AvaloniaStack/Avalonia-API/Authentication/JwtTokenService.cs

using Avalonia_EFCore.Models;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace Avalonia_API.Authentication
{
    public sealed class JwtTokenService(IOptions<JwtOptions> options)
    {
        private readonly JwtOptions _options = options.Value;

        public (string Token, DateTime ExpiresAt) CreateAccessToken(UserEntity user, IReadOnlyCollection<string> roles)
        {
            var expiresAt = DateTime.UtcNow.AddMinutes(_options.AccessTokenMinutes);
            var claims = new List<Claim>
            {
                new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
                new(ClaimTypes.NameIdentifier, user.Id.ToString()),
                new(ClaimTypes.Name, user.Name ?? user.Email ?? $"user-{user.Id}"),
                new("auth_type", "api-jwt"),
            };

            foreach (var role in roles.Where(role => !string.IsNullOrWhiteSpace(role)).Distinct(StringComparer.OrdinalIgnoreCase))
            {
                claims.Add(new Claim(ClaimTypes.Role, role));
            }

            var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SigningKey));
            var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
            var jwt = new JwtSecurityToken(
                issuer: _options.Issuer,
                audience: _options.Audience,
                claims: claims,
                notBefore: DateTime.UtcNow,
                expires: expiresAt,
                signingCredentials: credentials);

            return (new JwtSecurityTokenHandler().WriteToken(jwt), expiresAt);
        }
    }
}
feat(auth): 添加统一 API 和 PC 认证端点 - 新增 API 端 JWT 登录、refresh token 轮换和退出登录流程 - 新增 refresh token 实体、DbSet 配置和 EF Core 迁移 - 新增 PC 端授权码登录、本地全局 token 刷新、登出和鉴权服务 - 扩展统一端点模型，支持宿主过滤、角色鉴权、OpenAPI 元数据和 DI 服务处理器 - API 启用 JwtBearer 认证、Swagger UI 和认证端点注册 - PC 端注册认证服务，并按宿主过滤桌面拦截端点 2026-05-15 17:35:07 +08:00			`using Avalonia_EFCore.Models;`
			`using Microsoft.Extensions.Options;`
			`using Microsoft.IdentityModel.Tokens;`
			`using System.IdentityModel.Tokens.Jwt;`
			`using System.Security.Claims;`
			`using System.Text;`

			`namespace Avalonia_API.Authentication`
			`{`
			`public sealed class JwtTokenService(IOptions<JwtOptions> options)`
			`{`
			`private readonly JwtOptions _options = options.Value;`

			`public (string Token, DateTime ExpiresAt) CreateAccessToken(UserEntity user, IReadOnlyCollection<string> roles)`
			`{`
			`var expiresAt = DateTime.UtcNow.AddMinutes(_options.AccessTokenMinutes);`
			`var claims = new List<Claim>`
			`{`
			`new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),`
			`new(ClaimTypes.NameIdentifier, user.Id.ToString()),`
			`new(ClaimTypes.Name, user.Name ?? user.Email ?? $"user-{user.Id}"),`
			`new("auth_type", "api-jwt"),`
			`};`

			`foreach (var role in roles.Where(role => !string.IsNullOrWhiteSpace(role)).Distinct(StringComparer.OrdinalIgnoreCase))`
			`{`
			`claims.Add(new Claim(ClaimTypes.Role, role));`
			`}`

			`var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SigningKey));`
			`var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);`
			`var jwt = new JwtSecurityToken(`
			`issuer: _options.Issuer,`
			`audience: _options.Audience,`
			`claims: claims,`
			`notBefore: DateTime.UtcNow,`
			`expires: expiresAt,`
			`signingCredentials: credentials);`

			`return (new JwtSecurityTokenHandler().WriteToken(jwt), expiresAt);`
			`}`
			`}`
			`}`