using DotNetCore.CAP; using LINGYUN.Abp.BlobStoring.OssManagement; using LINGYUN.Abp.Localization.CultureMap; using LINGYUN.Abp.LocalizationManagement; using LINGYUN.Abp.OpenIddict.AspNetCore.Session; using LINGYUN.Abp.OpenIddict.LinkUser; using LINGYUN.Abp.OpenIddict.Portal; using LINGYUN.Abp.OpenIddict.Sms; using LINGYUN.Abp.OpenIddict.WeChat; using LINGYUN.Abp.Serilog.Enrichers.Application; using LINGYUN.Abp.Serilog.Enrichers.UniqueId; using LINGYUN.Abp.WeChat.Work; using LINGYUN.Abp.Wrapper; using LY.MicroService.AuthServer.Ui.Branding; using Medallion.Threading; using Medallion.Threading.Redis; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Extensions.DependencyInjection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Routing; using Microsoft.Extensions.Caching.StackExchangeRedis; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Tokens; using OpenIddict.Server; using OpenIddict.Server.AspNetCore; using OpenIddict.Validation.AspNetCore; using StackExchange.Redis; using System; using System.Collections.Generic; using System.Linq; using System.Text.Encodings.Web; using System.Text.Unicode; using Volo.Abp.Account.Localization; using Volo.Abp.AspNetCore.Mvc; using Volo.Abp.Auditing; using Volo.Abp.BlobStoring; using Volo.Abp.Caching; using Volo.Abp.FeatureManagement; using Volo.Abp.GlobalFeatures; using Volo.Abp.Http.Client; using Volo.Abp.Json; using Volo.Abp.Json.SystemTextJson; using Volo.Abp.Localization; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict; using Volo.Abp.OpenIddict.WildcardDomains; using Volo.Abp.Security.Claims; using Volo.Abp.SettingManagement; using Volo.Abp.Threading; using Volo.Abp.Timing; using Volo.Abp.UI.Navigation.Urls; using Volo.Abp.VirtualFileSystem; namespace LY.MicroService.AuthServer; public partial class AuthServerModule { public static string ApplicationName { get; set; } = "AuthServer"; private readonly static OneTimeRunner OneTimeRunner = new OneTimeRunner(); private void PreConfigureFeature() { OneTimeRunner.Run(() => { GlobalFeatureManager.Instance.Modules.Editions().EnableAll(); }); } private void PreForwardedHeaders() { } private void PreConfigureApp(IConfiguration configuration) { AbpSerilogEnrichersConsts.ApplicationName = ApplicationName; PreConfigure(options => { // 以开放端口区别,应在0-31之间 options.SnowflakeIdOptions.WorkerId = 1; options.SnowflakeIdOptions.WorkerIdBits = 5; options.SnowflakeIdOptions.DatacenterId = 1; }); if (configuration.GetValue("App:ShowPii")) { IdentityModelEventSource.ShowPII = true; } } private void PreConfigureCAP(IConfiguration configuration) { PreConfigure(options => { options .UseMySql(mySqlOptions => { configuration.GetSection("CAP:MySql").Bind(mySqlOptions); }) .UseRabbitMQ(rabbitMQOptions => { configuration.GetSection("CAP:RabbitMQ").Bind(rabbitMQOptions); }) .UseDashboard(); }); } private void PreConfigureAuthServer() { PreConfigure(builder => { builder.AddValidation(options => { //options.AddAudiences("lingyun-abp-application"); options.UseLocalServer(); options.UseAspNetCore(); options.UseDataProtection(); }); }); } private void PreConfigureCertificate(IConfiguration configuration, IWebHostEnvironment environment) { if (!environment.IsDevelopment()) { PreConfigure(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure(builder => { builder.AddProductionEncryptionAndSigningCertificate(configuration["App:SslFile"], configuration["App:SslPassword"]); }); } PreConfigure(builder => { // builder.UseDataProtection(); // 禁用https builder.UseAspNetCore() .DisableTransportSecurityRequirement(); }); var wildcardDomains = configuration.GetSection("App:WildcardDomains").Get>(); if (wildcardDomains?.Count > 0) { PreConfigure(options => { options.EnableWildcardDomainSupport = true; options.WildcardDomainsFormat.AddIfNotContains(wildcardDomains); }); } } private void ConfigureMvc(IServiceCollection services, IConfiguration configuration) { Configure(options => { options.ExposeIntegrationServices = true; }); Configure(options => { options.EndpointConfigureActions.Add((builder) => { builder.Endpoints.MapHealthChecks(configuration["App:HealthChecks"] ?? "/healthz"); }); }); services.AddHealthChecks(); } private void ConfigureDataSeeder() { } private void ConfigureFeatureManagement() { Configure(options => { options.IsDynamicFeatureStoreEnabled = true; }); } private void ConfigureSettingManagement() { Configure(options => { options.IsDynamicSettingStoreEnabled = true; }); } private void ConfigureJsonSerializer(IConfiguration configuration) { // 统一时间日期格式 Configure(options => { var jsonConfiguration = configuration.GetSection("Json"); if (jsonConfiguration.Exists()) { jsonConfiguration.Bind(options); } }); // 中文序列化的编码问题 Configure(options => { options.JsonSerializerOptions.Encoder = JavaScriptEncoder.Create(UnicodeRanges.All); }); } private void ConfigureDistributedLocking(IServiceCollection services, IConfiguration configuration) { var distributedLockEnabled = configuration["DistributedLock:IsEnabled"]; if (distributedLockEnabled.IsNullOrEmpty() || bool.Parse(distributedLockEnabled)) { var redis = ConnectionMultiplexer.Connect(configuration["DistributedLock:Redis:Configuration"]); services.AddSingleton(_ => new RedisDistributedSynchronizationProvider(redis.GetDatabase())); } } private void ConfigureBranding(IConfiguration configuration) { Configure(options => { configuration.GetSection("App:Branding").Bind(options); }); } private void ConfigureBlobStoring(IConfiguration configuration) { Configure(options => { options.Containers.ConfigureAll((containerName, containerConfiguration) => { containerConfiguration.UseOssManagement(config => { configuration.GetSection("OssManagement").Bind(config); }); }); }); } private void ConfigureCaching(IConfiguration configuration) { Configure(options => { configuration.GetSection("DistributedCache").Bind(options); }); Configure(options => { var redisConfig = ConfigurationOptions.Parse(options.Configuration); options.ConfigurationOptions = redisConfig; options.InstanceName = configuration["Redis:InstanceName"]; }); } private void ConfigureIdentity(IConfiguration configuration) { // 增加配置文件定义,在新建租户时需要 Configure(options => { var identityConfiguration = configuration.GetSection("Identity"); if (identityConfiguration.Exists()) { identityConfiguration.Bind(options); } }); Configure(options => { options.IsDynamicClaimsEnabled = true; options.IsRemoteRefreshEnabled = false; }); Configure(options => { options.PersistentSessionGrantTypes.Add(SmsTokenExtensionGrantConsts.GrantType); options.PersistentSessionGrantTypes.Add(PortalTokenExtensionGrantConsts.GrantType); options.PersistentSessionGrantTypes.Add(LinkUserTokenExtensionGrantConsts.GrantType); options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.OfficialGrantType); options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.MiniProgramGrantType); options.PersistentSessionGrantTypes.Add(AbpWeChatWorkGlobalConsts.GrantType); }); } private void ConfigureVirtualFileSystem() { Configure(options => { options.FileSets.AddEmbedded("LY.MicroService.AuthServer"); }); } private void ConfigureLocalization() { Configure(options => { options.Languages.Add(new LanguageInfo("en", "en", "English")); options.Languages.Add(new LanguageInfo("zh-Hans", "zh-Hans", "简体中文")); options.Resources .Get() .AddVirtualJson("/Localization/Resources"); }); Configure(options => { var zhHansCultureMapInfo = new CultureMapInfo { TargetCulture = "zh-Hans", SourceCultures = new string[] { "zh", "zh_CN", "zh-CN" } }; options.CulturesMaps.Add(zhHansCultureMapInfo); options.UiCulturesMaps.Add(zhHansCultureMapInfo); }); Configure(options => { options.SaveStaticLocalizationsToDatabase = true; }); } private void ConfigureTiming(IConfiguration configuration) { Configure(options => { configuration.GetSection("Clock").Bind(options); }); } private void ConfigureAuditing(IConfiguration configuration) { Configure(options => { // options.IsEnabledForGetRequests = true; options.ApplicationName = ApplicationName; // 是否启用实体变更记录 var allEntitiesSelectorIsEnabled = configuration["Auditing:AllEntitiesSelector"]; if (allEntitiesSelectorIsEnabled.IsNullOrWhiteSpace() || (bool.TryParse(allEntitiesSelectorIsEnabled, out var enabled) && enabled)) { options.EntityHistorySelectors.AddAllEntities(); } }); } private void ConfigureUrls(IConfiguration configuration) { Configure(options => { var applicationConfiguration = configuration.GetSection("App:Urls:Applications"); foreach (var appConfig in applicationConfiguration.GetChildren()) { options.Applications[appConfig.Key].RootUrl = appConfig["RootUrl"]; foreach (var urlsConfig in appConfig.GetSection("Urls").GetChildren()) { options.Applications[appConfig.Key].Urls[urlsConfig.Key] = urlsConfig.Value; } } }); } private void ConfigureAuthServer(IConfiguration configuration) { Configure(builder => { builder.DisableTransportSecurityRequirement(); }); Configure(options => { options.DisableTransportSecurityRequirement = true; }); Configure(options => { var lifetime = configuration.GetSection("OpenIddict:Lifetime"); options.AuthorizationCodeLifetime = lifetime.GetValue("AuthorizationCode", options.AuthorizationCodeLifetime); options.AccessTokenLifetime = lifetime.GetValue("AccessToken", options.AccessTokenLifetime); options.DeviceCodeLifetime = lifetime.GetValue("DeviceCode", options.DeviceCodeLifetime); options.IdentityTokenLifetime = lifetime.GetValue("IdentityToken", options.IdentityTokenLifetime); options.RefreshTokenLifetime = lifetime.GetValue("RefreshToken", options.RefreshTokenLifetime); options.RefreshTokenReuseLeeway = lifetime.GetValue("RefreshTokenReuseLeeway", options.RefreshTokenReuseLeeway); options.UserCodeLifetime = lifetime.GetValue("UserCode", options.UserCodeLifetime); }); } private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) { services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); services .AddAuthentication() .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); }) .AddJwtBearer(options => { configuration.GetSection("AuthServer").Bind(options); var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get>(); if (validIssuers?.Count > 0) { options.TokenValidationParameters.ValidIssuers = validIssuers; options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator; } }); //.AddWeChatWork(options => //{ // options.SignInScheme = IdentityConstants.ExternalScheme; //}); if (!isDevelopment) { var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]); services .AddDataProtection() .SetApplicationName("LINGYUN.Abp.Application") .PersistKeysToStackExchangeRedis(redis, "LINGYUN.Abp.Application:DataProtection:Protection-Keys"); } services.AddSameSiteCookiePolicy(); } private void ConfigureMultiTenancy(IConfiguration configuration) { // 多租户 Configure(options => { options.IsEnabled = true; }); var tenantResolveCfg = configuration.GetSection("App:Domains"); if (tenantResolveCfg.Exists()) { Configure(options => { var domains = tenantResolveCfg.Get(); foreach (var domain in domains) { options.AddDomainTenantResolver(domain); } }); } } private void ConfigureCors(IServiceCollection services, IConfiguration configuration) { services.AddCors(options => { options.AddDefaultPolicy(builder => { var corsOrigins = configuration.GetSection("App:CorsOrigins").Get>(); if (corsOrigins == null || corsOrigins.Count == 0) { corsOrigins = configuration["App:CorsOrigins"]? .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.RemovePostFix("/")) .ToList() ?? new List(); } builder .WithOrigins(corsOrigins .Select(o => o.RemovePostFix("/")) .ToArray() ) .WithAbpExposedHeaders() .WithAbpWrapExposedHeaders() .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); }); } private void PreConfigureWrapper() { PreConfigure(options => { // http服务间调用发送不需要包装结果的请求头 options.ProxyClientActions.Add( (_, _, client) => { client.DefaultRequestHeaders.TryAddWithoutValidation(AbpHttpWrapConsts.AbpDontWrapResult, "true"); }); }); } }