tsai
/
abp-next-admin2
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

feat(token): Add token wildcard Issuer validator 

- add [TokenWildcardIssuerValidator](https://github.com/maliming/Owl.TokenWildcardIssuerValidator)
- The microservice module adds jwt `IssuerValidator`
pull/1235/head
colin 9 months ago
parent
b09e1cf879
commit
89963577d8
23 changed files with 115 additions and 263 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/LINGYUN.Abp.Claims.Mapping.csproj
  2. 5
      aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/Microsoft/IdentityModel/Tokens/TokenWildcardIssuerValidator.cs
  3. 2
      aspnet-core/migrations/LY.MicroService.WebhooksManagement.EntityFrameworkCore/LY.MicroService.WebhooksManagement.EntityFrameworkCore.csproj
  4. 112
      aspnet-core/services/LY.MicroService.Applications.Single/AbpDynamicFeatureDefinitionStoreInMemoryCache.cs
  5. 2
      aspnet-core/services/LY.MicroService.Applications.Single/GlobalUsings.cs
  6. 1
      aspnet-core/services/LY.MicroService.Applications.Single/LY.MicroService.Applications.Single.csproj
  7. 6
      aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs
  8. 1
      aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.cs
  9. 127
      aspnet-core/services/LY.MicroService.Applications.Single/TokenWildcardIssuerValidator.cs
  10. 11
      aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs
  11. 1
      aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.cs
  12. 1
      aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs
  13. 2
      aspnet-core/services/LY.MicroService.AuthServer/LY.MicroService.AuthServer.csproj
  14. 6
      aspnet-core/services/LY.MicroService.AuthServer/package.json
  15. 13
      aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
  16. 10
      aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
  17. 11
      aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
  18. 15
      aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
  19. 11
      aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
  20. 10
      aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs
  21. 10
      aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs
  22. 10
      aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs
  23. 10
      aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs

1
aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/LINGYUN.Abp.Claims.Mapping.csproj
View File

@ -16,6 +16,7 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="Volo.Abp.Security" /> <PackageReference Include="Volo.Abp.Security" />
<PackageReference Include="IdentityModel" /> <PackageReference Include="IdentityModel" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" />
</ItemGroup> </ItemGroup>
</Project> </Project>

5
aspnet-core/services/LY.MicroService.AuthServer/TokenWildcardIssuerValidator.cs → aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/Microsoft/IdentityModel/Tokens/TokenWildcardIssuerValidator.cs
View File

@ -1,5 +1,4 @@
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Globalization; using System.Globalization;
@ -7,9 +6,10 @@ using System.Linq;
using System.Text; using System.Text;
using Volo.Abp.Text.Formatting; using Volo.Abp.Text.Formatting;
namespace LY.MicroService.AuthServer; namespace Microsoft.IdentityModel.Tokens;
/// <summary> /// <summary>
/// Copy from: https://github.com/maliming/Owl.TokenWildcardIssuerValidator
/// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/Validators.cs#L207 /// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/Validators.cs#L207
/// </summary> /// </summary>
public static class TokenWildcardIssuerValidator public static class TokenWildcardIssuerValidator
@ -128,3 +128,4 @@ public static class TokenWildcardIssuerValidator
return first ? Utility.Empty : sb.ToString(); return first ? Utility.Empty : sb.ToString();
} }
} }

2
aspnet-core/migrations/LY.MicroService.WebhooksManagement.EntityFrameworkCore/LY.MicroService.WebhooksManagement.EntityFrameworkCore.csproj
View File

@ -18,7 +18,7 @@
<PackageReference Include="Volo.Abp.FeatureManagement.EntityFrameworkCore" /> <PackageReference Include="Volo.Abp.FeatureManagement.EntityFrameworkCore" />
<PackageReference Include="Volo.Abp.SettingManagement.EntityFrameworkCore" /> <PackageReference Include="Volo.Abp.SettingManagement.EntityFrameworkCore" />
<PackageReference Include="Volo.Abp.PermissionManagement.EntityFrameworkCore" /> <PackageReference Include="Volo.Abp.PermissionManagement.EntityFrameworkCore" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" VersionOverride="9.0.2" /> <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

112
aspnet-core/services/LY.MicroService.Applications.Single/AbpDynamicFeatureDefinitionStoreInMemoryCache.cs
View File

