feat: 新增Oauth鉴权模块,支持qq登录、gitee登录
This commit is contained in:
橙子
@@ -3,7 +3,7 @@ using Volo.Abp.Domain.Entities.Events;
|
||||
using Volo.Abp.EventBus;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
|
||||
namespace Yi.Framework.Rbac.Domain.EventHandlers
|
||||
namespace Yi.Framework.Rbac.Application.EventHandlers
|
||||
{
|
||||
public class StudentEventHandler : ILocalEventHandler<EntityCreatedEventData<StudentEntity>>, ITransientDependency
|
||||
{
|
||||
|
||||
@@ -1,15 +1,10 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Text.RegularExpressions;
|
||||
using Lazy.Captcha.Core;
|
||||
using Mapster;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Caching.Distributed;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using SqlSugar;
|
||||
using Volo.Abp;
|
||||
using Volo.Abp.Application.Services;
|
||||
@@ -27,7 +22,6 @@ using Yi.Framework.Rbac.Domain.Repositories;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Caches;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Dtos;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Etos;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Options;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
@@ -36,8 +30,6 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
|
||||
public class AccountService : ApplicationService, IAccountService
|
||||
{
|
||||
private readonly ILocalEventBus _localEventBus;
|
||||
private readonly JwtOptions _jwtOptions;
|
||||
private IDistributedCache<CaptchaPhoneCacheItem, CaptchaPhoneCacheKey> _phoneCache;
|
||||
private readonly ICaptcha _captcha;
|
||||
private readonly IGuidGenerator _guidGenerator;
|
||||
@@ -45,45 +37,30 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
private readonly IAliyunManger _aliyunManger;
|
||||
public AccountService(IUserRepository userRepository,
|
||||
ICurrentUser currentUser,
|
||||
AccountManager accountManager,
|
||||
IAccountManager accountManager,
|
||||
ISqlSugarRepository<MenuEntity> menuRepository,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
ILocalEventBus localEventBus,
|
||||
IOptions<JwtOptions> jwtOptions,
|
||||
IDistributedCache<CaptchaPhoneCacheItem, CaptchaPhoneCacheKey> phoneCache,
|
||||
ICaptcha captcha,
|
||||
IGuidGenerator guidGenerator,
|
||||
IOptions<RbacOptions> options,
|
||||
IAliyunManger aliyunManger,
|
||||
ISqlSugarRepository<RoleEntity> roleRepository,
|
||||
UserManager userManager)
|
||||
IAliyunManger aliyunManger)
|
||||
{
|
||||
_userRepository = userRepository;
|
||||
_currentUser = currentUser;
|
||||
_accountManager = accountManager;
|
||||
_menuRepository = menuRepository;
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
_localEventBus = localEventBus;
|
||||
_jwtOptions = jwtOptions.Value;
|
||||
_phoneCache = phoneCache;
|
||||
_captcha = captcha;
|
||||
_guidGenerator = guidGenerator;
|
||||
_rbacOptions = options.Value;
|
||||
_aliyunManger = aliyunManger;
|
||||
_roleRepository = roleRepository;
|
||||
_userManager = userManager;
|
||||
}
|
||||
|
||||
|
||||
private IUserRepository _userRepository;
|
||||
private ICurrentUser _currentUser;
|
||||
private AccountManager _accountManager;
|
||||
private IAccountManager _accountManager;
|
||||
private ISqlSugarRepository<MenuEntity> _menuRepository;
|
||||
private IUserService _userService;
|
||||
private UserManager _userManager;
|
||||
private ISqlSugarRepository<RoleEntity> _roleRepository;
