colin
2 months ago
6 changed files with 572 additions and 316 deletions
@ -1,309 +0,0 @@ |
|||
using Microsoft.Extensions.Configuration; |
|||
using OpenIddict.Abstractions; |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Globalization; |
|||
using System.Threading.Tasks; |
|||
using Volo.Abp.Authorization.Permissions; |
|||
using Volo.Abp.Data; |
|||
using Volo.Abp.DependencyInjection; |
|||
using Volo.Abp.MultiTenancy; |
|||
using Volo.Abp.OpenIddict.Applications; |
|||
using Volo.Abp.OpenIddict.Scopes; |
|||
using Volo.Abp.PermissionManagement; |
|||
|
|||
namespace LINGYUN.Abp.MicroService.AuthServer.DataSeeder; |
|||
|
|||
public class AuthServerDataSeedContributor : IDataSeedContributor, ITransientDependency |
|||
{ |
|||
public static HashSet<string> InitializeScopes = new HashSet<string> |
|||
{ |
|||
// obsolete! microservice should be allocated separately
|
|||
"lingyun-abp-application", |
|||
// admin service
|
|||
"ams", |
|||
// identity service
|
|||
"ids", |
|||
// localization service
|
|||
"lts", |
|||
// platform service
|
|||
"pts", |
|||
// message service
|
|||
"mgs", |
|||
// task service
|
|||
"tks", |
|||
// webhook service
|
|||
"wks", |
|||
// workflow service
|
|||
"wfs", |
|||
// wechat service
|
|||
"was" |
|||
}; |
|||
|
|||
private readonly IConfiguration _configuration; |
|||
private readonly ICurrentTenant _currentTenant; |
|||
private readonly IOpenIddictApplicationManager _applicationManager; |
|||
private readonly IOpenIddictApplicationRepository _applicationRepository; |
|||
|
|||
private readonly IPermissionDataSeeder _permissionDataSeeder; |
|||
|
|||
private readonly IOpenIddictScopeManager _scopeManager; |
|||
private readonly IOpenIddictScopeRepository _scopeRepository; |
|||
|
|||
public AuthServerDataSeedContributor( |
|||
IConfiguration configuration, |
|||
ICurrentTenant currentTenant, |
|||
IOpenIddictScopeManager scopeManager, |
|||
IOpenIddictScopeRepository scopeRepository, |
|||
IPermissionDataSeeder permissionDataSeeder, |
|||
IOpenIddictApplicationManager applicationManager, |
|||
IOpenIddictApplicationRepository applicationRepository) |
|||
{ |
|||
_configuration = configuration; |
|||
_currentTenant = currentTenant; |
|||
_scopeManager = scopeManager; |
|||
_scopeRepository = scopeRepository; |
|||
_permissionDataSeeder = permissionDataSeeder; |
|||
_applicationManager = applicationManager; |
|||
_applicationRepository = applicationRepository; |
|||
} |
|||
|
|||
public async Task SeedAsync(DataSeedContext context) |
|||
{ |
|||
using (_currentTenant.Change(context.TenantId)) |
|||
{ |
|||
await CreateScopeAsync(InitializeScopes); |
|||
|
|||
await CreateApplicationAsync(InitializeScopes); |
|||
} |
|||
} |
|||
|
|||
private async Task CreateScopeAsync(IEnumerable<string> scopes) |
|||
{ |
|||
foreach (var scope in scopes) |
|||
{ |
|||
if (await _scopeRepository.FindByNameAsync(scope) == null) |
|||
{ |
|||
await _scopeManager.CreateAsync(new OpenIddictScopeDescriptor() |
|||
{ |
|||
Name = scope, |
|||
DisplayName = scope + " access", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "Abp API 应用程序访问", |
|||
[CultureInfo.GetCultureInfo("en")] = "Abp API Application Access" |
|||
}, |
|||
Resources = |
|||
{ |
|||
scope |
|||
} |
|||
}); |
|||
} |
|||
} |
|||
} |
|||
|
|||
private async Task CreateApplicationAsync(IEnumerable<string> scopes) |
|||
{ |
|||
var configurationSection = _configuration.GetSection("OpenIddict:Applications"); |
|||
|
|||
var vueClientId = configurationSection["VueAdmin:ClientId"]; |
|||
if (!vueClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
var vueClientRootUrl = configurationSection["VueAdmin:RootUrl"].EnsureEndsWith('/'); |
|||
|
|||
if (await _applicationRepository.FindByClientIdAsync(vueClientId) == null) |
