using Kdbndp.TypeHandlers;
using Microsoft.IdentityModel.Tokens;
using ReZero.Configuration;
using SqlSugar;
using System;
using System.Collections.Generic;
using System.Data;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
namespace ReZero.SuperAPI
{
public partial class MethodApi
{
public DateTime? TokenExpiration { get; set; }
///
/// 获取JWT Token
///
/// JWT Token字符串
public string GetToken(string userName, string password)
{
var db = App.Db;
var options = SuperAPIModule._apiOptions;
var jwt = options?.InterfaceOptions?.Jwt ?? new Configuration.ReZeroJwt();
ZeroUserInfo data = GetAdminUserInfo(userName, password, db);
if (data != null && string.IsNullOrEmpty(data.BusinessAccount))
{
return GenerateJwtToken(data, jwt);
}
else if (data != null&& !string.IsNullOrEmpty(data.BusinessAccount))
{
var dt = db.Queryable()
.AS(jwt.UserTableName)
.Where(jwt.UserNameFieldName, "=", data.BusinessAccount)
.ToDataTable();
if (dt.Rows.Count == 0)
{
throw new Exception(TextHandler.GetCommonText("授权失败", "Authorization failure"));
}
return GenerateJwtToken(dt.Rows[0], jwt);
}
else //业务表登录
{
CheckJwt(jwt);
DataTable dt = new DataTable();
try
{
dt = db.Queryable()
.AS(jwt.UserTableName)
.Where(jwt.PasswordFieldName, "=", password)
.Where(jwt.UserNameFieldName, "=", userName)
.ToDataTable();
}
catch (Exception)
{
throw new Exception(TextHandler.GetCommonText("授权失败", "Authorization failure"));
}
if (dt.Rows.Count == 0)
{
throw new Exception(TextHandler.GetCommonText("授权失败", "Authorization failure"));
}
return GenerateJwtToken(dt.Rows[0], jwt);
}
}
///
/// 获取管理员用户信息
///
/// 管理员用户信息
private static ZeroUserInfo GetAdminUserInfo(string userName, string password, ISqlSugarClient db)
{
// 先验证是不是系统管理员账号
return db.Queryable()
.Where(it => it.UserName == userName)
.Where(it => it.Password == password).First();
}
///
/// 检查JWT配置
///
///
/// 生成JWT Token
///
/// JWT Token字符串
private string GenerateJwtToken(ZeroUserInfo user, ReZeroJwt jwt)
{
var options = SuperAPIModule._apiOptions;
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(jwt.Secret);
var claims = new List();
claims.Add(new Claim(ClaimTypes.Name, user.UserName));
foreach (var claim in jwt.Claim ?? new List())
{
claims.Add(new Claim(claim.Key, user.GetType().GetProperty(claim.FieldName)?.GetValue(user, null)?.ToString() ?? ""));
}
var tokenExpiration = this.TokenExpiration;
if (tokenExpiration == null)
{
tokenExpiration = DateTime.UtcNow.AddMinutes(jwt?.Expires ?? 1000);
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims.ToArray()),
Expires = tokenExpiration,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
///
/// 生成JWT Token
///
/// JWT Token字符串
private string GenerateJwtToken(DataRow user, ReZeroJwt jwt)
{
var options = SuperAPIModule._apiOptions;
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(jwt.Secret);
var claims = new List();
claims.Add(new Claim(ClaimTypes.Name, user[jwt.UserNameFieldName] + ""));
foreach (var claim in jwt.Claim ?? new List())
{
claims.Add(new Claim(claim.Key, user[claim.FieldName] + ""));
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims.ToArray()),
Expires = DateTime.UtcNow.AddMinutes(jwt?.Expires ?? 1000),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
}
}