123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 |
- using Bowin.Common.Cache;
- using Bowin.Common.JSON;
- using Bowin.Common.Utility;
- using Microsoft.AspNetCore.Authentication.JwtBearer;
- using Microsoft.AspNetCore.Hosting;
- using Microsoft.AspNetCore.Http;
- using Microsoft.AspNetCore.SignalR;
- using Microsoft.Extensions.Configuration;
- using Microsoft.Extensions.DependencyInjection;
- using Microsoft.Extensions.Logging;
- using Microsoft.IdentityModel.Tokens;
- using System;
- using System.Collections.Generic;
- using System.IdentityModel.Tokens.Jwt;
- using System.IO;
- using System.Linq;
- using System.Linq.Expressions;
- using System.Runtime.CompilerServices;
- using System.Security.Claims;
- using System.Text;
- using System.Threading;
- using System.Threading.Tasks;
- namespace Bowin.Common.ServiceToken
- {
- public static class JwtHelper
- {
- private static JwtSettings Settings { get; set; }
- private const string AUTH_SECURITY_KEY = "6bb452e82b0f6ab0253d6db9f384996552dd3afcb9113d760a00a154cabc6cbd56c5f33c246a05090005a1e8dfc148388aa6593fdbb3b5a18a73153c07a5cdd3";
- private const string AUTH_REFRESH_KEY = "4e64a7b3614c2710fef2fee37fe1b660302b65ca485fd57c9271e96bc36413e7c9c509a28190154b901d54abd4a45fc9b92f06fc3d798ea4b827f151f1e7c322";
- public static Func<string, List<string>> GetFunctionCodeMethod { get; set; }
- internal static Delegate GetRefreshUserFunc { get; set; }
- static JwtHelper()
- {
- var configuration = new ConfigurationBuilder()
- .SetBasePath(Directory.GetCurrentDirectory())
- .AddJsonFile("appsettings.json")
- .Build();
- Settings = configuration.GetSection("JwtSettings").Get<JwtSettings>();
- }
- public static void AddBowinAuthentication<T>(this IServiceCollection service, Func<string, T> refreshUserFunc, Func<string, List<string>> getFunctionGodeFunc = null)
- {
- GetRefreshUserFunc = refreshUserFunc;
- GetFunctionCodeMethod = getFunctionGodeFunc;
- service.AddAuthentication(options =>
- {
- options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
- options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
- })
- .AddJwtBearer(options => {
- options.RequireHttpsMetadata = false;
- options.SaveToken = true;
- options.TokenValidationParameters = new TokenValidationParameters
- {
- ValidateIssuer = true,
- ValidateAudience = true,
- ValidateIssuerSigningKey = true,
- ValidateLifetime = false,
- ValidAudience = Settings.Audience,
- ValidIssuer = Settings.Issuer,
- //AudienceValidator = (audiences, securityToken, validationParameters) => {
- // //var userID = CacheHelper.Get(securityToken.Id);
- // //if (userID == null)
- // //{
- // // return false;
- // //}
- // return audiences != null && audiences.FirstOrDefault().Equals(Settings.Audience);
- //},
- AudienceValidator = AudianValidator,
- IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AUTH_SECURITY_KEY))
- };
- //options.Events = new JwtBearerEvents
- //{
- // OnTokenValidated = (context => {
- // //var logger = HttpHelper.GetService<ILogger<TokenSender>>();
- // var claims = context.Principal.Claims;
- // claims = claims.Where(x => x.Type != JwtRegisteredClaimNames.Aud && x.Type != JwtRegisteredClaimNames.Nbf && x.Type != JwtRegisteredClaimNames.Jti).ToArray();
- // var userID = claims.FirstOrDefault(x => x.Type == ClaimTypes.Name).Value;
- // var nowTime = DateTime.Now;
- // nowTime.AddMilliseconds(0 - nowTime.Millisecond);
- // var jti = GetJTI(userID);
- // claims = claims//.Append(new Claim(JwtRegisteredClaimNames.Nbf, $"{ new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds() }"))
- // .Append(new Claim(JwtRegisteredClaimNames.Jti, jti));
- // var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AUTH_SECURITY_KEY));
- // var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
- // var token = new JwtSecurityToken(
- // issuer: Settings.Issuer,
- // audience: Settings.Audience,
- // claims: claims,
- // signingCredentials: creds
- // );
- // var newToken = new JwtSecurityTokenHandler().WriteToken(token);
- // if (jti != context.SecurityToken.Id)
- // {
- // CacheHelper.Add(jti, userID, DateTime.Now.AddDays(1));
- // CacheHelper.Set(context.SecurityToken.Id, userID, DateTime.Now.AddSeconds(2));
- // }
- // //context.HttpContext.Response.Headers.Add("ServiceToken", newToken);
- // return System.Threading.Tasks.Task.CompletedTask;