|||
{ |
|||
var application = new OpenIddictApplicationDescriptor |
|||
{ |
|||
ClientId = vueClientId, |
|||
ClientSecret = configurationSection["VueAdmin:ClientSecret"], |
|||
ApplicationType = OpenIddictConstants.ApplicationTypes.Web, |
|||
ConsentType = OpenIddictConstants.ConsentTypes.Explicit, |
|||
DisplayName = "Abp Vue Admin Client", |
|||
PostLogoutRedirectUris = |
|||
{ |
|||
new Uri(vueClientRootUrl + "signout-callback"), |
|||
new Uri(vueClientRootUrl) |
|||
}, |
|||
RedirectUris = |
|||
{ |
|||
new Uri(vueClientRootUrl + "signin-callback"), |
|||
new Uri(vueClientRootUrl) |
|||
}, |
|||
Permissions = |
|||
{ |
|||
OpenIddictConstants.Permissions.Endpoints.Authorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Token, |
|||
OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Introspection, |
|||
OpenIddictConstants.Permissions.Endpoints.Revocation, |
|||
OpenIddictConstants.Permissions.Endpoints.EndSession, |
|||
|
|||
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, |
|||
OpenIddictConstants.Permissions.GrantTypes.Implicit, |
|||
OpenIddictConstants.Permissions.GrantTypes.Password, |
|||
OpenIddictConstants.Permissions.GrantTypes.RefreshToken, |
|||
OpenIddictConstants.Permissions.GrantTypes.DeviceCode, |
|||
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, |
|||
|
|||
OpenIddictConstants.Permissions.ResponseTypes.Code, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.None, |
|||
OpenIddictConstants.Permissions.ResponseTypes.Token, |
|||
|
|||
OpenIddictConstants.Permissions.Scopes.Roles, |
|||
OpenIddictConstants.Permissions.Scopes.Profile, |
|||
OpenIddictConstants.Permissions.Scopes.Email, |
|||
OpenIddictConstants.Permissions.Scopes.Address, |
|||
OpenIddictConstants.Permissions.Scopes.Phone, |
|||
} |
|||
}; |
|||
foreach (var scope in scopes) |
|||
{ |
|||
application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); |
|||
} |
|||
|
|||
await _applicationManager.CreateAsync(application); |
|||
|
|||
var vueClientPermissions = new string[1] |
|||
{ |
|||
"AbpIdentity.UserLookup" |
|||
}; |
|||
await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, vueClientId, vueClientPermissions); |
|||
} |
|||
} |
|||
|
|||
var internalServiceClientId = configurationSection["InternalService:ClientId"]; |
|||
if (!internalServiceClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
if (await _applicationRepository.FindByClientIdAsync(internalServiceClientId) == null) |
|||
{ |
|||
var application = new OpenIddictApplicationDescriptor |
|||
{ |
|||
ClientId = internalServiceClientId, |
|||
ClientSecret = configurationSection["InternalService:ClientSecret"], |
|||
ClientType = OpenIddictConstants.ClientTypes.Confidential, |
|||
ConsentType = OpenIddictConstants.ConsentTypes.Explicit, |
|||
ApplicationType = OpenIddictConstants.ApplicationTypes.Native, |
|||
DisplayName = "Abp Vue Admin Client", |
|||
Permissions = |
|||
{ |
|||
OpenIddictConstants.Permissions.Endpoints.Authorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Token, |
|||
OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Introspection, |
|||
OpenIddictConstants.Permissions.Endpoints.Revocation, |
|||
OpenIddictConstants.Permissions.Endpoints.EndSession, |
|||
|
|||
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, |
|||
OpenIddictConstants.Permissions.GrantTypes.Implicit, |
|||
OpenIddictConstants.Permissions.GrantTypes.Password, |
|||
OpenIddictConstants.Permissions.GrantTypes.RefreshToken, |
|||
OpenIddictConstants.Permissions.GrantTypes.DeviceCode, |
|||
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, |
|||
|
|||
OpenIddictConstants.Permissions.ResponseTypes.Code, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.None, |
|||
