|
|
@@ -67,335 +67,6 @@ namespace TEAMModelBI.Controllers
|
|
|
_http = http;
|
|
|
}
|
|
|
|
|
|
- /// <summary>
|
|
|
- /// 钉钉扫码登录
|
|
|
- /// 先获取是否在钉钉架构中
|
|
|
- /// 获取数据库是否有该人员
|
|
|
- /// </summary>
|
|
|
- /// <param name="jsonElement"></param>
|
|
|
- /// <returns>Json结果</returns>
|
|
|
- [ProducesDefaultResponseType]
|
|
|
- [HttpPost("DingLogin")]
|
|
|
- [AllowAnonymous]
|
|
|
- public async Task<IActionResult> DingLogin(JsonElement jsonElement)
|
|
|
- {
|
|
|
- //state 是前端传入的,钉钉并不会修改,比如有多种登录方式的时候,一个登录方法判断登录方式可以进行不同的处理。
|
|
|
- try
|
|
|
- {
|
|
|
- string str_appKey = _configuration["DingDingAuth:appKey"];
|
|
|
- string str_appSecret = _configuration["DingDingAuth:appSecret"];
|
|
|
- if (string.IsNullOrWhiteSpace(str_appKey) || string.IsNullOrWhiteSpace(str_appSecret))
|
|
|
- {
|
|
|
- return Ok(new { state = 0, message = "扫码登录失败" });
|
|
|
- }
|
|
|
- //自己传的code
|
|
|
- if (!jsonElement.TryGetProperty("code", out JsonElement LoginTempCode)) return BadRequest();
|
|
|
-
|
|
|
- //获取企业内部应用的accessToken
|
|
|
- DefaultDingTalkClient Iclient = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken");
|
|
|
- OapiGettokenRequest request = new OapiGettokenRequest();
|
|
|
- request.Appkey = str_appKey;
|
|
|
- request.Appsecret = str_appSecret;
|
|
|
- request.SetHttpMethod("GET");
|
|
|
- OapiGettokenResponse tokenResponse = Iclient.Execute(request);
|
|
|
- if (tokenResponse.IsError)
|
|
|
- {
|
|
|
- return Ok(new { state = 0, message = "扫码登录失败" });
|
|
|
- }
|
|
|
-
|
|
|
- string access_token = tokenResponse.AccessToken;
|
|
|
- //获取临时授权码 获取授权用户的个人信息
|
|
|
- DefaultDingTalkClient clientinfo = new DefaultDingTalkClient("https://oapi.dingtalk.com/sns/getuserinfo_bycode");
|
|
|
- OapiSnsGetuserinfoBycodeRequest req = new OapiSnsGetuserinfoBycodeRequest() { TmpAuthCode = $"{LoginTempCode}" }; //通过扫描二维码,跳转到指定的Url后,向Url中追加Code临时授权码
|
|
|
- OapiSnsGetuserinfoBycodeResponse response = clientinfo.Execute(req, str_appKey, str_appSecret);
|
|
|
- if (response.IsError)
|
|
|
- {
|
|
|
- return Ok(new { state = 0, message = "扫码登录失败" });
|
|
|
- }
|
|
|
-
|
|
|
- string unionid = response.UserInfo.Unionid;
|
|
|
- IDingTalkClient client2 = new DefaultDingTalkClient("https://oapi.dingtalk.com/topapi/user/getbyunionid"); //userid地址
|
|
|
- OapiUserGetbyunionidRequest byunionidRequest = new OapiUserGetbyunionidRequest() { Unionid = unionid };
|
|
|
- OapiUserGetbyunionidResponse byunionidResponse = client2.Execute(byunionidRequest, access_token);
|
|
|
- if (byunionidResponse.IsError)
|
|
|
- {
|
|
|
- return Ok(new { state = 0, message = "扫码登录失败" });
|
|
|
- }
|
|
|
-
|
|
|
- // 根据userId获取用户信息
|
|
|
- string userid = byunionidResponse.Result.Userid;
|
|
|
- IDingTalkClient client3 = new DefaultDingTalkClient("https://oapi.dingtalk.com/topapi/v2/user/get");
|
|
|
- OapiV2UserGetRequest v2GetRequest = new OapiV2UserGetRequest()
|
|
|
- {
|
|
|
- Userid = userid,
|
|
|
- Language = "zh_CN"
|
|
|
- };
|
|
|
- v2GetRequest.SetHttpMethod("POST");
|
|
|
- OapiV2UserGetResponse v2GetResponse = client3.Execute(v2GetRequest, access_token);
|
|
|
- if (v2GetResponse.IsError)
|
|
|
- {
|
|
|
- return Ok(new { state = 0, message = "扫码登录失败" });
|
|
|
- }
|
|
|
-
|
|
|
- var DDbind = v2GetResponse.Result;
|
|
|
-
|
|
|
- DingDingbinds dingDingBind = new DingDingbinds
|
|
|
- {
|
|
|
- type = type,
|
|
|
- deptIdList = DDbind.DeptIdList,
|
|
|
- title = DDbind.Title,
|
|
|
- name = DDbind.Name,
|
|
|
- unionid = DDbind.Unionid,
|
|
|
