上传AuthServer配置文件

6 years ago · b72bed9b3f
5 changed files with 191 additions and 19 deletions
--- a/aspnet-core/configuration/AuthServer.Host/appsettings.Development.json
+++ b/aspnet-core/configuration/AuthServer.Host/appsettings.Development.json
@ -0,0 +1,141 @@
 {
  "App": {
    "SelfUrl": "http://localhost:44385/",
    "CorsOrigins": "http://localhost:4200,http://localhost:9528,http://127.0.0.1:63898"
  },
  "AppSelfUrl": "http://localhost:44385/",
  "ConnectionStrings": {
    "Default": "Server=127.0.0.1;Database=IdentityServer;User Id=root;Password=123456",
    "AbpIdentity": "Server=127.0.0.1;Database=IdentityServer;User Id=root;Password=123456",
    "AbpIdentityServer": "Server=127.0.0.1;Database=IdentityServer;User Id=root;Password=123456",
    "AbpTenantManagement": "Server=127.0.0.1;Database=Platform;User Id=root;Password=123456",
    "AbpSettingManagement": "Server=127.0.0.1;Database=Platform;User Id=root;Password=123456",
    "AbpPermissionManagement": "Server=127.0.0.1;Database=Platform;User Id=root;Password=123456",
    "AbpFeatureManagement": "Server=127.0.0.1;Database=Platform;User Id=root;Password=123456"
  },
  "Identity": {
    "Password": {
      "RequiredLength": 6,
      "RequiredUniqueChars": 0,
      "RequireNonAlphanumeric": false,
      "RequireLowercase": false,
      "RequireUppercase": false,
      "RequireDigit": false
    },
    "Lockout": {
      "AllowedForNewUsers": false,
      "LockoutDuration": 5,
      "MaxFailedAccessAttempts": 5
    },
    "SignIn": {
      "RequireConfirmedEmail": false,
      "RequireConfirmedPhoneNumber": false
    }
  },
  "CAP": {
    "EventBus": {
      "DefaultGroup": "AuthServer",
      "Version": "v1",
      "FailedRetryInterval": 300,
      "FailedRetryCount": 10
    },
    "RabbitMQ": {
      "HostName": "127.0.0.1",
      "Port": 5672,
      "UserName": "admin",
      "Password": "admin",
      "ExchangeName": "LINGYUN.AbpApplication",
      "VirtualHost": "multi.service.test"
    }
  },
  "RedisCache": {
    "ConnectString": "127.0.0.1",
    "RedisPrefix": "AuthServer"
  },
  "AuthServer": {
    "Authority": "http://localhost:44385/",
    "ApiName": "auth-service"
  },
  "WeChat": {
    "Auth": {
      "AppId": "微信AppId",
      "AppSecret": "微信AppSecret"
    },
    "Signature": {
      "RequestPath": "微信开发者中心填写的验证地址",
      "Token": "微信开发者中心填写的Token"
    }
  },
  "IdentityServer": {
    "Clients": {
      "AuthManagement": {
        "ClientId": "auth-management",
        "RootUrl": "http://localhost:44313/"
      },
      "AuthVueAdmin": {
        "ClientId": "vue-admin-element"
      },
      "AuthApiGateway": {
        "ClientId": "apigateway-host-client"
      }
    }
  },
  "Serilog": {
    "MinimumLevel": {
      "Default": "Information",
      "Override": {
        "System": "Warning",
        "Microsoft": "Warning",
        "DotNetCore": "Information"
      }
    },
    "Enrich": [ "FromLogContext", "WithProcessId", "WithThreadId" ],
    "WriteTo": [
      {
        "Name": "File",
        "Args": {
          "path": "Logs/Debug-.log",
          "restrictedToMinimumLevel": "Debug",
          "rollingInterval": "Day",
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss} [{Level:u3}] [{SourceContext}] [{ProcessId}] [{ThreadId}] - {Message:lj}{NewLine}{Exception}"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "Logs/Info-.log",
          "restrictedToMinimumLevel": "Information",
          "rollingInterval": "Day",
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss} [{Level:u3}] [{SourceContext}] [{ProcessId}] [{ThreadId}] - {Message:lj}{NewLine}{Exception}"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "Logs/Warn-.log",
          "restrictedToMinimumLevel": "Warning",
          "rollingInterval": "Day",
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss} [{Level:u3}] [{SourceContext}] [{ProcessId}] [{ThreadId}] - {Message:lj}{NewLine}{Exception}"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "Logs/Error-.log",
          "restrictedToMinimumLevel": "Error",
          "rollingInterval": "Day",
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss} [{Level:u3}] [{SourceContext}] [{ProcessId}] [{ThreadId}] - {Message:lj}{NewLine}{Exception}"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "Logs/Fatal-.log",
          "restrictedToMinimumLevel": "Fatal",
          "rollingInterval": "Day",
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss} [{Level:u3}] [{SourceContext}] [{ProcessId}] [{ThreadId}] - {Message:lj}{NewLine}{Exception}"
        }
      }
    ]
  }
 }
--- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatSignatureMiddleware.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatSignatureMiddleware.cs
@ -23,47 +23,56 @@ namespace LINGYUN.Abp.IdentityServer
            if (context.Request.Path.HasValue)
            {
                var requestPath = context.Request.Path.Value;
                // 访问地址是否与定义的地址匹配
                if (requestPath.Equals(Options.RequestPath))
                {
                    var timestamp = context.Request.Query["timestamp"];
                    var nonce = context.Request.Query["nonce"];
                    var signature = context.Request.Query["signature"];
                    var echostr = context.Request.Query["echostr"];
                    // 验证消息合法性