OpenIddictConstants.Permissions.ResponseTypes.Token, |
|||
|
|||
OpenIddictConstants.Permissions.Scopes.Roles, |
|||
OpenIddictConstants.Permissions.Scopes.Profile, |
|||
OpenIddictConstants.Permissions.Scopes.Email, |
|||
OpenIddictConstants.Permissions.Scopes.Address, |
|||
OpenIddictConstants.Permissions.Scopes.Phone, |
|||
} |
|||
}; |
|||
foreach (var scope in scopes) |
|||
{ |
|||
application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); |
|||
} |
|||
|
|||
await _applicationManager.CreateAsync(application); |
|||
|
|||
var internalServicePermissions = new string[2] |
|||
{ |
|||
"AbpIdentity.UserLookup","AbpIdentity.Users" |
|||
}; |
|||
await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, internalServiceClientId, internalServicePermissions); |
|||
} |
|||
} |
|||
|
|||
var oauthClientId = configurationSection["VueOAuthClient:ClientId"]; |
|||
if (!oauthClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
var oauthClientRootUrls = configurationSection.GetSection("VueOAuthClient:RootUrls").Get<List<string>>(); |
|||
|
|||
if (await _applicationRepository.FindByClientIdAsync(oauthClientId) == null) |
|||
{ |
|||
var application = new OpenIddictApplicationDescriptor |
|||
{ |
|||
ClientId = oauthClientId, |
|||
ClientSecret = null, |
|||
ApplicationType = OpenIddictConstants.ApplicationTypes.Web, |
|||
ConsentType = OpenIddictConstants.ConsentTypes.Implicit, |
|||
DisplayName = "OAuth Client", |
|||
PostLogoutRedirectUris = { }, |
|||
RedirectUris = { }, |
|||
Permissions = |
|||
{ |
|||
OpenIddictConstants.Permissions.Endpoints.Authorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Token, |
|||
OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization, |
|||
OpenIddictConstants.Permissions.Endpoints.Introspection, |
|||
OpenIddictConstants.Permissions.Endpoints.Revocation, |
|||
OpenIddictConstants.Permissions.Endpoints.EndSession, |
|||
|
|||
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, |
|||
OpenIddictConstants.Permissions.GrantTypes.RefreshToken, |
|||
|
|||
OpenIddictConstants.Permissions.ResponseTypes.Code, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.CodeToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken, |
|||
OpenIddictConstants.Permissions.ResponseTypes.None, |
|||
OpenIddictConstants.Permissions.ResponseTypes.Token, |
|||
|
|||
OpenIddictConstants.Permissions.Scopes.Roles, |
|||
OpenIddictConstants.Permissions.Scopes.Profile, |
|||
OpenIddictConstants.Permissions.Scopes.Email, |
|||
OpenIddictConstants.Permissions.Scopes.Address, |
|||
OpenIddictConstants.Permissions.Scopes.Phone, |
|||
} |
|||
}; |
|||
foreach (var scope in scopes) |
|||
{ |
|||
application.Permissions.AddIfNotContains(OpenIddictConstants.Permissions.Prefixes.Scope + scope); |
|||
} |
|||
|
|||
oauthClientRootUrls.ForEach(url => |
|||
{ |
|||
application.PostLogoutRedirectUris.AddIfNotContains(new Uri(url.EnsureEndsWith('/'))); |
|||
application.PostLogoutRedirectUris.AddIfNotContains(new Uri(url.EnsureEndsWith('/') + "signout-callback")); |
|||
|
|||
application.RedirectUris.AddIfNotContains(new Uri(url)); |
|||
application.RedirectUris.AddIfNotContains(new Uri(url.EnsureEndsWith('/') + "signin-callback")); |
|||
application.RedirectUris.AddIfNotContains(new Uri(url.EnsureEndsWith('/') + "swagger/oauth2-redirect.html")); |
|||
}); |
|||
|
|||
await _applicationManager.CreateAsync(application); |
|||
|
|||
var oauthClientPermissions = new string[1] |
|||
{ |
|||
"AbpIdentity.UserLookup" |
|||
}; |
|||
await _permissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, oauthClientId, oauthClientPermissions); |
|||
} |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,330 @@ |
|||
using Microsoft.Extensions.Configuration; |
|||
using Microsoft.Extensions.Logging; |