@ -1,112 +0,0 @@

using Volo.Abp.DependencyInjection;
namespace LY.MicroService.Applications.Single;
[Dependency(ServiceLifetime.Singleton, ReplaceServices = true)]
public class AbpDynamicFeatureDefinitionStoreInMemoryCache : IDynamicFeatureDefinitionStoreInMemoryCache
{
public string CacheStamp { get; set; }
protected IDictionary<string, FeatureGroupDefinition> FeatureGroupDefinitions { get; }
protected IDictionary<string, FeatureDefinition> FeatureDefinitions { get; }
protected StringValueTypeSerializer StateCheckerSerializer { get; }
protected ILocalizableStringSerializer LocalizableStringSerializer { get; }
public SemaphoreSlim SyncSemaphore { get; } = new(1, 1);
public DateTime? LastCheckTime { get; set; }
public AbpDynamicFeatureDefinitionStoreInMemoryCache(
StringValueTypeSerializer stateCheckerSerializer,
ILocalizableStringSerializer localizableStringSerializer)
{
StateCheckerSerializer = stateCheckerSerializer;
LocalizableStringSerializer = localizableStringSerializer;
FeatureGroupDefinitions = new Dictionary<string, FeatureGroupDefinition>();
FeatureDefinitions = new Dictionary<string, FeatureDefinition>();
}
public Task FillAsync(
List<FeatureGroupDefinitionRecord> featureGroupRecords,
List<FeatureDefinitionRecord> featureRecords)
{
FeatureGroupDefinitions.Clear();
FeatureDefinitions.Clear();
var context = new FeatureDefinitionContext();
foreach (var featureGroupRecord in featureGroupRecords)
{
var featureGroup = context.AddGroup(
featureGroupRecord.Name,
featureGroupRecord.DisplayName != null ? LocalizableStringSerializer.Deserialize(featureGroupRecord.DisplayName) : null
);
FeatureGroupDefinitions[featureGroup.Name] = featureGroup;
foreach (var property in featureGroupRecord.ExtraProperties)
{
featureGroup[property.Key] = property.Value;
}
var featureRecordsInThisGroup = featureRecords
.Where(p => p.GroupName == featureGroup.Name);
foreach (var featureRecord in featureRecordsInThisGroup.Where(x => x.ParentName == null))
{
AddFeatureRecursively(featureGroup, featureRecord, featureRecords);
}
}
return Task.CompletedTask;
}
public FeatureDefinition GetFeatureOrNull(string name)
{
return FeatureDefinitions.GetOrDefault(name);
}
public IReadOnlyList<FeatureDefinition> GetFeatures()
{
return FeatureDefinitions.Values.ToList();
}
public IReadOnlyList<FeatureGroupDefinition> GetGroups()
{
return FeatureGroupDefinitions.Values.ToList();
}
private void AddFeatureRecursively(ICanCreateChildFeature featureContainer,
FeatureDefinitionRecord featureRecord,
List<FeatureDefinitionRecord> allFeatureRecords)
{
var feature = featureContainer.CreateChildFeature(
featureRecord.Name,
featureRecord.DefaultValue,
featureRecord.DisplayName != null ? LocalizableStringSerializer.Deserialize(featureRecord.DisplayName) : null,
featureRecord.Description != null ? LocalizableStringSerializer.Deserialize(featureRecord.Description) : null,
StateCheckerSerializer.Deserialize(featureRecord.ValueType),
featureRecord.IsVisibleToClients,
featureRecord.IsAvailableToHost
);
FeatureDefinitions[feature.Name] = feature;
if (!featureRecord.AllowedProviders.IsNullOrWhiteSpace())
{
feature.AllowedProviders.AddRange(featureRecord.AllowedProviders.Split(','));
}
foreach (var property in featureRecord.ExtraProperties)
{
feature[property.Key] = property.Value;
}
foreach (var subFeature in allFeatureRecords.Where(p => p.ParentName == featureRecord.Name))
{
AddFeatureRecursively(feature, subFeature, allFeatureRecords);
}
}
}

2
aspnet-core/services/LY.MicroService.Applications.Single/GlobalUsings.cs
View File