                    var check = CheckWeChatSignature(Options.Token, timestamp, nonce, signature);
                    if (check)
                    {
                        // 验证通过需要把微信服务器传递的字符原封不动传回
                        await context.Response.WriteAsync(echostr);
                        return;
                    }
-                    throw new AbpException("微信验证不通过");
+                    // 微信消息验证不通过
                    throw new AbpException("Invalid wechat signature");
                }
            }
            // 不属于微信的消息进入下一个中间件
            await next(context);
        }
        protected bool CheckWeChatSignature(string token, string timestamp, string nonce, string signature)
        {
-            var al = new ArrayList();
+            var al = new ArrayList
-            al.Add(token);
+            {
-            al.Add(timestamp);
+                token,
-            al.Add(nonce);
+                timestamp,
                nonce
            };
            // step1 排序
            al.Sort();
            string signatureStr = string.Empty;
-            for(int i = 0; i < al.Count; i++)
+            // step2 拼接
            for (int i = 0; i < al.Count; i++)
            {
                signatureStr += al[i];
            }
-            using (var sha1 = new SHA1CryptoServiceProvider())
+            // step3 SHA1加密
            using var sha1 = new SHA1CryptoServiceProvider();
            byte[] bytes_in = Encoding.ASCII.GetBytes(signatureStr);
            byte[] bytes_out = sha1.ComputeHash(bytes_in);
            string result = BitConverter.ToString(bytes_out).Replace("-", "");
            // step4 比对
            if (result.Equals(signature, StringComparison.CurrentCultureIgnoreCase))
            {
-                byte[] bytes_in = Encoding.ASCII.GetBytes(signatureStr);
+                return true;
                byte[] bytes_out = sha1.ComputeHash(bytes_in);
                string result = BitConverter.ToString(bytes_out).Replace("-", "");
                if (result.Equals(signature, StringComparison.CurrentCultureIgnoreCase))
                {
                    return true;
                }
                return false;
            }
            return false;
        }
    }
 }
--- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatSignatureOptions.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatSignatureOptions.cs
@ -2,7 +2,15 @@
 {
    public class WeChatSignatureOptions
    {
        /// <summary>
        /// 微信服务器请求路径
        /// 填写在微信开发者中心配置的地址
        /// </summary>
        public string RequestPath { get; set; }
        /// <summary>
        /// 微信服务器请求token
        /// 填写在微信开发者中心配置的token
        /// </summary>
        public string Token { get; set; }
    }
 }
--- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/Microsoft/AspNetCore/Builder/IdentityServerApplicationBuilderExtensions.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/Microsoft/AspNetCore/Builder/IdentityServerApplicationBuilderExtensions.cs
@ -4,6 +4,15 @@ namespace Microsoft.AspNetCore.Builder
 {
    public static class IdentityServerApplicationBuilderExtensions
    {
        /// <summary>
        /// 启用中间件可以处理微信服务器消息
        /// 用于验证消息是否来自于微信服务器
        /// </summary>
        /// <param name="builder"></param>
        /// <remarks>
        /// 也可以用Controller的形式来实现
        /// </remarks>
        /// <returns></returns>
        public static IApplicationBuilder UseWeChatSignature(this IApplicationBuilder builder)
        {
            builder.UseMiddleware<WeChatSignatureMiddleware>();
--- a/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs
+++ b/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs
@ -85,6 +85,7 @@ namespace AuthServer.Host
                // 滑动过期30天
                options.GlobalCacheEntryOptions.SlidingExpiration = TimeSpan.FromDays(30);
                // 绝对过期60天
                options.GlobalCacheEntryOptions.AbsoluteExpiration = DateTimeOffset.Now.AddDays(60);
                options.GlobalCacheEntryOptions.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(60);
            });
@ -116,13 +117,14 @@ namespace AuthServer.Host
            context.Services.AddStackExchangeRedisCache(options =>
            {
-                options.InstanceName = configuration["Redis:InstanceName"];
+                options.Configuration = configuration["RedisCache:ConnectString"];
-                options.Configuration = configuration["Redis:Configuration"];
+                var instanceName = configuration["RedisCache:RedisPrefix"];
                options.InstanceName = instanceName.IsNullOrEmpty() ? "MessageService_Cache" : instanceName;
            });
            if (!hostingEnvironment.IsDevelopment())
            {
-                var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
+                var redis = ConnectionMultiplexer.Connect(configuration["RedisCache:ConnectString"]);
                context.Services
                    .AddDataProtection()
                    .PersistKeysToStackExchangeRedis(redis, "AuthServer-Protection-Keys");
@ -160,7 +162,10 @@ namespace AuthServer.Host
            app.UseMultiTenancy();
            app.UseIdentityServer();
            app.UseAuditing();
-            //app.UseWeChatSignature();
+
            // 处理微信消息
            // app.UseWeChatSignature();
            SeedData(context);
        }