- userid = DDbind.Userid,
|
|
|
- };
|
|
|
-
|
|
|
- Teacher teacher = null;
|
|
|
- string sql = $"select distinct value(c) from c join A1 in c.ddbinds where A1.userid='{dingDingBind.userid}' AND A1.unionid ='{dingDingBind.unionid}'";
|
|
|
- await foreach (var item in _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "Teacher").GetItemQueryIterator<Teacher>(queryText: sql, requestOptions: new QueryRequestOptions() { PartitionKey = new PartitionKey($"Base") }))
|
|
|
- {
|
|
|
- teacher = item;
|
|
|
- break;
|
|
|
- }
|
|
|
- if (teacher == null)
|
|
|
- {
|
|
|
- return Ok(new { state = 1, dingDingBind });
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- var clientID = _configuration.GetValue<string>("HaBookAuth:CoreService:clientID");
|
|
|
- var location = _option.Location;
|
|
|
- TmdidImplicit implicit_token = await _aoreAPIHttpService.Implicit(
|
|
|
- new Dictionary<string, string>()
|
|
|
- {
|
|
|
- { "grant_type", "implicit" },
|
|
|
- { "client_id",clientID },
|
|
|
- { "account",teacher.id },
|
|
|
- { "nonce",Guid.NewGuid().ToString()}
|
|
|
- }, location, _configuration);
|
|
|
-
|
|
|
- Dictionary<string, object> dic = new Dictionary<string, object> { { "PartitionKey", "authority-bi" } };//设置只访问BI的权限
|
|
|
- var table = _azureStorage.GetCloudTableClient().GetTableReference("SchoolSetting");
|
|
|
- List<Authority> authorityBIList = await table.FindListByDict<Authority>(dic); //获取权限列表
|
|
|
-
|
|
|
- if (implicit_token!=null)
|
|
|
- {
|
|
|
- var ddbind = teacher.ddbinds.Find(x => x.userid.Equals($"{dingDingBind.userid}") && x.unionid.Equals($"{dingDingBind.unionid}"));
|
|
|
- if (ddbind != null)
|
|
|
- {
|
|
|
- List<string> roles = new List<string>();//角色列表
|
|
|
- List<string> permissions = new List<string>();//权限列表
|
|
|
- List<string> depts = new List<string>(); //部门id
|
|
|
- School school_base = new School();
|
|
|
- string school_code = null;
|
|
|
- if (teacher.defaultSchool != null)
|
|
|
- {
|
|
|
- var schoolRoles = await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemStreamAsync(teacher.id, new PartitionKey($"Teacher-{teacher.defaultSchool}"));
|
|
|
- if (schoolRoles.Status == 200)
|
|
|
- {
|
|
|
- using var json = await JsonDocument.ParseAsync(schoolRoles.ContentStream);
|
|
|
- if (json.RootElement.TryGetProperty("roles", out JsonElement _roles) && _roles.ValueKind != JsonValueKind.Null)
|
|
|
- {
|
|
|
- foreach (var obj in _roles.EnumerateArray())
|
|
|
- {
|
|
|
- if (obj.GetString().Equals("assist"))
|
|
|
- {
|
|
|
- roles.Add(obj.GetString());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- if (json.RootElement.TryGetProperty("permissions", out JsonElement _permissions) && _permissions.ValueKind != JsonValueKind.Null)
|
|
|
- {
|
|
|
- foreach (var obj in _permissions.EnumerateArray())
|
|
|
- {
|
|
|
- foreach (var item in authorityBIList)
|
|
|
- {
|
|
|
- if (item.RowKey.Equals(obj.GetString()))
|
|
|
- {
|
|
|
- permissions.Add(obj.GetString());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- school_base = await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemAsync<School>($"{teacher.defaultSchool}", new PartitionKey("Base"));
|
|
|
- //foreach (var period in school_base.period)
|
|
|
- //{
|
|
|
- // try
|
|
|
- // {
|
|
|
- // await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemAsync<ItemCond>($"{period.id}", new PartitionKey($"ItemCond-{teacher.defaultSchool}"));
|
|
|
- // }
|
|
|
- // catch (CosmosException)
|
|
|
- // {
|
|
|