@ -142,6 +142,7 @@ global using Microsoft.AspNetCore.Server.Kestrel.Core;
global using Microsoft.Extensions.Caching.StackExchangeRedis; global using Microsoft.Extensions.Caching.StackExchangeRedis;
global using Microsoft.Extensions.DependencyInjection; global using Microsoft.Extensions.DependencyInjection;
global using Microsoft.IdentityModel.Logging; global using Microsoft.IdentityModel.Logging;
global using Microsoft.IdentityModel.Tokens;
global using Microsoft.OpenApi.Models; global using Microsoft.OpenApi.Models;
global using MiniExcelLibs.Attributes; global using MiniExcelLibs.Attributes;
global using OpenIddict.Server; global using OpenIddict.Server;
@ -158,7 +159,6 @@ global using Volo.Abp.AspNetCore.Authentication.JwtBearer;
global using Volo.Abp.AspNetCore.Mvc; global using Volo.Abp.AspNetCore.Mvc;
global using Volo.Abp.AspNetCore.Mvc.AntiForgery; global using Volo.Abp.AspNetCore.Mvc.AntiForgery;
global using Volo.Abp.AspNetCore.Mvc.UI.Bundling; global using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
//global using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
global using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonXLite; global using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonXLite;
global using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Bundling; global using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Bundling;
global using Volo.Abp.AspNetCore.Serilog; global using Volo.Abp.AspNetCore.Serilog;

1
aspnet-core/services/LY.MicroService.Applications.Single/LY.MicroService.Applications.Single.csproj
View File

@ -104,6 +104,7 @@
<ProjectReference Include="..\..\framework\navigation\LINGYUN.Abp.UI.Navigation\LINGYUN.Abp.UI.Navigation.csproj" /> <ProjectReference Include="..\..\framework\navigation\LINGYUN.Abp.UI.Navigation\LINGYUN.Abp.UI.Navigation.csproj" />
<ProjectReference Include="..\..\framework\open-api\LINGYUN.Abp.OpenApi.Authorization\LINGYUN.Abp.OpenApi.Authorization.csproj" /> <ProjectReference Include="..\..\framework\open-api\LINGYUN.Abp.OpenApi.Authorization\LINGYUN.Abp.OpenApi.Authorization.csproj" />
<ProjectReference Include="..\..\framework\open-api\LINGYUN.Abp.OpenApi\LINGYUN.Abp.OpenApi.csproj" /> <ProjectReference Include="..\..\framework\open-api\LINGYUN.Abp.OpenApi\LINGYUN.Abp.OpenApi.csproj" />
<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
<ProjectReference Include="..\..\framework\settings\LINGYUN.Abp.SettingManagement.Application.Contracts\LINGYUN.Abp.SettingManagement.Application.Contracts.csproj" /> <ProjectReference Include="..\..\framework\settings\LINGYUN.Abp.SettingManagement.Application.Contracts\LINGYUN.Abp.SettingManagement.Application.Contracts.csproj" />
<ProjectReference Include="..\..\framework\tenants\LINGYUN.Abp.MultiTenancy.Editions\LINGYUN.Abp.MultiTenancy.Editions.csproj" /> <ProjectReference Include="..\..\framework\tenants\LINGYUN.Abp.MultiTenancy.Editions\LINGYUN.Abp.MultiTenancy.Editions.csproj" />
<ProjectReference Include="..\..\framework\wechat\LINGYUN.Abp.Identity.WeChat.Work\LINGYUN.Abp.Identity.WeChat.Work.csproj" /> <ProjectReference Include="..\..\framework\wechat\LINGYUN.Abp.Identity.WeChat.Work\LINGYUN.Abp.Identity.WeChat.Work.csproj" />

6
aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs
View File

@ -47,6 +47,10 @@ public partial class MicroServiceApplicationsSingleModule
return; return;
} }
options options
.UseMySql(mySqlOptions =>
{
configuration.GetSection("CAP:MySql").Bind(mySqlOptions);
})
.UseRabbitMQ(rabbitMQOptions => .UseRabbitMQ(rabbitMQOptions =>
{ {
configuration.GetSection("CAP:RabbitMQ").Bind(rabbitMQOptions); configuration.GetSection("CAP:RabbitMQ").Bind(rabbitMQOptions);
@ -770,7 +774,7 @@ public partial class MicroServiceApplicationsSingleModule
Configure<AbpBundlingOptions>(options => Configure<AbpBundlingOptions>(options =>
{ {
options.ScriptBundles options.ScriptBundles
.Configure(StandardBundles.Styles.Global, bundle => .Configure(StandardBundles.Scripts.Global, bundle =>
{ {
bundle.AddContributors(typeof(SingleGlobalScriptContributor)); bundle.AddContributors(typeof(SingleGlobalScriptContributor));
}); });

