using Duende.IdentityServer; using Duende.IdentityServer.Models; using Duende.IdentityServer.Services; using Easy; using Easy.DDD.Application; using Easy.DDD.Domain; using Easy.DDD.Domain.Repositories; using Easy.Result; using IdentityServer.DDD.Contracts.Inputs; using IdentityServer.DDD.Contracts.Models; using IdentityServer.DDD.Shared.IServices; using Microsoft.AspNetCore.Authentication; namespace IdentityServer.DDD.Application; public class SpaAppService : ApiService { private IIdentityUserManager IdentityUserDomainService { get; } //private IRepository IdentityUserRepository { get; } private IHttpContextAccessor Accessor { get; } private HttpContext HttpContext { get; } private IIdentityServerInteractionService Interaction { get; } private IServerUrls ServerUrls { get; } public SpaAppService(IIdentityUserManager identityUserDomainService, IHttpContextAccessor httpContextAccessor, IIdentityServerInteractionService interaction, IServerUrls serverUrls) { IdentityUserDomainService = identityUserDomainService; //IdentityUserRepository = identityUserDomainService.IdentityUserRepository; Accessor = httpContextAccessor; Interaction = interaction; ServerUrls = serverUrls; HttpContext = httpContextAccessor.HttpContext; } public async Task> Login(LoginInput model) { var user = await IdentityUserDomainService.PasswordSignInAsync(model.Username, model.Password); var principal = new IdentityServerUser(user.Id.ToString()) { DisplayName = user.NickName, }.CreatePrincipal(); await HttpContext.SignInAsync(principal, new AuthenticationProperties { IsPersistent = model.Remember }); var url = model.ReturnUrl != null ? Uri.UnescapeDataString(model.ReturnUrl) : null; var authzContext = await Interaction.GetAuthorizationContextAsync(url); return ApiResult.ValueSuccess(authzContext != null ? url : ServerUrls.BaseUrl); } public async Task> Consent(ConsentDto model) { var url = Uri.UnescapeDataString(model.ReturnUrl); var authzContext = await Interaction.GetAuthorizationContextAsync(url); When.Is(authzContext == null, "错误"); if (model.Deny) { await Interaction.DenyAuthorizationAsync(authzContext, AuthorizationError.AccessDenied); } else { await Interaction.GrantConsentAsync(authzContext, new ConsentResponse { RememberConsent = model.Remember, ScopesValuesConsented = authzContext.ValidatedResources.RawScopeValues }); } return ApiResult.ValueSuccess(url); } public async Task> GetContext(string returnUrl) { var authzContext = await Interaction.GetAuthorizationContextAsync(returnUrl); When.Is(authzContext == null, "没有上下文"); return ApiResult.ValueSuccess(new ContextModel { LoginHint = authzContext.LoginHint, IdP = authzContext.IdP, Tenant = authzContext.Tenant, Scopes = authzContext.ValidatedResources.RawScopeValues, Client = authzContext.Client.ClientName ?? authzContext.Client.ClientId }); } public async Task> GetError(string errorId) { var errorInfo = await Interaction.GetErrorContextAsync(errorId); return ApiResult.ValueSuccess(new ErrorModel() { Error = errorInfo.Error, ErrorDescription = errorInfo.ErrorDescription }); } public async Task> Logout(string logoutId) { var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId); await Accessor.HttpContext.SignOutAsync(); return ApiResult.ValueSuccess(new LogOutModel() { PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri, SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl, Prompt = Accessor.HttpContext.User.Identity.IsAuthenticated }); } public async Task> GetLogout(string logoutId) { var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId); if (logoutInfo != null) { if (!logoutInfo.ShowSignoutPrompt || !Accessor.HttpContext.User.Identity.IsAuthenticated) { await Accessor.HttpContext.SignOutAsync(); return ApiResult.ValueSuccess(new LogOutModel() { PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri, SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl, Prompt = true }); } } return ApiResult.ValueRetry(new LogOutModel() { Prompt = false }, "未授权"); } }