- // ItemCond itemCond = new ItemCond
|
|
|
- // {
|
|
|
- // id = period.id,
|
|
|
- // pk = "ItemCond",
|
|
|
- // code = $"ItemCond-{teacher.defaultSchool}",
|
|
|
- // ttl = -1,
|
|
|
- // };
|
|
|
- // await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").CreateItemAsync<ItemCond>(itemCond, new PartitionKey($"ItemCond-{teacher.defaultSchool}"));
|
|
|
- // }
|
|
|
- //}
|
|
|
- school_code = teacher.defaultSchool;
|
|
|
- }
|
|
|
-
|
|
|
- foreach (var temp in ddbind.deptIdList)
|
|
|
- {
|
|
|
- depts.Add(temp.ToString());
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
- return Ok(new { state = 200, teacher = teacher, id_token = implicit_token.id_token, access_token = implicit_token.access_token, expires_in = implicit_token.expires_in, token_type = implicit_token.token_type });
|
|
|
- }
|
|
|
- }
|
|
|
- return Ok(new { state = 1, dingdinginfo = dingDingBind });
|
|
|
- }
|
|
|
- }
|
|
|
- catch (Exception e)
|
|
|
- {
|
|
|
- return Ok(new { state = 1, message = "code失效" });
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- /// <summary>
|
|
|
- /// 依据id_Ttoken获取教师信息
|
|
|
- /// </summary>
|
|
|
- /// <param name="jsonElement"></param>
|
|
|
- /// <returns></returns>
|
|
|
- [ProducesDefaultResponseType]
|
|
|
- [HttpPost("get-teacherinfo")]
|
|
|
- public async Task<IActionResult> GetTeacherInfo(JsonElement jsonElement)
|
|
|
- {
|
|
|
- try
|
|
|
- {
|
|
|
- if (!jsonElement.TryGetProperty("id_token", out JsonElement id_token)) return BadRequest();
|
|
|
- var jwt = new JwtSecurityToken(id_token.GetString());
|
|
|
- //TODO 此驗證IdToken先簡單檢查,後面需向Core ID新API,驗證Token
|
|
|
- //if (!jwt.Payload.Iss.Equals("account.teammodel", StringComparison.OrdinalIgnoreCase)) return BadRequest();
|
|
|
- var id = jwt.Payload.Sub;
|
|
|
- jwt.Payload.TryGetValue("name", out object name);
|
|
|
- jwt.Payload.TryGetValue("picture", out object picture);
|
|
|
-
|
|
|
- Teacher teacher = null;
|
|
|
-
|
|
|
- //检查是否有绑定信息
|
|
|
- var client = _azureCosmos.GetCosmosClient();
|
|
|
- teacher = await client.GetContainer(Constant.TEAMModelOS, "Teacher").ReadItemAsync<Teacher>($"{id}", new PartitionKey("Base"));
|
|
|
- var auth_token = "";
|
|
|
-
|
|
|
- var clientID = _configuration.GetValue<string>("HaBookAuth:CoreService:clientID");
|
|
|
- var location = _option.Location;
|
|
|
- TmdidImplicit implicit_token = await _aoreAPIHttpService.Implicit(
|
|
|
- new Dictionary<string, string>()
|
|
|
- {
|
|
|
- { "grant_type", "implicit" },
|
|
|
- { "client_id",clientID },
|
|
|
- { "account",teacher.id },
|
|
|
- { "nonce",Guid.NewGuid().ToString()}
|
|
|
- }, location, _configuration);
|
|
|
-
|
|
|
- Dictionary<string, object> dic = new Dictionary<string, object> { { "PartitionKey", "authority-bi" } };//设置只访问BI的权限
|
|
|
- var table = _azureStorage.GetCloudTableClient().GetTableReference("SchoolSetting");
|
|
|
- List<Authority> authorityBIList = await table.FindListByDict<Authority>(dic); //获取权限列表
|
|
|
-
|
|
|
- List<string> roles = new List<string>();//角色列表
|
|
|
- List<string> permissions = new List<string>();//权限列表
|
|
|
- List<string> depts = new List<string>(); //部门id
|
|
|
- School school_base = new School();
|
|
|
- string school_code = null;
|
|
|
-
|
|
|
- if (implicit_token!=null)
|
|
|
- {
|
|
|
-
|
|
|
- if (teacher.defaultSchool != null)
|
|
|
- {
|
|
|
- var schoolRoles = await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemStreamAsync(teacher.id, new PartitionKey($"Teacher-{teacher.defaultSchool}"));
