You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
5.0 KiB
143 lines
5.0 KiB
using Duende.IdentityServer;
|
|
using Duende.IdentityServer.Models;
|
|
using Duende.IdentityServer.Services;
|
|
using Easy;
|
|
using Easy.DDD.Application;
|
|
using Easy.DDD.Domain;
|
|
using Easy.DDD.Domain.Repositories;
|
|
using Easy.Result;
|
|
using Identity.Api.DDD.Contracts.Dtos;
|
|
using Identity.Api.DDD.Contracts.Models;
|
|
using Identity.Api.DDD.Domain.Entites;
|
|
using Identity.Api.DDD.Shared.IServices;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
namespace Identity.Api.DDD.Application;
|
|
|
|
public class SpaAppService : ApiService
|
|
{
|
|
private IIdentityUserDomainService IdentityUserDomainService { get; }
|
|
//private IRepository<IdentityUser> IdentityUserRepository { get; }
|
|
private IHttpContextAccessor Accessor { get; }
|
|
private HttpContext HttpContext { get; }
|
|
private IIdentityServerInteractionService Interaction { get; }
|
|
private IServerUrls ServerUrls { get; }
|
|
|
|
public SpaAppService(IIdentityUserDomainService identityUserDomainService,
|
|
IHttpContextAccessor httpContextAccessor,
|
|
IIdentityServerInteractionService interaction,
|
|
IServerUrls serverUrls)
|
|
{
|
|
IdentityUserDomainService = identityUserDomainService;
|
|
//IdentityUserRepository = identityUserDomainService.IdentityUserRepository;
|
|
Accessor = httpContextAccessor;
|
|
Interaction = interaction;
|
|
ServerUrls = serverUrls;
|
|
HttpContext = httpContextAccessor.HttpContext;
|
|
}
|
|
|
|
|
|
public async Task<ApiResultValue<string>> Login(LoginDto model)
|
|
{
|
|
var user = await IdentityUserDomainService.PasswordSignInAsync(model.Username, model.Password);
|
|
|
|
var principal = new IdentityServerUser(user.Id.ToString())
|
|
{
|
|
DisplayName = user.NickName,
|
|
}.CreatePrincipal();
|
|
|
|
await HttpContext.SignInAsync(principal, new AuthenticationProperties
|
|
{
|
|
IsPersistent = model.Remember
|
|
});
|
|
|
|
var url = model.ReturnUrl != null ? Uri.UnescapeDataString(model.ReturnUrl) : null;
|
|
|
|
var authzContext = await Interaction.GetAuthorizationContextAsync(url);
|
|
|
|
return ApiResult.ValueSuccess(authzContext != null ? url : ServerUrls.BaseUrl);
|
|
}
|
|
|
|
public async Task<ApiResultValue<string>> Consent(ConsentDto model)
|
|
{
|
|
var url = Uri.UnescapeDataString(model.ReturnUrl);
|
|
|
|
var authzContext = await Interaction.GetAuthorizationContextAsync(url);
|
|
When.Is(authzContext == null, "错误");
|
|
|
|
if (model.Deny)
|
|
{
|
|
await Interaction.DenyAuthorizationAsync(authzContext, AuthorizationError.AccessDenied);
|
|
}
|
|
else
|
|
{
|
|
await Interaction.GrantConsentAsync(authzContext,
|
|
new ConsentResponse
|
|
{
|
|
RememberConsent = model.Remember,
|
|
ScopesValuesConsented = authzContext.ValidatedResources.RawScopeValues
|
|
});
|
|
}
|
|
|
|
return ApiResult.ValueSuccess(url);
|
|
}
|
|
|
|
public async Task<ApiResultValue<ContextModel>> GetContext(string returnUrl)
|
|
{
|
|
var authzContext = await Interaction.GetAuthorizationContextAsync(returnUrl);
|
|
When.Is(authzContext == null, "没有上下文");
|
|
return ApiResult.ValueSuccess(new ContextModel
|
|
{
|
|
LoginHint = authzContext.LoginHint,
|
|
IdP = authzContext.IdP,
|
|
Tenant = authzContext.Tenant,
|
|
Scopes = authzContext.ValidatedResources.RawScopeValues,
|
|
Client = authzContext.Client.ClientName ?? authzContext.Client.ClientId
|
|
});
|
|
}
|
|
|
|
public async Task<ApiResultValue<ErrorModel>> GetError(string errorId)
|
|
{
|
|
var errorInfo = await Interaction.GetErrorContextAsync(errorId);
|
|
return ApiResult.ValueSuccess(new ErrorModel()
|
|
{
|
|
Error = errorInfo.Error,
|
|
ErrorDescription = errorInfo.ErrorDescription
|
|
});
|
|
}
|
|
|
|
public async Task<ApiResultValue<LogOutModel>> Logout(string logoutId)
|
|
{
|
|
var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId);
|
|
|
|
await Accessor.HttpContext.SignOutAsync();
|
|
return ApiResult.ValueSuccess(new LogOutModel()
|
|
{
|
|
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
|
|
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl,
|
|
Prompt = Accessor.HttpContext.User.Identity.IsAuthenticated
|
|
});
|
|
}
|
|
public async Task<ApiResultValue<LogOutModel>> GetLogout(string logoutId)
|
|
{
|
|
var logoutInfo = await Interaction.GetLogoutContextAsync(logoutId);
|
|
if (logoutInfo != null)
|
|
{
|
|
if (!logoutInfo.ShowSignoutPrompt || !Accessor.HttpContext.User.Identity.IsAuthenticated)
|
|
{
|
|
await Accessor.HttpContext.SignOutAsync();
|
|
|
|
return ApiResult.ValueSuccess(new LogOutModel()
|
|
{
|
|
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
|
|
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl,
|
|
Prompt = true
|
|
});
|
|
}
|
|
}
|
|
return ApiResult.ValueRetry(new LogOutModel()
|
|
{
|
|
Prompt = false
|
|
}, "未授权");
|
|
}
|
|
}
|
|
|