56 lines
2.4 KiB
C#
56 lines
2.4 KiB
C#
using System.Text;
|
||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||
using Microsoft.IdentityModel.Tokens;
|
||
using Microsoft.Net.Http.Headers;
|
||
using StopShopping.Services;
|
||
|
||
namespace StopShopping.AdminApi.Extensions;
|
||
|
||
public static class JwtExtensions
|
||
{
|
||
public static IServiceCollection AddAuthServices(this IServiceCollection services, IConfiguration jwtOptions)
|
||
{
|
||
services.Configure<JwtOptions>(jwtOptions);
|
||
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||
.AddJwtBearer(jwtBearerOptions =>
|
||
{
|
||
var jwtConfiguration = jwtOptions.Get<JwtOptions>()!;
|
||
|
||
var signingKey = new SymmetricSecurityKey(
|
||
Encoding.UTF8.GetBytes(jwtConfiguration.SigningKey!)
|
||
);
|
||
|
||
jwtBearerOptions.MapInboundClaims = false;
|
||
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
|
||
{
|
||
ValidAudience = jwtConfiguration.ValidAudience,
|
||
ValidIssuer = jwtConfiguration.ValidIssuer,
|
||
IssuerSigningKey = signingKey,
|
||
ClockSkew = TimeSpan.FromSeconds(30) //宽容时间,30秒后才失效
|
||
};
|
||
jwtBearerOptions.Events = new JwtBearerEvents
|
||
{
|
||
OnMessageReceived = async (context) =>
|
||
{
|
||
var accessTokenService = context.HttpContext.RequestServices.GetRequiredService<IAccessTokenService>();
|
||
var authorizationHeader = context.Request.Headers[HeaderNames.Authorization];
|
||
if (authorizationHeader.Count == 0)
|
||
{
|
||
context.Fail($"未找到{HeaderNames.Authorization}请求头");
|
||
}
|
||
else
|
||
{
|
||
var token = authorizationHeader.First()!.Split(" ").Last();
|
||
if (string.IsNullOrWhiteSpace(token))
|
||
context.Fail("未找到token");
|
||
if (await accessTokenService.IsAccessTokenBlacklistAsync(token))
|
||
context.Fail("token已失效");
|
||
}
|
||
}
|
||
};
|
||
});
|
||
services.AddAuthorization();
|
||
|
||
return services;
|
||
}
|
||
} |