|||
using Microsoft.Extensions.Logging.Abstractions; |
|||
using OpenIddict.Abstractions; |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Globalization; |
|||
using System.Threading.Tasks; |
|||
using Volo.Abp.Authorization.Permissions; |
|||
using Volo.Abp.Data; |
|||
using Volo.Abp.DependencyInjection; |
|||
using Volo.Abp.OpenIddict; |
|||
using Volo.Abp.OpenIddict.Applications; |
|||
using Volo.Abp.OpenIddict.Scopes; |
|||
using Volo.Abp.PermissionManagement; |
|||
|
|||
namespace LINGYUN.Abp.MicroService.AuthServer.DataSeeder; |
|||
|
|||
public class OpenIddictDataSeederContributor : OpenIddictDataSeedContributorBase, IDataSeedContributor, ITransientDependency |
|||
{ |
|||
public ILogger<OpenIddictDataSeederContributor> Logger { protected get; set; } |
|||
protected IPermissionDataSeeder PermissionDataSeeder { get; } |
|||
public OpenIddictDataSeederContributor( |
|||
IConfiguration configuration, |
|||
IOpenIddictApplicationRepository openIddictApplicationRepository, |
|||
IAbpApplicationManager applicationManager, |
|||
IOpenIddictScopeRepository openIddictScopeRepository, |
|||
IOpenIddictScopeManager scopeManager, |
|||
IPermissionDataSeeder permissionDataSeeder) |
|||
: base(configuration, openIddictApplicationRepository, applicationManager, openIddictScopeRepository, scopeManager) |
|||
{ |
|||
PermissionDataSeeder = permissionDataSeeder; |
|||
|
|||
Logger = NullLogger<OpenIddictDataSeederContributor>.Instance; |
|||
} |
|||
|
|||
public async virtual Task SeedAsync(DataSeedContext context) |
|||
{ |
|||
if (context.TenantId.HasValue) |
|||
{ |
|||
return; |
|||
} |
|||
var scope = "lingyun-abp-application"; |
|||
|
|||
Logger.LogInformation("Seeding the default scope..."); |
|||
await CreateDefaultScopeAsync(); |
|||
await CreateApiScopeAsync(scope); |
|||
|
|||
Logger.LogInformation("Seeding the default applications..."); |
|||
await CreateApplicationAsync(scope); |
|||
|
|||
Logger.LogInformation("Seeding default applications completed."); |
|||
} |
|||
|
|||
private async Task CreateDefaultScopeAsync() |
|||
{ |
|||
// OpenID Connect核心scope - 用于标识这是一个OIDC请求
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.OpenId, |
|||
DisplayName = "OpenID Connect", // 友好的显示名称
|
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "身份认证", |
|||
[CultureInfo.GetCultureInfo("en")] = "OpenID Connect" |
|||
}, |
|||
Description = "使用OpenID Connect协议进行身份验证", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序使用您的身份信息进行登录", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to authenticate you using OpenID Connect" |
|||
} |
|||
}); |
|||
|
|||
// Profile scope - 用户基本信息
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.Profile, |
|||
DisplayName = "个人资料", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "个人资料", |
|||
[CultureInfo.GetCultureInfo("en")] = "Profile" |
|||
}, |
|||
Description = "访问您的基本个人资料信息", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序访问您的姓名、头像等基本信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your basic profile information like name and picture" |
|||
} |
|||
}); |
|||
|
|||
// Email scope
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.Email, |
|||
DisplayName = "电子邮件", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "电子邮件", |
|||
[CultureInfo.GetCultureInfo("en")] = "Email" |
|||
}, |
|||
Description = "访问您的电子邮件地址", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序访问您的电子邮件地址", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your email address" |
|||
} |
|||
}); |
|||
|
|||
// Phone scope
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.Phone, |
|||
DisplayName = "电话号码", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "电话号码", |
|||
[CultureInfo.GetCultureInfo("en")] = "Phone" |
|||
}, |
|||
