diff --git a/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs index b73cc5812..9f3207fb2 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs @@ -484,6 +484,11 @@ public partial class AuthServerHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs b/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs index 9a05a9aa7..cb82da649 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs +++ b/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs @@ -1,8 +1,4 @@ -using LINGYUN.Abp.Identity; -using LINGYUN.Abp.OpenIddict.LinkUser; -using LINGYUN.Abp.OpenIddict.Sms; -using LINGYUN.Abp.OpenIddict.WeChat; -using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.Configuration; using OpenIddict.Abstractions; using System; using System.Collections.Generic; @@ -11,8 +7,6 @@ using System.Threading.Tasks; using Volo.Abp.Authorization.Permissions; using Volo.Abp.Data; using Volo.Abp.DependencyInjection; -using Volo.Abp.Guids; -using Volo.Abp.Identity; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict.Applications; using Volo.Abp.OpenIddict.Scopes; @@ -22,6 +16,30 @@ namespace LY.MicroService.AuthServer.DataSeeder; public class ServerDataSeedContributor : IDataSeedContributor, ITransientDependency { + public static HashSet InitializeScopes = new HashSet + { + // obsolete! microservice should be allocated separately + "lingyun-abp-application", + // admin service + "ams", + // identity service + "ids", + // localization service + "lts", + // platform service + "pts", + // message service + "mgs", + // task service + "tks", + // webhook service + "wks", + // workflow service + "wfs", + // wechat service + "was" + }; + private readonly IConfiguration _configuration; private readonly ICurrentTenant _currentTenant; private readonly IOpenIddictApplicationManager _applicationManager; @@ -54,33 +72,37 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende { using (_currentTenant.Change(context.TenantId)) { - await CreateScopeAsync("lingyun-abp-application"); - await CreateApplicationAsync("lingyun-abp-application"); + await CreateScopeAsync(InitializeScopes); + + await CreateApplicationAsync(InitializeScopes); } } - private async Task CreateScopeAsync(string scope) + private async Task CreateScopeAsync(IEnumerable scopes) { - if (await _scopeRepository.FindByNameAsync(scope) == null) + foreach (var scope in scopes) { - await _scopeManager.CreateAsync(new OpenIddictScopeDescriptor() + if (await _scopeRepository.FindByNameAsync(scope) == null) { - Name = scope, - DisplayName = scope + " access", - DisplayNames = - { - [CultureInfo.GetCultureInfo("zh-Hans")] = "Abp API 应用程序访问", - [CultureInfo.GetCultureInfo("en")] = "Abp API Application Access" - }, - Resources = + await _scopeManager.CreateAsync(new OpenIddictScopeDescriptor() { - scope - } - }); + Name = scope, + DisplayName = scope + " access", + DisplayNames = + { + [CultureInfo.GetCultureInfo("zh-Hans")] = "Abp API 应用程序访问", + [CultureInfo.GetCultureInfo("en")] = "Abp API Application Access" + }, + Resources = + { + scope + } + }); + } } } - private async Task CreateApplicationAsync(string scope) + private async Task CreateApplicationAsync(IEnumerable scopes) { var configurationSection = _configuration.GetSection("OpenIddict:Applications"); @@ -91,7 +113,7 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende if (await _applicationRepository.FindByClientIdAsync(vueClientId) == null) { - await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor + var application = new OpenIddictApplicationDescriptor { ClientId = vueClientId, ClientSecret = configurationSection["VueAdmin:ClientSecret"], @@ -138,9 +160,14 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Address, OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Prefixes.Scope + scope } - }); + }; + foreach (var scope in scopes) + { + application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); + } + + await _applicationManager.CreateAsync(application); var vueClientPermissions = new string[1] { @@ -155,7 +182,7 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende { if (await _applicationRepository.FindByClientIdAsync(internalServiceClientId) == null) { - await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor + var application = new OpenIddictApplicationDescriptor { ClientId = internalServiceClientId, ClientSecret = configurationSection["InternalService:ClientSecret"], @@ -193,9 +220,14 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Address, OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Prefixes.Scope + scope } - }); + }; + foreach (var scope in scopes) + { + application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); + } + + await _applicationManager.CreateAsync(application); var internalServicePermissions = new string[2] { @@ -247,9 +279,12 @@ public class ServerDataSeedContributor : IDataSeedContributor, ITransientDepende OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Address, OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Prefixes.Scope + scope } }; + foreach (var scope in scopes) + { + application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); + } oauthClientRootUrls.ForEach(url => { diff --git a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs index b14dcb98c..4fa1ab480 100644 --- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs @@ -449,6 +449,11 @@ public partial class BackendAdminHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs index 0943d54f6..aefdb11ef 100644 --- a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs @@ -470,6 +470,11 @@ public partial class IdentityServerHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs index af54d6af5..4b3b47e7f 100644 --- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs @@ -355,6 +355,11 @@ public partial class LocalizationManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs index d7baae67e..cef8c6bd7 100644 --- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs @@ -432,6 +432,11 @@ public partial class PlatformManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } options.Events = new JwtBearerEvents { diff --git a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs index 7155353b8..cb2d04d70 100644 --- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs @@ -458,6 +458,11 @@ public partial class RealtimeMessageHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } options.Events = new JwtBearerEvents { diff --git a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs index a50f0b57e..3b17bd089 100644 --- a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs @@ -409,6 +409,11 @@ public partial class TaskManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs index a3df18412..5abc8f5a6 100644 --- a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs @@ -465,6 +465,11 @@ public partial class WebhooksManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs index 6f4144ceb..e73992052 100644 --- a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs @@ -401,6 +401,11 @@ public partial class WechatManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); if (!isDevelopment) diff --git a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs index f6ca0ce89..8b2b8df80 100644 --- a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs +++ b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs @@ -486,6 +486,11 @@ public partial class WorkflowManagementHttpApiHostModule options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } + var validAudiences = configuration.GetSection("AuthServer:ValidAudiences").Get>(); + if (validAudiences?.Count > 0) + { + options.TokenValidationParameters.ValidAudiences = validAudiences; + } }); //services.AddElsaJwtBearerAuthentication(options =>