luoqian
a9abd90874
- 新增 API 端 JWT 登录、refresh token 轮换和退出登录流程 - 新增 refresh token 实体、DbSet 配置和 EF Core 迁移 - 新增 PC 端授权码登录、本地全局 token 刷新、登出和鉴权服务 - 扩展统一端点模型,支持宿主过滤、角色鉴权、OpenAPI 元数据和 DI 服务处理器 - API 启用 JwtBearer 认证、Swagger UI 和认证端点注册 - PC 端注册认证服务,并按宿主过滤桌面拦截端点
51 lines
1.6 KiB
C#
51 lines
1.6 KiB
C#
using Authentication;
|
|
using Avalonia_Services.Core;
|
|
using System;
|
|
using System.Security.Claims;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace Avalonia_PC.Authentication
|
|
{
|
|
public sealed class PcAuthService(PcGlobalTokenService tokenService) : IAuthService
|
|
{
|
|
public async Task<ClaimsPrincipal?> AuthenticateAsync(ServiceEndpointContext context)
|
|
{
|
|
var token = ExtractBearerToken(context.GetHeader("Authorization"));
|
|
if (!await tokenService.ValidateAsync(token))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
var identity = new ClaimsIdentity(
|
|
[
|
|
new Claim(ClaimTypes.NameIdentifier, "pc-local"),
|
|
new Claim(ClaimTypes.Name, "PC授权用户"),
|
|
new Claim(ClaimTypes.Role, "SuperAdmin"),
|
|
new Claim(ClaimTypes.Role, "Admin"),
|
|
new Claim("auth_type", "pc-global-token"),
|
|
],
|
|
"pc-global-token");
|
|
|
|
return new ClaimsPrincipal(identity);
|
|
}
|
|
|
|
public Task<bool> AuthorizeAsync(ClaimsPrincipal user, string policy)
|
|
{
|
|
return Task.FromResult(user.Identity?.IsAuthenticated == true);
|
|
}
|
|
|
|
private static string? ExtractBearerToken(string? authorization)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(authorization))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
const string prefix = "Bearer ";
|
|
return authorization.StartsWith(prefix, StringComparison.OrdinalIgnoreCase)
|
|
? authorization[prefix.Length..].Trim()
|
|
: authorization.Trim();
|
|
}
|
|
}
|
|
}
|