- // })
- //};
- });
- //service.AddSignalR(options => {
- // options.ClientTimeoutInterval = TimeSpan.FromHours(2);
- // options.KeepAliveInterval = TimeSpan.FromMinutes(2);
- //});
- service.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
- var serviceProvider = service.BuildServiceProvider();
- HttpHelper.Accessor = serviceProvider.GetService<IHttpContextAccessor>();
- HttpHelper.ServiceCollection = service;
- HttpHelper.WebHostEnvironment = serviceProvider.GetService<IWebHostEnvironment>();
- }
- public static bool AudianValidator(IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters)
- {
- var curJTI = securityToken.Id;
- var userID = ((JwtSecurityToken)securityToken).Claims.Where(x => x.Type == ClaimTypes.Name).Select(x => x.Value).FirstOrDefault();
- if (string.IsNullOrEmpty(userID) || GetJTI(userID) != curJTI)
- {
- return false;
- }
- var nowId = ((JwtSecurityToken)securityToken).Claims.Where(x => x.Type == ClaimTypes.NameIdentifier).Select(x => x.Value).FirstOrDefault();
- if (string.IsNullOrEmpty(nowId))
- {
- return false;
- }
- if (CacheHelper.Get(nowId) == null)
- {
- return false;
- }
- return audiences != null && audiences.FirstOrDefault().Equals(Settings.Audience);
- }
- private static string GetTimeStamp()
- {
- var nowTime = DateTime.Now;
- nowTime.AddMilliseconds(0 - nowTime.Millisecond);
- var timeStamp = new DateTimeOffset(nowTime).ToUnixTimeSeconds();
- return timeStamp.ToString();
- }
- private static string GetJTI(string userID)
- {
- var ip = "";//HttpHelper.GetUserIp();
- return (userID + ip + HttpHelper.Current.Request.Host.ToString() + ip).MD5();
- }
- public static BowinToken<T> GetToken<T>(Func<T> getUserFunc, Expression<Func<T, string>> keyExp)
- {
- var userInfo = getUserFunc.Invoke();
- if (userInfo == null)
- {
- throw new TokenLoginFailureException("帐号或密码错误。");
- }
- var userID = keyExp.Compile().Invoke(userInfo);
- var jti = GetJTI(userID.ToString());
-
- return GenerateToken(userInfo, jti, userID);
- }
- private static BowinToken<T> GenerateToken<T>(T userInfo, string jti, string userID)
- {
- var nowId = HttpHelper.Current.User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value;
- var newId = Guid.NewGuid().ToString();
- CacheHelper.Add("uinfo_" + userID.ToString(), userInfo.ToJson());
- var claims = new[] {
- new Claim(JwtRegisteredClaimNames.Jti, jti),
- new Claim(JwtRegisteredClaimNames.Nbf, $"{ new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds() }"),
- new Claim(ClaimTypes.NameIdentifier, newId),
- new Claim(ClaimTypes.Name, userID.ToString())
- };
- if (GetFunctionCodeMethod != null)
- {
- CacheHelper.Add("rinfo_" + userID.ToString(), GetFunctionCodeMethod.Invoke(userID).ToJson());
- }
- var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AUTH_SECURITY_KEY));
- var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
- var token = new JwtSecurityToken(
- issuer: Settings.Issuer,
- audience: Settings.Audience,
- expires: DateTime.Now.AddMinutes(20),
- claims: claims,
- signingCredentials: creds
- );
- if (nowId != null)
- {
- CacheHelper.Set(nowId, userID, DateTime.Now.AddSeconds(30));
- }
- CacheHelper.Add(newId, userID, DateTime.Now.AddDays(1));
- var endToken = new BowinToken<T> { Token = new JwtSecurityTokenHandler().WriteToken(token), UserObj = userInfo };
- return endToken;
- }
- public static BowinToken<T> RefreshToken<T>()
- {
- var claims = HttpHelper.Current.User.Claims;
- var userID = claims.Where(x => x.Type == ClaimTypes.Name).Select(x => x.Value).FirstOrDefault();
- if (string.IsNullOrEmpty(userID))
- {
- throw new Exception("无法获取用户信息,请检查访问令牌是否错误。");
- }
- var jti = GetJTI(userID);
- var userInfo = JwtUser<T>.Current;
- if (userInfo == null)
- {
- throw new Exception("无法获取用户信息,请检查访问令牌是否错误。");
- }
- return GenerateToken(userInfo, jti, userID);
- }
- }
- public class TokenSender : Hub
- {
- public override async Task OnConnectedAsync()
- {
- await Groups.AddToGroupAsync(Context.ConnectionId, this.Context.GetHttpContext().Request.Query["UserID"]);
- }
- }
- public class TokenLoginFailureException : Exception
- {
- public TokenLoginFailureException(string message) : base(message)
- {
- }
- }
- public class JwtRereshTokenInvalidException : Exception
- {
- public JwtRereshTokenInvalidException(string message) : base(message)
- {
- }
- }
- }
|