From 1b50dbff0b1b332db7737954d10acf3b93d121c5 Mon Sep 17 00:00:00 2001 From: colin Date: Mon, 23 Jun 2025 16:40:53 +0800 Subject: [PATCH] feat(auth-server): Increase the configuration of the swagget client --- .../AuthServerDataSeedContributor.cs | 315 +++++++++++------- .../appsettings.Development.json | 12 +- 2 files changed, 208 insertions(+), 119 deletions(-) diff --git a/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs b/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs index 3f2ff900d..5d0d99d5c 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs +++ b/aspnet-core/services/LY.MicroService.AuthServer/DataSeeder/AuthServerDataSeedContributor.cs @@ -2,10 +2,12 @@ using LINGYUN.Abp.OpenIddict.LinkUser; using LINGYUN.Abp.OpenIddict.Sms; using LINGYUN.Abp.OpenIddict.WeChat; +using Microsoft.Extensions.Configuration; using OpenIddict.Abstractions; using System; using System.Globalization; using System.Threading.Tasks; +using Volo.Abp.Authorization.Permissions; using Volo.Abp.Data; using Volo.Abp.DependencyInjection; using Volo.Abp.Guids; @@ -13,173 +15,256 @@ using Volo.Abp.Identity; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict.Applications; using Volo.Abp.OpenIddict.Scopes; +using Volo.Abp.PermissionManagement; namespace LY.MicroService.AuthServer.DataSeeder; public class ServerDataSeedContributor : IDataSeedContributor, ITransientDependency { + private readonly IConfiguration _configuration; private readonly ICurrentTenant _currentTenant; - private readonly IGuidGenerator _guidGenerator; private readonly IOpenIddictApplicationManager _applicationManager; private readonly IOpenIddictApplicationRepository _applicationRepository; + private readonly IPermissionDataSeeder _permissionDataSeeder; + private readonly IOpenIddictScopeManager _scopeManager; private readonly IOpenIddictScopeRepository _scopeRepository; - private readonly IIdentityClaimTypeRepository _claimTypeRepository; - public ServerDataSeedContributor( + IConfiguration configuration, ICurrentTenant currentTenant, - IGuidGenerator guidGenerator, IOpenIddictScopeManager scopeManager, IOpenIddictScopeRepository scopeRepository, + IPermissionDataSeeder permissionDataSeeder, IOpenIddictApplicationManager applicationManager, - IOpenIddictApplicationRepository applicationRepository, - IIdentityClaimTypeRepository identityClaimTypeRepository) + IOpenIddictApplicationRepository applicationRepository) { + _configuration = configuration; _currentTenant = currentTenant; - _guidGenerator = guidGenerator; _scopeManager = scopeManager; _scopeRepository = scopeRepository; + _permissionDataSeeder = permissionDataSeeder; _applicationManager = applicationManager; _applicationRepository = applicationRepository; - _claimTypeRepository = identityClaimTypeRepository; } public async Task SeedAsync(DataSeedContext context) { - if (!await _claimTypeRepository.AnyAsync(IdentityConsts.ClaimType.Avatar.Name)) + using (_currentTenant.Change(context.TenantId)) { - await _claimTypeRepository.InsertAsync( - new IdentityClaimType( - _guidGenerator.Create(), - IdentityConsts.ClaimType.Avatar.Name, - isStatic: true - ) - ); + await CreateScopeAsync("lingyun-abp-application"); + await CreateApplicationAsync("lingyun-abp-application"); } + } - if (await _scopeRepository.FindByNameAsync("lingyun-abp-application") == null) + private async Task CreateScopeAsync(string scope) + { + if (await _scopeRepository.FindByNameAsync(scope) == null) { await _scopeManager.CreateAsync(new OpenIddictScopeDescriptor() { - Name = "lingyun-abp-application", - DisplayName = "lingyun-abp-application", + Name = scope, + DisplayName = scope + " access", DisplayNames = { - [CultureInfo.GetCultureInfo("en")] = "abp application", - [CultureInfo.GetCultureInfo("zh-Hans")] = "abp application", + [CultureInfo.GetCultureInfo("zh-Hans")] = "Abp API 应用程序访问", + [CultureInfo.GetCultureInfo("en")] = "Abp API Application Access" }, Resources = { - "lingyun-abp-application" + scope } }); } + } - if (await _applicationRepository.FindByClientIdAsync("vue-admin-client") == null) + private async Task CreateApplicationAsync(string scope) + { + var