1
aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.cs
View File

@ -53,7 +53,6 @@ namespace LY.MicroService.Applications.Single;
typeof(AbpGdprWebModule), typeof(AbpGdprWebModule),
// MVC Theme // MVC Theme
//typeof(AbpAspNetCoreMvcUiBasicThemeModule),
typeof(AbpAspNetCoreMvcUiLeptonXLiteThemeModule), typeof(AbpAspNetCoreMvcUiLeptonXLiteThemeModule),
// 审计日志模块 应用服务 // 审计日志模块 应用服务

127
aspnet-core/services/LY.MicroService.Applications.Single/TokenWildcardIssuerValidator.cs
View File

@ -1,127 +0,0 @@
using Microsoft.IdentityModel.Tokens;
using System.Globalization;
using System.Text;
using Volo.Abp.Text.Formatting;
namespace LY.MicroService.Applications.Single;
/// <summary>
/// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/Validators.cs#L207
/// </summary>
public static class TokenWildcardIssuerValidator
{
private const string IDX10204 = "IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null.";
private const string IDX10205 = "IDX10205: Issuer validation failed. Issuer: '{0}'. Did not match: validationParameters.ValidIssuer: '{1}' or validationParameters.ValidIssuers: '{2}'.";
private const string IDX10211 = "IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace";
private const string IDX10235 = "IDX10235: ValidateIssuer property on ValidationParameters is set to false. Exiting without validating the issuer.";
private const string IDX10236 = "IDX10236: Issuer Validated.Issuer: '{0}'";
public static readonly IssuerValidator IssuerValidator = (issuer, token, validationParameters) =>
{
if (validationParameters == null)
{
throw LogHelper.LogArgumentNullException(nameof(validationParameters));
}
if (!validationParameters.ValidateIssuer)
{
LogHelper.LogInformation(IDX10235);
return issuer;
}
if (string.IsNullOrWhiteSpace(issuer))
{
throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidIssuerException(IDX10211)
{
InvalidIssuer = issuer
});
}
// Throw if all possible places to validate against are null or empty
if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer) &&
validationParameters.ValidIssuers == null)
{
throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidIssuerException(IDX10204)
{
InvalidIssuer = issuer
});
}
if (string.Equals(validationParameters.ValidIssuer, issuer, StringComparison.Ordinal))
{
LogHelper.LogInformation(IDX10236, issuer);
return issuer;
}
if (!string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
{
var extractResult = FormattedStringValueExtracter.Extract(issuer, validationParameters.ValidIssuer, ignoreCase: true);
if (extractResult.IsMatch &&
extractResult.Matches.Aggregate(validationParameters.ValidIssuer, (current, nameValue) => current.Replace($"{{{nameValue.Name}}}", nameValue.Value))
.IndexOf(issuer, StringComparison.OrdinalIgnoreCase) >= 0)
{
return issuer;
}
}
if (null != validationParameters.ValidIssuers)
{
foreach (var str in validationParameters.ValidIssuers)
{
if (string.IsNullOrEmpty(str))
{
LogHelper.LogInformation(IDX10235);
continue;
}
if (string.Equals(str, issuer, StringComparison.Ordinal))
{
LogHelper.LogInformation(IDX10236, issuer);
return issuer;
}
var extractResult = FormattedStringValueExtracter.Extract(issuer, str, ignoreCase: true);
if (extractResult.IsMatch &&
extractResult.Matches.Aggregate(str, (current, nameValue) => current.Replace($"{{{nameValue.Name}}}", nameValue.Value))
.IndexOf(issuer, StringComparison.OrdinalIgnoreCase) >= 0)
{
return issuer;
}
}
}
throw LogHelper.LogExceptionMessage(
new SecurityTokenInvalidIssuerException(LogHelper.FormatInvariant(IDX10205, issuer,
(validationParameters.ValidIssuer ?? "null"),
SerializeAsSingleCommaDelimitedString(validationParameters.ValidIssuers)))
{
InvalidIssuer = issuer
});
};
private static string SerializeAsSingleCommaDelimitedString(IEnumerable<string> strings)
{
if (strings == null)
{
return Utility.Null;
}
var sb = new StringBuilder();
var first = true;
foreach (var str in strings)
{
if (first)
{
sb.AppendFormat(CultureInfo.InvariantCulture, "{0}", str ?? Utility.Null);
first = false;
}
else
{
sb.AppendFormat(CultureInfo.InvariantCulture, ", {0}", str ?? Utility.Null);
}
}
return first ? Utility.Empty : sb.ToString();
}
}