|
|
|
- if (schoolRoles.Status == 200)
|
|
|
- {
|
|
|
- using var json = await JsonDocument.ParseAsync(schoolRoles.ContentStream);
|
|
|
- if (json.RootElement.TryGetProperty("roles", out JsonElement _roles) && _roles.ValueKind != JsonValueKind.Null)
|
|
|
- {
|
|
|
- foreach (var obj in _roles.EnumerateArray())
|
|
|
- {
|
|
|
- //初始定义顾问的assistant 更改为assist
|
|
|
- if (obj.GetString().Equals($"assist"))
|
|
|
- {
|
|
|
- roles.Add(obj.GetString());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- if (json.RootElement.TryGetProperty("permissions", out JsonElement _permissions) && _permissions.ValueKind != JsonValueKind.Null)
|
|
|
- {
|
|
|
- foreach (var obj in _permissions.EnumerateArray())
|
|
|
- {
|
|
|
- //限制只显示BI权限
|
|
|
- foreach (var aut in authorityBIList)
|
|
|
- {
|
|
|
- if (aut.RowKey.Equals(obj.GetString()))
|
|
|
- {
|
|
|
- permissions.Add(obj.GetString());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- school_base = await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemAsync<School>($"{teacher.defaultSchool}", new PartitionKey("Base"));
|
|
|
- //foreach (var period in school_base.period)
|
|
|
- //{
|
|
|
- // try
|
|
|
- // {
|
|
|
- // await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").ReadItemAsync<ItemCond>($"{period.id}", new PartitionKey($"ItemCond-{teacher.defaultSchool}"));
|
|
|
- // }
|
|
|
- // catch (CosmosException)
|
|
|
- // {
|
|
|
- // ItemCond itemCond = new ItemCond
|
|
|
- // {
|
|
|
- // id = period.id,
|
|
|
- // pk = "ItemCond",
|
|
|
- // code = $"ItemCond-{teacher.defaultSchool}",
|
|
|
- // ttl = -1,
|
|
|
- // };
|
|
|
- // await _azureCosmos.GetCosmosClient().GetContainer(Constant.TEAMModelOS, "School").CreateItemAsync<ItemCond>(itemCond, new PartitionKey($"ItemCond-{teacher.defaultSchool}"));
|
|
|
- // }
|
|
|
- //}
|
|
|
- school_code = teacher.defaultSchool;
|
|
|
- }
|
|
|
- List<Teacher.DingDingBind> ddbinds = teacher.ddbinds;
|
|
|
- Teacher.DingDingBind ddbind = new Teacher.DingDingBind();
|
|
|
- if (teacher.ddbinds.Count > 0)
|
|
|
- {
|
|
|
- if (ddbinds != null)
|
|
|
- {
|
|
|
- foreach (var temp in ddbinds)
|
|
|
- {
|
|
|
- ddbind.userid = temp.userid;
|
|
|
- ddbind.deptIdList = temp.deptIdList;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- foreach (var temp in ddbind.deptIdList)
|
|
|
- {
|
|
|
- depts.Add(temp.ToString());
|
|
|
- }
|
|
|
- }
|
|
|
- else return Ok(new { state = 1, message = "该账户未绑定钉钉信息!请扫码绑定信息!" });
|
|
|
-
|
|
|
- }
|
|
|
-
|
|
|
- var (osblob_uri, osblob_sas) = roles.Contains("area") ? _azureStorage.GetBlobContainerSAS("teammodelos", BlobContainerSasPermissions.Write | BlobContainerSasPermissions.Read | BlobContainerSasPermissions.List | BlobContainerSasPermissions.Delete) : _azureStorage.GetBlobContainerSAS("teammodelos", BlobContainerSasPermissions.Read | BlobContainerSasPermissions.List);
|
|
|
-
|
|
|
- return Ok(new { state = 200, auth_token = auth_token, teacher = teacher, id_token = implicit_token.id_token, access_token = implicit_token.access_token, expires_in = implicit_token.expires_in, token_type = implicit_token.token_type, osblob_uri, osblob_sas });
|
|
|
-
|
|
|
- }
|
|
|
- catch (Exception ex)
|
|
|
- {
|
|
|
- await _dingDing.SendBotMsg($"BI,{_option.Location}, /common/login/get-teacherinfo \n{ex.Message}{ex.StackTrace}", GroupNames.成都开发測試群組);
|
|
|
- return BadRequest();
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
/// <summary>
|
|
|
/// 钉钉扫码登录获取扫码信息
|
|
|
/// </summary>
|
Li