configurationSection = _configuration.GetSection("OpenIddict:Applications"); + + var vueClientId = configurationSection["VueAdmin:ClientId"]; + if (!vueClientId.IsNullOrWhiteSpace()) { - await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor + var vueClientRootUrl = configurationSection["VueAdmin:RootUrl"].EnsureEndsWith('/'); + + if (await _applicationRepository.FindByClientIdAsync(vueClientId) == null) { - ClientId = "vue-admin-client", - ClientSecret = "1q2w3e*", - ConsentType = OpenIddictConstants.ConsentTypes.Explicit, - DisplayName = "Vue Vben Admin Abp Application", - PostLogoutRedirectUris = + await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor { - new Uri("https://127.0.0.1:3100/signout-callback-oidc"), - new Uri("http://127.0.0.1:3100") - }, - RedirectUris = + ClientId = vueClientId, + ClientSecret = configurationSection["VueAdmin:ClientSecret"], + ApplicationType = OpenIddictConstants.ApplicationTypes.Web, + ConsentType = OpenIddictConstants.ConsentTypes.Explicit, + DisplayName = "Abp Vue Admin Client", + PostLogoutRedirectUris = + { + new Uri(vueClientRootUrl + "signout-callback"), + new Uri(vueClientRootUrl) + }, + RedirectUris = + { + new Uri(vueClientRootUrl + "signin-callback"), + new Uri(vueClientRootUrl) + }, + Permissions = + { + OpenIddictConstants.Permissions.Endpoints.Authorization, + OpenIddictConstants.Permissions.Endpoints.Token, + OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, + OpenIddictConstants.Permissions.Endpoints.Introspection, + OpenIddictConstants.Permissions.Endpoints.Revocation, + OpenIddictConstants.Permissions.Endpoints.EndSession, + + OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, + OpenIddictConstants.Permissions.GrantTypes.Implicit, + OpenIddictConstants.Permissions.GrantTypes.Password, + OpenIddictConstants.Permissions.GrantTypes.RefreshToken, + OpenIddictConstants.Permissions.GrantTypes.DeviceCode, + OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, + + OpenIddictConstants.Permissions.ResponseTypes.Code, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeToken, + OpenIddictConstants.Permissions.ResponseTypes.IdToken, + OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.None, + OpenIddictConstants.Permissions.ResponseTypes.Token, + + OpenIddictConstants.Permissions.Scopes.Roles, + OpenIddictConstants.Permissions.Scopes.Profile, + OpenIddictConstants.Permissions.Scopes.Email, + OpenIddictConstants.Permissions.Scopes.Address, + OpenIddictConstants.Permissions.Scopes.Phone, + OpenIddictConstants.Permissions.Prefixes.Scope + scope + } + }); + + var vueClientPermissions = new string[1] { - new Uri("https://127.0.0.1:3100/signin-oidc"), - new Uri("http://127.0.0.1:3100") - }, - Permissions = + "AbpIdentity.UserLookup" + }; + await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, vueClientId, vueClientPermissions); + } + } + + var internalServiceClientId = configurationSection["InternalService:ClientId"]; + if (!internalServiceClientId.IsNullOrWhiteSpace()) + { + if (await _applicationRepository.FindByClientIdAsync(internalServiceClientId) == null) + { + await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor { - OpenIddictConstants.Permissions.Endpoints.Authorization, - OpenIddictConstants.Permissions.Endpoints.Token, - OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, - OpenIddictConstants.Permissions.Endpoints.Introspection, - OpenIddictConstants.Permissions.Endpoints.Revocation, - OpenIddictConstants.Permissions.Endpoints.EndSession, - - OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, - OpenIddictConstants.Permissions.GrantTypes.Implicit, - OpenIddictConstants.Permissions.GrantTypes.Password, - OpenIddictConstants.Permissions.GrantTypes.RefreshToken, - OpenIddictConstants.Permissions.GrantTypes.DeviceCode, - OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, - OpenIddictConstants.Permissions.Prefixes.GrantType + WeChatTokenExtensionGrantConsts.OfficialGrantType, - OpenIddictConstants.Permissions.Prefixes.GrantType + WeChatTokenExtensionGrantConsts.MiniProgramGrantType, - OpenIddictConstants.Permissions.Prefixes.GrantType + SmsTokenExtensionGrantConsts.GrantType, - OpenIddictConstants.Permissions.Prefixes.GrantType + LinkUserTokenExtensionGrantConsts.GrantType, - - OpenIddictConstants.Permissions.ResponseTypes.Code, - OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, - OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, - OpenIddictConstants.Permissions.ResponseTypes.CodeToken, - OpenIddictConstants.Permissions.ResponseTypes.IdToken, - OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, - OpenIddictConstants.Permissions.ResponseTypes.None, - OpenIddictConstants.Permissions.ResponseTypes.Token, - - OpenIddictConstants.Permissions.Scopes.Roles, - OpenIddictConstants.Permissions.Scopes.Profile, - OpenIddictConstants.Permissions.Scopes.Email, - OpenIddictConstants.Permissions.Scopes.Address, - OpenIddictConstants.Permissions.Scopes.Phone, - OpenIddictConstants.Permissions.Prefixes.Scope + WeChatTokenExtensionGrantConsts.ProfileKey, - OpenIddictConstants.Permissions.Prefixes.Scope + "lingyun-abp-application" - } - }); + ClientId = internalServiceClientId, + ClientSecret = configurationSection["InternalService:ClientSecret"], + ClientType = OpenIddictConstants.ClientTypes.Confidential, + ConsentType = OpenIddictConstants.ConsentTypes.Explicit, + ApplicationType = OpenIddictConstants.ApplicationTypes.Native, + DisplayName = "Abp Vue Admin Client", + Permissions = + { + OpenIddictConstants.Permissions.Endpoints.Authorization, + OpenIddictConstants.Permissions.Endpoints.Token, + OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, + OpenIddictConstants.Permissions.Endpoints.Introspection, + OpenIddictConstants.Permissions.Endpoints.Revocation, + OpenIddictConstants.Permissions.Endpoints.EndSession, + + OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, + OpenIddictConstants.Permissions.GrantTypes.Implicit, + OpenIddictConstants.Permissions.GrantTypes.Password, + OpenIddictConstants.Permissions.GrantTypes.RefreshToken, + OpenIddictConstants.Permissions.GrantTypes.DeviceCode, + OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, + + OpenIddictConstants.Permissions.ResponseTypes.Code, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeToken, + OpenIddictConstants.Permissions.ResponseTypes.IdToken, + OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.None, + OpenIddictConstants.Permissions.ResponseTypes.Token, + + OpenIddictConstants.Permissions.Scopes.Roles, + OpenIddictConstants.Permissions.Scopes.Profile, + OpenIddictConstants.Permissions.Scopes.Email, + OpenIddictConstants.Permissions.Scopes.Address, + OpenIddictConstants.Permissions.Scopes.Phone, + OpenIddictConstants.Permissions.Prefixes.Scope + scope + } + }); + + var internalServicePermissions = new string[2] + { + "AbpIdentity.UserLookup","AbpIdentity.Users" + }; + await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, internalServiceClientId, internalServicePermissions); + } } - if (await _applicationRepository.FindByClientIdAsync("InternalServiceClient") == null) + var oauthClientId = configurationSection["VueOAuthClient:ClientId"]; + if (!oauthClientId.IsNullOrWhiteSpace()) { - await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor + var oauthClientRootUrl = configurationSection["VueOAuthClient:RootUrl"].EnsureEndsWith('/'); + + if (await _applicationRepository.FindByClientIdAsync(oauthClientId) == null) { - ClientId = "InternalServiceClient", - ClientSecret = "1q2w3e*", - ClientType = OpenIddictConstants.ClientTypes.Confidential, - ConsentType = OpenIddictConstants.ConsentTypes.Explicit, - DisplayName = "Internal Service Client", - PostLogoutRedirectUris = {}, - RedirectUris = {}, - Permissions = + await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor { - OpenIddictConstants.Permissions.Endpoints.Authorization, - OpenIddictConstants.Permissions.Endpoints.Token, - OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, - OpenIddictConstants.Permissions.Endpoints.Introspection, - OpenIddictConstants.Permissions.Endpoints.Revocation, - OpenIddictConstants.Permissions.Endpoints.EndSession, - - OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, - OpenIddictConstants.Permissions.GrantTypes.Implicit, - OpenIddictConstants.Permissions.GrantTypes.Password, - OpenIddictConstants.Permissions.GrantTypes.RefreshToken, - OpenIddictConstants.Permissions.GrantTypes.DeviceCode, - OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, - - OpenIddictConstants.Permissions.ResponseTypes.Code, - OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, - OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, - OpenIddictConstants.Permissions.ResponseTypes.CodeToken, - OpenIddictConstants.Permissions.ResponseTypes.IdToken, - OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, - OpenIddictConstants.Permissions.ResponseTypes.None, - OpenIddictConstants.Permissions.ResponseTypes.Token, - - OpenIddictConstants.Permissions.Scopes.Roles, - OpenIddictConstants.Permissions.Scopes.Profile, - OpenIddictConstants.Permissions.Scopes.Email, - OpenIddictConstants.Permissions.Scopes.Address, - OpenIddictConstants.Permissions.Scopes.Phone, - - OpenIddictConstants.Permissions.Prefixes.Scope + "lingyun-abp-application" - } - }); + ClientId = oauthClientId, + ClientSecret = null, + ApplicationType = OpenIddictConstants.ApplicationTypes.Web, + ConsentType = OpenIddictConstants.ConsentTypes.Implicit, + DisplayName = "OAuth Client", + PostLogoutRedirectUris = + { + new Uri(oauthClientRootUrl + "signout-callback"), + new Uri(oauthClientRootUrl) + }, + RedirectUris = + { + new Uri(oauthClientRootUrl + "signin-callback"), + new Uri(oauthClientRootUrl + "swagger/oauth2-redirect.html"), + new Uri(oauthClientRootUrl) + }, + Permissions = + { + OpenIddictConstants.Permissions.Endpoints.Authorization, + OpenIddictConstants.Permissions.Endpoints.Token, + OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, + OpenIddictConstants.Permissions.Endpoints.Introspection, + OpenIddictConstants.Permissions.Endpoints.Revocation, + OpenIddictConstants.Permissions.Endpoints.EndSession, + + OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, + OpenIddictConstants.Permissions.GrantTypes.RefreshToken, + + OpenIddictConstants.Permissions.ResponseTypes.Code, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.CodeToken, + OpenIddictConstants.Permissions.ResponseTypes.IdToken, + OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, + OpenIddictConstants.Permissions.ResponseTypes.None, + OpenIddictConstants.Permissions.ResponseTypes.Token, + + OpenIddictConstants.Permissions.Scopes.Roles, + OpenIddictConstants.Permissions.Scopes.Profile, + OpenIddictConstants.Permissions.Scopes.Email, + OpenIddictConstants.Permissions.Scopes.Address, + OpenIddictConstants.Permissions.Scopes.Phone, + OpenIddictConstants.Permissions.Prefixes.Scope + scope + } + }); + + var oauthClientPermissions = new string[1] + { + "AbpIdentity.UserLookup" + }; + await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, oauthClientId, oauthClientPermissions); + } } } } diff --git a/aspnet-core/services/LY.MicroService.AuthServer/appsettings.Development.json b/aspnet-core/services/LY.MicroService.AuthServer/appsettings.Development.json index 62e92ffce..ef6e1612e 100644 --- a/aspnet-core/services/LY.MicroService.AuthServer/appsettings.Development.json +++ b/aspnet-core/services/LY.MicroService.AuthServer/appsettings.Development.json @@ -10,7 +10,7 @@ "configCacheEncrypt": true }, "App": { - "CorsOrigins": "http://127.0.0.1:3100", + "CorsOrigins": "http://127.0.0.1:5666,http://localhost:5666", "Urls": { "Applications": { "MVC": { @@ -24,7 +24,7 @@ "RootUrl": "http://127.0.0.1:44385/" }, "VueVbenAdmin": { - "RootUrl": "http://127.0.0.1:3100/", + "RootUrl": "http://127.0.0.1:5666/", "Urls": { "Abp.Account.EmailConfirm": "account/email-confirm", "Abp.Account.EmailVerifyLogin": "account/verify-code" @@ -95,14 +95,18 @@ }, "OpenIddict": { "Applications": { - "AuthVueAdmin": { + "VueAdmin": { "ClientId": "vue-admin-client", "ClientSecret": "1q2w3e*", - "RootUrl": "http://127.0.0.1:3100/" + "RootUrl": "http://127.0.0.1:5666/" }, "InternalService": { "ClientId": "InternalServiceClient", "ClientSecret": "1q2w3e*" + }, + "VueOAuthClient": { + "ClientId": "vue-oauth-client", + "RootUrl": "http://localhost:5666" } } },