|
||||
private IHttpContextAccessor _httpContextAccessor;
|
||||
|
||||
/// <summary>
|
||||
/// 效验图片登录验证码,无需和账号绑定
|
||||
/// </summary>
|
||||
@@ -117,59 +94,16 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
ValidationImageCaptcha(input);
|
||||
|
||||
UserEntity user = new();
|
||||
//登录成功
|
||||
//效验
|
||||
await _accountManager.LoginValidationAsync(input.UserName, input.Password, x => user = x);
|
||||
|
||||
//获取用户信息
|
||||
var userInfo = await _userRepository.GetUserAllInfoAsync(user.Id);
|
||||
|
||||
//判断用户状态
|
||||
if (userInfo.User.State == false)
|
||||
{
|
||||
throw new UserFriendlyException(UserConst.State_Is_State);
|
||||
}
|
||||
|
||||
if (userInfo.RoleCodes.Count == 0)
|
||||
{
|
||||
throw new UserFriendlyException(UserConst.No_Role);
|
||||
}
|
||||
//这里抛出一个登录的事件
|
||||
var loginEntity = new LoginLogEntity().GetInfoByHttpContext(_httpContextAccessor.HttpContext);
|
||||
var loginEto = loginEntity.Adapt<LoginEventArgs>();
|
||||
loginEto.UserName = input.UserName;
|
||||
loginEto.UserId = userInfo.User.Id;
|
||||
await _localEventBus.PublishAsync(loginEto);
|
||||
//将用户信息添加到缓存中,需要考虑的是更改了用户、角色、菜单等整个体系都需要将缓存进行刷新,看具体业务进行选择
|
||||
//获取token
|
||||
var accessToken = await _accountManager.GetTokenByUserIdAsync(user.Id);
|
||||
|
||||
|
||||
|
||||
//创建token
|
||||
var accessToken = CreateToken(_accountManager.UserInfoToClaim(userInfo));
|
||||
return new { Token = accessToken };
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 创建令牌
|
||||
/// </summary>
|
||||
/// <param name="kvs"></param>
|
||||
/// <returns></returns>
|
||||
private string CreateToken(List<KeyValuePair<string, string>> kvs)
|
||||
{
|
||||
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.SecurityKey));
|
||||
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
||||
var claims = kvs.Select(x => new Claim(x.Key, x.Value.ToString())).ToList();
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: _jwtOptions.Issuer,
|
||||
audience: _jwtOptions.Audience,
|
||||
claims: claims,
|
||||
expires: DateTime.Now.AddSeconds(_jwtOptions.ExpiresMinuteTime),
|
||||
notBefore: DateTime.Now,
|
||||
signingCredentials: creds);
|
||||
string returnToken = new JwtSecurityTokenHandler().WriteToken(token);
|
||||
|
||||
return returnToken;
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// 生成验证码
|
||||
@@ -267,7 +201,7 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
/// <returns></returns>
|
||||
[AllowAnonymous]
|
||||
[UnitOfWork]
|
||||
public async Task<object> PostRegisterAsync(RegisterDto input)
|
||||
public async Task PostRegisterAsync(RegisterDto input)
|
||||
{
|
||||
if (_rbacOptions.EnableRegister == false)
|
||||
{
|
||||
@@ -295,27 +229,8 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
await ValidationPhoneCaptchaAsync(input);
|
||||
|
||||
|
||||
|
||||
//输入的用户名与电话号码都不能在数据库中存在
|
||||
UserEntity user = new();
|
||||
var isExist = await _userRepository.IsAnyAsync(x => x.UserName == input.UserName || x.Phone == input.Phone);
|
||||
if (isExist)
|
||||
{
|
||||
throw new UserFriendlyException("用户已存在,注册失败");
|
||||
}
|
||||
|
||||
var newUser = new UserEntity(input.UserName, input.Password, input.Phone);
|
||||
|
||||
var entity = await _userRepository.InsertReturnEntityAsync(newUser);
|
||||
//赋上一个初始角色
|
||||
var role = await _roleRepository.GetFirstAsync(x => x.RoleCode == UserConst.DefaultRoleCode);
|
||||