Description = "访问您的电话号码", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序访问您的电话号码", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your phone number" |
|||
} |
|||
}); |
|||
|
|||
// Address scope
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.Address, |
|||
DisplayName = "地址信息", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "地址信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Address" |
|||
}, |
|||
Description = "访问您的地址信息", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序访问您的地址信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your address information" |
|||
} |
|||
}); |
|||
|
|||
// Roles scope
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.Roles, |
|||
DisplayName = "角色信息", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "角色信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Roles" |
|||
}, |
|||
Description = "访问您的角色信息", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序访问您的角色和权限信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your roles and permissions" |
|||
} |
|||
}); |
|||
|
|||
// Offline Access scope - 用于获取刷新令牌
|
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = OpenIddictConstants.Scopes.OfflineAccess, |
|||
DisplayName = "离线访问", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "离线访问", |
|||
[CultureInfo.GetCultureInfo("en")] = "Offline Access" |
|||
}, |
|||
Description = "在您未登录时访问您的信息", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序在您未登录时访问您的信息", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to access your information while you are offline" |
|||
} |
|||
}); |
|||
} |
|||
|
|||
private async Task CreateApiScopeAsync(string scope) |
|||
{ |
|||
await CreateScopesAsync(new OpenIddictScopeDescriptor |
|||
{ |
|||
Name = scope, |
|||
DisplayName = "微服务访问授权", |
|||
DisplayNames = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "微服务访问授权", |
|||
[CultureInfo.GetCultureInfo("en")] = "Single Applications" |
|||
}, |
|||
Description = "适用于微服务体系的接口授权", |
|||
Descriptions = |
|||
{ |
|||
[CultureInfo.GetCultureInfo("zh-Hans")] = "允许应用程序使用各微服务模块的接口", |
|||
[CultureInfo.GetCultureInfo("en")] = "Allow the application to use the interfaces of each microservice module" |
|||
}, |
|||
Resources = |
|||
{ |
|||
"api-gateway", |
|||
"auth-server", |
|||
"admin-service", |
|||
"identity-service", |
|||
"localization-service", |
|||
"message-service", |
|||
"platform-service", |
|||
"task-service", |
|||
"webhook-service", |
|||
"wechat-service", |
|||
"workflow-service", |
|||
} |
|||
}); |
|||
} |
|||
|
|||
private async Task CreateApplicationAsync(string scope) |
|||
{ |
|||
var configurationSection = Configuration.GetSection("OpenIddict:Applications"); |
|||
var vueClientId = configurationSection["VueAdmin:ClientId"]; |
|||
if (!vueClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
Logger.LogInformation("Seeding application {vueClientId}...", vueClientId); |
|||
|
|||
var vueClientRootUrls = configurationSection.GetSection("VueAdmin:RootUrls").Get<List<string>>() ?? []; |
|||
|
|||
var vueClientRedirectUrls = new List<string>(); |
|||
var vueClientPostLogoutRedirectUrls = new List<string>(); |
|||
vueClientRootUrls.ForEach(url => |
|||
{ |
|||
vueClientRedirectUrls.Add(url.EnsureEndsWith('/')); |
|||
vueClientRedirectUrls.Add(url.EnsureEndsWith('/') + "signin-callback"); |
|||
|
|||
vueClientPostLogoutRedirectUrls.Add(url.EnsureEndsWith('/')); |
|||
vueClientPostLogoutRedirectUrls.Add(url.EnsureEndsWith('/') + "signout-callback"); |
|||
}); |
|||
|
|||
await CreateOrUpdateApplicationAsync( |
|||
OpenIddictConstants.ApplicationTypes.Web, |
|||
vueClientId, |
|||
OpenIddictConstants.ClientTypes.Confidential, |
|||
OpenIddictConstants.ConsentTypes.Explicit, |
|||
"Abp Vue Admin Client", |
|||