11
aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs
View File

@ -21,9 +21,11 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Text.Encodings.Web; using System.Text.Encodings.Web;
using System.Text.Unicode; using System.Text.Unicode;
@ -447,9 +449,16 @@ public partial class AuthServerHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

1
aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.cs
View File

@ -38,6 +38,7 @@ using Volo.Abp.EntityFrameworkCore.MySQL;
using Volo.Abp.FeatureManagement.EntityFrameworkCore; using Volo.Abp.FeatureManagement.EntityFrameworkCore;
using Volo.Abp.Http.Client; using Volo.Abp.Http.Client;
using Volo.Abp.Modularity; using Volo.Abp.Modularity;
using Volo.Abp.MultiTenancy;
using Volo.Abp.OpenIddict.EntityFrameworkCore; using Volo.Abp.OpenIddict.EntityFrameworkCore;
using Volo.Abp.PermissionManagement.EntityFrameworkCore; using Volo.Abp.PermissionManagement.EntityFrameworkCore;
using Volo.Abp.SettingManagement.EntityFrameworkCore; using Volo.Abp.SettingManagement.EntityFrameworkCore;

1
aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs
View File

@ -380,6 +380,7 @@ public partial class AuthServerModule
.AddJwtBearer(options => .AddJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>(); var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0) if (validIssuers?.Count > 0)
{ {

2
aspnet-core/services/LY.MicroService.AuthServer/LY.MicroService.AuthServer.csproj
View File

@ -33,7 +33,6 @@
<PackageReference Include="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" /> <PackageReference Include="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" />
<PackageReference Include="Volo.Abp.AspNetCore.Serilog" /> <PackageReference Include="Volo.Abp.AspNetCore.Serilog" />
<PackageReference Include="Volo.Abp.Account.Web.OpenIddict" /> <PackageReference Include="Volo.Abp.Account.Web.OpenIddict" />
<!--<PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic" />-->
<PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonXLite" /> <PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonXLite" />
<PackageReference Include="Volo.Abp.Caching.StackExchangeRedis" /> <PackageReference Include="Volo.Abp.Caching.StackExchangeRedis" />
<PackageReference Include="Volo.Abp.Autofac" /> <PackageReference Include="Volo.Abp.Autofac" />
@ -52,6 +51,7 @@
<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" /> <ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" /> <ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" /> <ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
<!--<ProjectReference Include="..\..\framework\telemetry\LINGYUN.Abp.Telemetry.OpenTelemetry\LINGYUN.Abp.Telemetry.OpenTelemetry.csproj" />--> <!--<ProjectReference Include="..\..\framework\telemetry\LINGYUN.Abp.Telemetry.OpenTelemetry\LINGYUN.Abp.Telemetry.OpenTelemetry.csproj" />-->
<ProjectReference Include="..\..\framework\telemetry\LINGYUN.Abp.Telemetry.SkyWalking\LINGYUN.Abp.Telemetry.SkyWalking.csproj" /> <ProjectReference Include="..\..\framework\telemetry\LINGYUN.Abp.Telemetry.SkyWalking\LINGYUN.Abp.Telemetry.SkyWalking.csproj" />
</ItemGroup> </ItemGroup>

6
aspnet-core/services/LY.MicroService.AuthServer/package.json
View File

@ -1,9 +1,9 @@
{ {
"version": "9.1.3", "version": "9.2.0",
"name": "my-app-authserver", "name": "my-app-authserver",
"private": true, "private": true,
"dependencies": { "dependencies": {
"@abp/aspnetcore.mvc.ui.theme.leptonxlite": "4.1.3", "@abp/aspnetcore.mvc.ui.theme.leptonxlite": "4.2.0",
"@abp/qrcode": "9.1.3" "@abp/qrcode": "9.2.0"
} }
} }

