 }; jwtBearerOptions.Events = new JwtBearerEvents { OnMessageReceived = async (context) => { var accessTokenService = context.HttpContext.RequestServices.GetRequiredService(); var authorizationHeader = context.Request.Headers[HeaderNames.Authorization]; if (authorizationHeader.Count == 0) { context.Fail($"未找到{HeaderNames.Authorization}请求头"); } else { var token = authorizationHeader.First()!.Split(" ").Last(); if (string.IsNullOrWhiteSpace(token)) context.Fail("未找到token"); if (await accessTokenService.IsAccessTokenBlacklistAsync(token)) context.Fail("token已失效"); } } }; }); services.AddAuthorization(); return services; } }