if (role is not null)
|
||||
{
|
||||
await _userManager.GiveUserSetRoleAsync(new List<Guid> { entity.Id }, new List<Guid> { role.Id });
|
||||
}
|
||||
|
||||
await _localEventBus.PublishAsync(new UserCreateEventArgs(entity.Id));
|
||||
return true;
|
||||
//注册领域逻辑
|
||||
await _accountManager.RegisterAsync(input.UserName, input.Password, input.Phone);
|
||||
}
|
||||
|
||||
|
||||
@@ -334,16 +249,14 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
{
|
||||
throw new UserFriendlyException("用户未登录");
|
||||
}
|
||||
//此处从缓存中获取即可
|
||||
//此处从缓存中获取也行
|
||||
//var data = _cacheManager.Get<UserRoleMenuDto>($"Yi:UserInfo:{userId}");
|
||||
await Console.Out.WriteLineAsync(userId.ToString() + "99999999");
|
||||
var data = await _userRepository.GetUserAllInfoAsync(userId ?? Guid.Empty);
|
||||
//系统用户数据被重置,老前端访问重新授权
|
||||
if (data is null)
|
||||
{
|
||||
throw new AbpAuthorizationException();
|
||||
}
|
||||
|
||||
data.Menus.Clear();
|
||||
return data;
|
||||
}
|
||||
@@ -382,6 +295,7 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
/// <returns></returns>
|
||||
public Task<bool> PostLogout()
|
||||
{
|
||||
//Jwt去中心化登出,只需用记录日志即可
|
||||
return Task.FromResult(true);
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,143 @@
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using SqlSugar;
|
||||
using Volo.Abp;
|
||||
using Volo.Abp.Application.Dtos;
|
||||
using Volo.Abp.Domain.Repositories;
|
||||
using Yi.Framework.Ddd.Application;
|
||||
using Yi.Framework.Rbac.Application.Contracts.Dtos.Account;
|
||||
using Yi.Framework.Rbac.Domain.Authorization;
|
||||
using Yi.Framework.Rbac.Domain.Managers;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services.Authentication
|
||||
{
|
||||
/// <summary>
|
||||
/// 第三方授权服务
|
||||
/// </summary>
|
||||
public class AuthService : YiCrudAppService<AuthAggregateRoot, AuthOutputDto, Guid, AuthGetListInput>
|
||||
{
|
||||
private HttpContext HttpContext { get; set; }
|
||||
private ILogger<AuthService> _logger;
|
||||
private ISqlSugarRepository<AuthAggregateRoot, Guid> _repository;
|
||||
private IAccountManager _accountManager;
|
||||
public AuthService(IAccountManager accountManager, IHttpContextAccessor httpContextAccessor, ILogger<AuthService> logger, ISqlSugarRepository<AuthAggregateRoot, Guid> repository) : base(repository)
|
||||
{
|
||||
_logger = logger;
|
||||
HttpContext = httpContextAccessor.HttpContext ?? throw new ApplicationException("未注册Http");
|
||||
_repository = repository;
|
||||
_accountManager = accountManager;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 第三方oauth登录
|
||||
/// </summary>
|
||||
/// <param name="scheme"></param>
|
||||
/// <param name="code">code是为了swagger更好的处理和显示</param>
|
||||
/// <returns></returns>
|
||||
/// <exception cref="UserFriendlyException"></exception>
|
||||
[HttpGet("auth/oauth/login/{scheme}")]
|
||||
public async Task<string> AuthOauthLoginAsync([FromRoute] string scheme, [FromQuery] string code)
|
||||
{
|
||||
(var openId, var _) = await GetOpenIdAndNameAsync(scheme);
|
||||
var authEntity = await _repository.GetAsync(x => x.OpenId == openId && x.AuthType == scheme);
|
||||
|
||||
if (authEntity is null)
|
||||
{
|
||||
throw new UserFriendlyException("第三方登录失败,请先注册后,在个人中心进行绑定该第三方后使用");
|
||||
}
|
||||
var accessToken = await _accountManager.GetTokenByUserIdAsync(authEntity.UserId);
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 第三方oauth绑定