configurationSection["VueAdmin:ClientSecret"] ?? "1q2w3e*", |
|||
[OpenIddictConstants.GrantTypes.AuthorizationCode, |
|||
OpenIddictConstants.GrantTypes.Implicit, |
|||
OpenIddictConstants.GrantTypes.Password, |
|||
OpenIddictConstants.GrantTypes.RefreshToken], |
|||
[OpenIddictConstants.Scopes.OpenId, |
|||
OpenIddictConstants.Scopes.Email, |
|||
OpenIddictConstants.Scopes.Roles, |
|||
OpenIddictConstants.Scopes.Address, |
|||
OpenIddictConstants.Scopes.Phone, |
|||
OpenIddictConstants.Scopes.Profile, |
|||
OpenIddictConstants.Scopes.OfflineAccess, |
|||
scope], |
|||
vueClientRedirectUrls, |
|||
vueClientPostLogoutRedirectUrls); |
|||
|
|||
var vueClientPermissions = new string[1] |
|||
{ |
|||
"AbpIdentity.UserLookup" |
|||
}; |
|||
await PermissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, vueClientId, vueClientPermissions); |
|||
} |
|||
|
|||
var internalServiceClientId = configurationSection["InternalService:ClientId"]; |
|||
if (!internalServiceClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
Logger.LogInformation("Seeding application {internalServiceClientId}...", internalServiceClientId); |
|||
|
|||
await CreateOrUpdateApplicationAsync( |
|||
OpenIddictConstants.ApplicationTypes.Native, |
|||
internalServiceClientId, |
|||
OpenIddictConstants.ClientTypes.Confidential, |
|||
OpenIddictConstants.ConsentTypes.Explicit, |
|||
"Abp Internal Service Client", |
|||
configurationSection["InternalService:ClientSecret"] ?? "1q2w3e*", |
|||
[OpenIddictConstants.GrantTypes.ClientCredentials], |
|||
[OpenIddictConstants.ResponseTypes.Token, scope]); |
|||
} |
|||
|
|||
var oauthClientId = configurationSection["VueOAuthClient:ClientId"]; |
|||
if (!oauthClientId.IsNullOrWhiteSpace()) |
|||
{ |
|||
Logger.LogInformation("Seeding application {oauthClientId}...", oauthClientId); |
|||
|
|||
var oauthClientRootUrls = configurationSection.GetSection("VueOAuthClient:RootUrls").Get<List<string>>() ?? []; |
|||
|
|||
var oauthClientRedirectUrls = new List<string>(); |
|||
var oauthClientPostLogoutRedirectUrls = new List<string>(); |
|||
oauthClientRootUrls.ForEach(url => |
|||
{ |
|||
oauthClientRedirectUrls.Add(url.EnsureEndsWith('/')); |
|||
oauthClientRedirectUrls.Add(url.EnsureEndsWith('/') + "signin-callback"); |
|||
oauthClientRedirectUrls.Add(url.EnsureEndsWith('/') + "swagger/oauth2-redirect.html"); |
|||
|
|||
oauthClientPostLogoutRedirectUrls.Add(url.EnsureEndsWith('/')); |
|||
oauthClientPostLogoutRedirectUrls.Add(url.EnsureEndsWith('/') + "signout-callback"); |
|||
}); |
|||
|
|||
await CreateOrUpdateApplicationAsync( |
|||
OpenIddictConstants.ApplicationTypes.Web, |
|||
oauthClientId, |
|||
OpenIddictConstants.ClientTypes.Public, |
|||
OpenIddictConstants.ConsentTypes.Implicit, |
|||
"Abp OAuth Client", |
|||
null, |
|||
[OpenIddictConstants.GrantTypes.AuthorizationCode, |
|||
OpenIddictConstants.GrantTypes.RefreshToken], |
|||
[OpenIddictConstants.Scopes.OpenId, |
|||
OpenIddictConstants.Scopes.Email, |
|||
OpenIddictConstants.Scopes.Roles, |
|||
OpenIddictConstants.Scopes.Address, |
|||
OpenIddictConstants.Scopes.Phone, |
|||
OpenIddictConstants.Scopes.Profile, |
|||
OpenIddictConstants.Scopes.OfflineAccess, |
|||
scope], |
|||
oauthClientRedirectUrls, |
|||
oauthClientPostLogoutRedirectUrls); |
|||
|
|||
var oauthClientPermissions = new string[1] |
|||
{ |
|||
"AbpIdentity.UserLookup" |
|||
}; |
|||
await PermissionDataSeeder.SeedAsync(ClientPermissionValueProvider.ProviderName, oauthClientId, oauthClientPermissions); |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,89 @@ |
|||
using JetBrains.Annotations; |
|||
using Microsoft.Extensions.Logging; |
|||
using OpenIddict.Abstractions; |
|||
using System.Threading.Tasks; |
|||
using Volo.Abp.Data; |
|||
using Volo.Abp.DependencyInjection; |