13
aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
View File

@ -20,6 +20,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
@ -413,14 +414,16 @@ public partial class BackendAdminHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
//options.Authority = configuration["AuthServer:Authority"]; var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
//options.RequireHttpsMetadata = false; if (validIssuers?.Count > 0)
//options.Audience = configuration["AuthServer:ApiName"]; {
//options.MapInboundClaims = false; options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

10
aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
View File

@ -19,6 +19,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
@ -436,9 +437,16 @@ public partial class IdentityServerHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

11
aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
View File

@ -17,9 +17,11 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Text.Encodings.Web; using System.Text.Encodings.Web;
using System.Text.Unicode; using System.Text.Unicode;
@ -319,9 +321,16 @@ public partial class LocalizationManagementHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (isDevelopment) if (isDevelopment)

15
aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
View File

@ -21,9 +21,11 @@ using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Text.Encodings.Web; using System.Text.Encodings.Web;
@ -209,6 +211,7 @@ public partial class PlatformManagementHttpApiHostModule
{ {
Configure<AbpAuditingOptions>(options => Configure<AbpAuditingOptions>(options =>
{ {
options.IsEnabledForIntegrationServices = true;
options.ApplicationName = ApplicationName; options.ApplicationName = ApplicationName;
// 是否启用实体变更记录 // 是否启用实体变更记录
var allEntitiesSelectorIsEnabled = configuration["Auditing:AllEntitiesSelector"]; var allEntitiesSelectorIsEnabled = configuration["Auditing:AllEntitiesSelector"];
@ -395,9 +398,17 @@ public partial class PlatformManagementHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
options.Events = new JwtBearerEvents options.Events = new JwtBearerEvents
{ {
OnMessageReceived = context => OnMessageReceived = context =>
@ -414,6 +425,8 @@ public partial class PlatformManagementHttpApiHostModule
}; };
}); });
services.AddAlwaysAllowAuthorization();
if (!isDevelopment) if (!isDevelopment)
{ {
var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]); var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

11
aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
View File

@ -22,6 +22,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using Quartz; using Quartz;
using StackExchange.Redis; using StackExchange.Redis;
@ -422,9 +423,17 @@ public partial class RealtimeMessageHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
options.Events = new JwtBearerEvents options.Events = new JwtBearerEvents
{ {
OnMessageReceived = context => OnMessageReceived = context =>

10
aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs
View File

@ -18,6 +18,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using Quartz; using Quartz;
using StackExchange.Redis; using StackExchange.Redis;
@ -374,9 +375,16 @@ public partial class TaskManagementHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

10
aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs
View File

@ -21,6 +21,7 @@ using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using Quartz; using Quartz;
using StackExchange.Redis; using StackExchange.Redis;
@ -404,9 +405,16 @@ public partial class WebhooksManagementHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

10
aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs
View File

@ -16,6 +16,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using StackExchange.Redis; using StackExchange.Redis;
using System; using System;
@ -354,9 +355,16 @@ public partial class WechatManagementHttpApiHostModule
private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false) private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
{ {
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
if (!isDevelopment) if (!isDevelopment)

10
aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs
View File

@ -22,6 +22,7 @@ using Microsoft.Extensions.Caching.StackExchangeRedis;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Logging; using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using Quartz; using Quartz;
using StackExchange.Redis; using StackExchange.Redis;
@ -457,9 +458,16 @@ public partial class WorkflowManagementHttpApiHostModule
}); });
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => .AddAbpJwtBearer(options =>
{ {
configuration.GetSection("AuthServer").Bind(options); configuration.GetSection("AuthServer").Bind(options);
var validIssuers = configuration.GetSection("AuthServer:ValidIssuers").Get<List<string>>();
if (validIssuers?.Count > 0)
{
options.TokenValidationParameters.ValidIssuers = validIssuers;
options.TokenValidationParameters.IssuerValidator = TokenWildcardIssuerValidator.IssuerValidator;
}
}); });
//services.AddElsaJwtBearerAuthentication(options => //services.AddElsaJwtBearerAuthentication(options =>

Write Preview
Loading…
Cancel
Save