You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

143 lines
5.0 KiB

using Duende.IdentityServer;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
using Easy;
using Easy.DDD.Application;
using Easy.DDD.Domain;
using Easy.DDD.Domain.Repositories;
using Easy.Result;
using IdentityServer.DDD.Contracts.Inputs;
using IdentityServer.DDD.Contracts.Models;
using IdentityServer.DDD.Shared.IServices;
using Microsoft.AspNetCore.Authentication;
namespace IdentityServer.DDD.Application;
public class SpaAppService : ApiService
{
3 years ago
private IIdentityUserManager IdentityUserDomainService { get; }
//private IRepository<IdentityUser> IdentityUserRepository { get; }
private IHttpContextAccessor Accessor { get; }
private HttpContext HttpContext { get; }
private IIdentityServerInteractionService Interaction { get; }
private IServerUrls ServerUrls { get; }
3 years ago
public SpaAppService(IIdentityUserManager identityUserDomainService,
IHttpContextAccessor httpContextAccessor,
IIdentityServerInteractionService interaction,
IServerUrls serverUrls)
{
IdentityUserDomainService = identityUserDomainService;
//IdentityUserRepository = identityUserDomainService.IdentityUserRepository;
Accessor = httpContextAccessor;
Interaction = interaction;
ServerUrls = serverUrls;
HttpContext = httpContextAccessor.HttpContext;
}
public async Task<ApiResultValue<string>> Login(LoginInput model)
{
var user = await IdentityUserDomainService.PasswordSignInAsync(model.Username, model.Password);
var principal = new IdentityServerUser(user.Id.ToString())
{
DisplayName = user.NickName,
}.CreatePrincipal();
await HttpContext.SignInAsync(principal, new AuthenticationProperties
{
IsPersistent = model.Remember
});
var url = model.ReturnUrl != null ? Uri.UnescapeDataString(model.ReturnUrl) : null;
var authzContext = await Interaction.GetAuthorizationContextAsync(url);
return ApiResult.ValueSuccess(authzContext != null ? url : ServerUrls.BaseUrl);
}
public async Task<ApiResultValue<string>> Consent(ConsentDto model)
{
var url = Uri.UnescapeDataString(model.ReturnUrl);
var authzContext = await Interaction.GetAuthorizationContextAsync(url);
When.Is(authzContext == null, "错误");
if (model.Deny)
{
await Interaction.DenyAuthorizationAsync(authzContext, AuthorizationError.AccessDenied);
}
else
{
await Interaction.GrantConsentAsync(authzContext,
new ConsentResponse
{
RememberConsent = model.Remember,
ScopesValuesConsented = authzContext.ValidatedResources.RawScopeValues
});
}
return ApiResult.ValueSuccess(url);
}
public async Task<ApiResultValue<ContextModel>> GetContext(string returnUrl)
{
var authzContext = await Interaction.GetAuthorizationContextAsync(returnUrl);
When.Is(authzContext == null, "没有上下文");
return ApiResult.ValueSuccess(new ContextModel
{
LoginHint = authzContext.LoginHint,
IdP = authzContext.IdP,
Tenant = authzContext.Tenant,
Scopes = authzContext.ValidatedResources.RawScopeValues,
Client = authzContext.Client.ClientName ?? authzContext.Client.ClientId
});
}
public async Task<ApiResultValue<ErrorModel>> GetError(string errorId)
{
var errorInfo = await Interaction.GetErrorContextAsync(errorId);
return ApiResult.ValueSuccess(new ErrorModel()
{
Error = errorInfo.Error,
ErrorDescription = errorInfo.ErrorDescription
});
}
public async Task<ApiResultValue<LogOutModel>> Logout(string logoutId)
{
var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId);
await Accessor.HttpContext.SignOutAsync();
return ApiResult.ValueSuccess(new LogOutModel()
{
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl,
Prompt = Accessor.HttpContext.User.Identity.IsAuthenticated
});
}
public async Task<ApiResultValue<LogOutModel>> GetLogout(string logoutId)
{
var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId);
if (logoutInfo != null)
{
if (!logoutInfo.ShowSignoutPrompt || !Accessor.HttpContext.User.Identity.IsAuthenticated)
{
await Accessor.HttpContext.SignOutAsync();
return ApiResult.ValueSuccess(new LogOutModel()
{
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl,
Prompt = true
});
}
}
return ApiResult.ValueRetry(new LogOutModel()
{
Prompt = false
}, "未授权");
}
}