|||
using Volo.Abp.Guids; |
|||
using Volo.Abp.Identity; |
|||
|
|||
namespace LY.MicroService.Applications.Single.EntityFrameworkCore.DataSeeder; |
|||
public class IdentityClaimTypeDataSeedContributor : IDataSeedContributor, ITransientDependency |
|||
{ |
|||
public ILogger<IdentityClaimTypeDataSeedContributor> Logger { protected get; set; } |
|||
|
|||
protected IGuidGenerator GuidGenerator { get; } |
|||
protected IdentityClaimTypeManager IdentityClaimTypeManager { get; } |
|||
protected IIdentityClaimTypeRepository IdentityClaimTypeRepository { get; } |
|||
public IdentityClaimTypeDataSeedContributor( |
|||
IGuidGenerator guidGenerator, |
|||
IdentityClaimTypeManager identityClaimTypeManager, |
|||
IIdentityClaimTypeRepository identityClaimTypeRepository) |
|||
{ |
|||
GuidGenerator = guidGenerator; |
|||
IdentityClaimTypeManager = identityClaimTypeManager; |
|||
IdentityClaimTypeRepository = identityClaimTypeRepository; |
|||
} |
|||
|
|||
public async virtual Task SeedAsync(DataSeedContext context) |
|||
{ |
|||
if (context.TenantId.HasValue) |
|||
{ |
|||
return; |
|||
} |
|||
|
|||
Logger.LogInformation("Seeding the default identity claim types..."); |
|||
|
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Address); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Birthdate, valueType: IdentityClaimValueType.DateTime); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Country); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Email); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.EmailVerified, valueType: IdentityClaimValueType.Boolean); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.FamilyName); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Gender); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.GivenName); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Locale); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Locality); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.MiddleName); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Name); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Nickname); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.PhoneNumber); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.PhoneNumberVerified, valueType: IdentityClaimValueType.Boolean); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Picture); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.PostalCode); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.PreferredUsername); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Profile); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Region); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Role); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.StreetAddress); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Username); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Website); |
|||
await CreateIdentityClaimTypeAsync(OpenIddictConstants.Claims.Zoneinfo); |
|||
|
|||
Logger.LogInformation("Seeding default identity claim types completed."); |
|||
} |
|||
|
|||
private async Task CreateIdentityClaimTypeAsync( |
|||
[NotNull] string name, |
|||
bool required = false, |
|||
bool isStatic = false, |
|||
[CanBeNull] string regex = null, |
|||
[CanBeNull] string regexDescription = null, |
|||
[CanBeNull] string description = null, |
|||
IdentityClaimValueType valueType = IdentityClaimValueType.String) |
|||
{ |
|||
if (!await IdentityClaimTypeRepository.AnyAsync(name)) |
|||
{ |
|||
await IdentityClaimTypeManager.CreateAsync( |
|||
new IdentityClaimType( |
|||
GuidGenerator.Create(), |
|||
name, |
|||
required, |
|||
isStatic, |
|||
regex, |
|||
regexDescription, |
|||
description, |
|||
valueType)); |
|||
} |
|||
} |
|||
} |
|||
Loading…
Reference in new issue