|
||||
/// </summary>
|
||||
/// <param name="scheme"></param>
|
||||
/// <param name="code">code是为了swagger更好的处理和显示</param>
|
||||
/// <returns></returns>
|
||||
/// <exception cref="UserFriendlyException"></exception>
|
||||
[HttpPost("auth/oauth/bind/{scheme}")]
|
||||
[Authorize]
|
||||
public async Task AuthOauthBindAsync([FromRoute] string scheme, [FromQuery] string code)
|
||||
{
|
||||
(var openId, var name) = await GetOpenIdAndNameAsync(scheme);
|
||||
var userId = CurrentUser.Id;
|
||||
var authEntityAny = await _repository.AnyAsync(x => x.OpenId == openId && x.AuthType == scheme);
|
||||
if (authEntityAny)
|
||||
{
|
||||
throw new UserFriendlyException("绑定失败,该第三方账号已被注册");
|
||||
}
|
||||
var authAggregateRoot = new AuthAggregateRoot(scheme, userId ?? Guid.Empty, openId, name);
|
||||
|
||||
await _repository.InsertAsync(authAggregateRoot);
|
||||
}
|
||||
|
||||
|
||||
private async Task<(string, string)> GetOpenIdAndNameAsync(string scheme)
|
||||
{
|
||||
var authenticateResult = await HttpContext.AuthenticateAsync(scheme);
|
||||
if (!authenticateResult.Succeeded)
|
||||
{
|
||||
throw new UserFriendlyException(authenticateResult.Failure.Message);
|
||||
}
|
||||
var openidClaim = authenticateResult.Principal.Claims.Where(x => x.Type == "urn:openid").FirstOrDefault();
|
||||
var nameClaim = authenticateResult.Principal.Claims.Where(x => x.Type == "urn:name").FirstOrDefault();
|
||||
return (openidClaim.Value, nameClaim.Value);
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// 获取当前账户的授权信息
|
||||
/// </summary>
|
||||
/// <param name="input"></param>
|
||||
/// <returns></returns>
|
||||
[Authorize]
|
||||
public async Task<IReadOnlyList<AuthOutputDto>> GetListAccountAsync(AuthGetListInput input)
|
||||
{
|
||||
input.UserId = CurrentUser.Id;
|
||||
input.MaxResultCount = LimitedResultRequestDto.MaxMaxResultCount;
|
||||
input.SkipCount = 1;
|
||||
return (await GetListAsync(input)).Items;
|
||||
}
|
||||
|
||||
|
||||
public override async Task<PagedResultDto<AuthOutputDto>> GetListAsync(AuthGetListInput input)
|
||||
{
|
||||
RefAsync<int> total = 0;
|
||||
|
||||
var entities = await _repository._DbQueryable.WhereIF(input.UserId is not null, x => x.UserId == input.UserId)
|
||||
.WhereIF(!string.IsNullOrEmpty(input.AuthType), x => x.AuthType == input.AuthType)
|
||||
.WhereIF(!string.IsNullOrEmpty(input.OpenId), x => x.OpenId == input.OpenId)
|
||||
.WhereIF(input.StartTime is not null && input.EndTime is not null, x => x.CreationTime >= input.StartTime && x.CreationTime <= input.EndTime)
|
||||
.ToPageListAsync(input.SkipCount, input.MaxResultCount, total);
|
||||
return new PagedResultDto<AuthOutputDto>(total, await MapToGetListOutputDtosAsync(entities));
|
||||
}
|
||||
|
||||
[RemoteService(IsEnabled = false)]
|
||||
public override Task<AuthOutputDto> UpdateAsync(Guid id, AuthOutputDto input)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 删除第三方授权
|
||||
/// </summary>
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[RemoteService(IsEnabled = true)]
|
||||
public override Task DeleteAsync(IEnumerable<Guid> id)
|
||||
{
|
||||
return base.DeleteAsync(id);
|
||||
}
|
||||
|
||||
[RemoteService(IsEnabled = false)]
|
||||
public override Task<AuthOutputDto> CreateAsync(AuthOutputDto input)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -11,11 +11,11 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
