StopShopping/StopShopping.Api/Routes/Common.cs

using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Net.Http.Headers;
using StopShopping.Services;
using StopShopping.Services.Models.Req;
using StopShopping.Services.Models.Resp;

namespace StopShopping.Api.Routes;

public static class Common
{
    public static RouteGroupBuilder MapCommon(this RouteGroupBuilder routes)
    {
        routes.MapPost("/common/upload", UploadAsync)
            .WithTags(OpenApiTags.公用.ToString());

        routes.MapPost("/common/refreshtoken", RefreshTokenAsync)
            .AllowAnonymous()
            .Produces<ApiResponse<AccessToken>>()
            .WithTags(OpenApiTags.公用.ToString());

        routes.MapPost("/common/signout", SignOutAsync)
            .AllowAnonymous().WithTags(OpenApiTags.公用.ToString());

        routes.MapPost("/common/antiforgery-token", AntiForgeryToken)
            .WithTags(OpenApiTags.公用.ToString());

        return routes;
    }

    private static async Task<ApiResponse<FileUpload>> UploadAsync(
            [FromForm] UploadParams payload,
            IFileService fileService,
            HttpContext httpContext)
    {
        return await fileService.UploadFileAsync(payload);
    }

    private static ApiResponse<AntiForgeryToken> AntiForgeryToken(
            HttpContext httpContext,
            IAntiforgery antiforgery)
    {
        var antiforgeryToken = antiforgery.GetAndStoreTokens(httpContext);

        return new ApiResponse<AntiForgeryToken>(new AntiForgeryToken
        {
            Token = antiforgeryToken.RequestToken,
            HeaderName = antiforgeryToken.HeaderName
        });
    }
    private static async Task<IResult> RefreshTokenAsync(
        HttpContext httpContext,
        IAccessTokenService accessTokenService)
    {
        var refreshToken = httpContext.Request.Cookies[HttpExtensions.REFRESH_TOKEN_COOKIE_KEY];
        if (string.IsNullOrWhiteSpace(refreshToken))
            return Results.Unauthorized();

        var accessToken = await accessTokenService.GenerateAccessTokenAsync(refreshToken);
        if (null == accessToken)
            return Results.Unauthorized();

        return Results.Ok(new ApiResponse<AccessToken>(accessToken));
    }

    public static async Task<ApiResponse> SignOutAsync(
            HttpContext httpContext,
            IAccessTokenService accessTokenService)
    {
        var accessTokenHeader = httpContext.Request.Headers[HeaderNames.Authorization];
        if (accessTokenHeader.Count != 0)
        {
            var accessToken = accessTokenHeader.First()!.Split(" ").Last();
            if (!string.IsNullOrWhiteSpace(accessToken))
                await accessTokenService.AddAccessTokenBlacklistAsync(accessToken);
        }

        var refreshToken = httpContext.Request.Cookies[HttpExtensions.REFRESH_TOKEN_COOKIE_KEY];
        if (!string.IsNullOrWhiteSpace(refreshToken))
        {
            await accessTokenService.RevokeRefreshTokenAsync(refreshToken);
            httpContext.Response.Cookies.Delete(HttpExtensions.REFRESH_TOKEN_COOKIE_KEY);
        }

        return ApiResponse.Succed();
    }
}