luoqian
a9abd90874
- 新增 API 端 JWT 登录、refresh token 轮换和退出登录流程 - 新增 refresh token 实体、DbSet 配置和 EF Core 迁移 - 新增 PC 端授权码登录、本地全局 token 刷新、登出和鉴权服务 - 扩展统一端点模型,支持宿主过滤、角色鉴权、OpenAPI 元数据和 DI 服务处理器 - API 启用 JwtBearer 认证、Swagger UI 和认证端点注册 - PC 端注册认证服务,并按宿主过滤桌面拦截端点
44 lines
1.7 KiB
C#
44 lines
1.7 KiB
C#
using Avalonia_EFCore.Models;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
|
|
namespace Avalonia_API.Authentication
|
|
{
|
|
public sealed class JwtTokenService(IOptions<JwtOptions> options)
|
|
{
|
|
private readonly JwtOptions _options = options.Value;
|
|
|
|
public (string Token, DateTime ExpiresAt) CreateAccessToken(UserEntity user, IReadOnlyCollection<string> roles)
|
|
{
|
|
var expiresAt = DateTime.UtcNow.AddMinutes(_options.AccessTokenMinutes);
|
|
var claims = new List<Claim>
|
|
{
|
|
new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
|
|
new(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
|
new(ClaimTypes.Name, user.Name ?? user.Email ?? $"user-{user.Id}"),
|
|
new("auth_type", "api-jwt"),
|
|
};
|
|
|
|
foreach (var role in roles.Where(role => !string.IsNullOrWhiteSpace(role)).Distinct(StringComparer.OrdinalIgnoreCase))
|
|
{
|
|
claims.Add(new Claim(ClaimTypes.Role, role));
|
|
}
|
|
|
|
var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SigningKey));
|
|
var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
|
|
var jwt = new JwtSecurityToken(
|
|
issuer: _options.Issuer,
|
|
audience: _options.Audience,
|
|
claims: claims,
|
|
notBefore: DateTime.UtcNow,
|
|
expires: expiresAt,
|
|
signingCredentials: credentials);
|
|
|
|
return (new JwtSecurityTokenHandler().WriteToken(jwt), expiresAt);
|
|
}
|
|
}
|
|
}
|