/// <summary>
|
||||
/// DictionaryType服务实现
|
||||
/// </summary>
|
||||
public class DictionaryTypeService : YiCrudAppService<DictionaryTypeEntity, DictionaryTypeGetOutputDto, DictionaryTypeGetListOutputDto, Guid, DictionaryTypeGetListInputVo, DictionaryTypeCreateInputVo, DictionaryTypeUpdateInputVo>,
|
||||
public class DictionaryTypeService : YiCrudAppService<DictionaryTypeAggregateRoot, DictionaryTypeGetOutputDto, DictionaryTypeGetListOutputDto, Guid, DictionaryTypeGetListInputVo, DictionaryTypeCreateInputVo, DictionaryTypeUpdateInputVo>,
|
||||
IDictionaryTypeService
|
||||
{
|
||||
private ISqlSugarRepository<DictionaryTypeEntity, Guid> _repository;
|
||||
public DictionaryTypeService(ISqlSugarRepository<DictionaryTypeEntity, Guid> repository) : base(repository)
|
||||
private ISqlSugarRepository<DictionaryTypeAggregateRoot, Guid> _repository;
|
||||
public DictionaryTypeService(ISqlSugarRepository<DictionaryTypeAggregateRoot, Guid> repository) : base(repository)
|
||||
{
|
||||
_repository = repository;
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ using Volo.Abp.Application.Dtos;
|
||||
using Yi.Framework.Ddd.Application;
|
||||
using Yi.Framework.Rbac.Application.Contracts.Dtos.OperLog;
|
||||
using Yi.Framework.Rbac.Application.Contracts.IServices;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.Rbac.Domain.Operlog;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
|
||||
@@ -8,7 +8,7 @@ using Yi.Framework.Rbac.Application.Contracts.IServices;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.Rbac.Domain.Repositories;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
namespace Yi.Framework.Rbac.Application.Services.System
|
||||
{
|
||||
/// <summary>
|
||||
/// Dept服务实现
|
||||
@@ -7,7 +7,7 @@ using Yi.Framework.Rbac.Application.Contracts.IServices;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
namespace Yi.Framework.Rbac.Application.Services.System
|
||||
{
|
||||
/// <summary>
|
||||
/// Menu服务实现
|
||||
@@ -30,7 +30,7 @@ namespace Yi.Framework.Rbac.Application.Services
|
||||
.WhereIF(input.State is not null, x => x.State == input.State)
|
||||
.OrderByDescending(x => x.OrderNum)
|
||||
.ToListAsync();
|
||||
//.ToPageListAsync(input.SkipCount, input.MaxResultCount, total);
|
||||
//.ToPageListAsync(input.SkipCount, input.MaxResultCount, total);
|
||||
return new PagedResultDto<MenuGetListOutputDto>(total, await MapToGetListOutputDtosAsync(entities));
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ using Yi.Framework.Rbac.Application.Contracts.IServices;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
namespace Yi.Framework.Rbac.Application.Services.System
|
||||
{
|
||||
/// <summary>
|
||||
/// Post服务实现
|
||||
@@ -14,7 +14,7 @@ using Yi.Framework.Rbac.Domain.Managers;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Enums;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
namespace Yi.Framework.Rbac.Application.Services.System
|
||||
{
|
||||
/// <summary>
|
||||
/// Role服务实现
|
||||
@@ -16,7 +16,7 @@ using Yi.Framework.Rbac.Domain.Shared.Etos;
|
||||
using Yi.Framework.Rbac.Domain.Shared.OperLog;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
namespace Yi.Framework.Rbac.Application.Services
|
||||
namespace Yi.Framework.Rbac.Application.Services.System
|
||||
{
|
||||
/// <summary>
|
||||
/// User服务实现
|
||||
Reference in New Issue
Block a user