優化 CreateAuthToken

TEAMModelOS.SDK/Extension/JwtAuthExtension.cs

@@ -17,52 +17,29 @@ namespace TEAMModelOS.SDK.Extension
     {
         public static string CreateAuthToken(string issuer, string id,string name,string picture, string salt, string schoolID = "", string[] roles = null, string[] permissions = null, int expire = 1)
         {
-            // 設定要加入到 JWT Token 中的聲明資訊(Claims)
-            var claims = new List<Claim>();
-            // 在 RFC 7519 規格中(Section#4)，總共定義了 7 個預設的 Claims
-            claims.Add(new Claim(JwtRegisteredClaimNames.Iss, issuer)); //發行者
-            claims.Add(new Claim(JwtRegisteredClaimNames.Sub, id)); // 用戶ID  
-            claims.Add(new Claim("name", name)); // 用戶的顯示名稱
-            claims.Add(new Claim("picture", picture)); // 用戶頭像
-            claims.Add(new Claim(JwtRegisteredClaimNames.Azp, schoolID)); // 學校簡碼，如果有的話
-            claims.Add(new Claim(JwtRegisteredClaimNames.Exp, DateTimeOffset.UtcNow.AddHours(expire).ToUnixTimeSeconds().ToString())); // 到期的時間，必須為數字
-
-            // 擴充 "roles" 加入登入者的角色，角色類型 (USER、HABOOK) 
-            if (roles != null)
-            {
-                foreach (var role in roles)
-                {
-                    claims.Add(new Claim("roles", role));
-                }
-            }
-
-            // 擴充 "permissions" 加入登入者的權限請求
-            if (permissions != null)
-            {
-                foreach (var role in permissions)
-                {
-                    claims.Add(new Claim("permissions", role));
-                }
-            }
+            // 設定要加入到 JWT Token 中的聲明資訊(Claims)  
+            var payload = new JwtPayload {
+                { JwtRegisteredClaimNames.Iss, issuer }, //發行者
+                { JwtRegisteredClaimNames.Sub, id }, // 用戶ID                  
+                { JwtRegisteredClaimNames.Azp,schoolID}, // 學校簡碼，如果有的話
+                { JwtRegisteredClaimNames.Exp,DateTimeOffset.UtcNow.AddHours(expire).ToUnixTimeSeconds().ToString()},  // 到期的時間，必須為數字
+                { "name",name}, // 用戶的顯示名稱
+                { "picture",picture}, // 用戶頭像
+                { "roles",roles}, // 登入者的角色，角色類型 (Admin、Teacher、Student) 
+                { "permissions",permissions} //登入者的權限請求
+            };
 
             // 建立一組對稱式加密的金鑰，主要用於 JWT 簽章之用
             var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(salt));
             // HmacSha256 有要求必須要大於 128 bits，所以 salt 不能太短，至少要 16 字元以上
             // https://stackoverflow.com/questions/47279947/idx10603-the-algorithm-hs256-requires-the-securitykey-keysize-to-be-greater
             var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
-            // 建立 SecurityTokenDescriptor
-            var tokenDescriptor = new SecurityTokenDescriptor
-            {
-                Issuer = issuer,
-                Subject = new ClaimsIdentity(claims),
-                Expires = DateTime.Now.AddHours(expire),
-                SigningCredentials = signingCredentials
-            };
-
+            var header = new JwtHeader(signingCredentials);
+            var secToken = new JwtSecurityToken(header, payload);
             // 產出所需要的 JWT securityToken 物件，並取得序列化後的 Token 結果(字串格式)
             var tokenHandler = new JwtSecurityTokenHandler();
-            var securityToken = tokenHandler.CreateToken(tokenDescriptor);
-            var serializeToken = tokenHandler.WriteToken(securityToken);
+            //var securityToken = tokenHandler.CreateToken(tokenDescriptor);
+            var serializeToken = tokenHandler.WriteToken(secToken);
 
             return serializeToken;
         }

TEAMModelOS/Controllers/Client/HiTeachController.cs

@@ -138,12 +138,9 @@ namespace TEAMModelOS.Controllers.Client
 
                 
         [ProducesDefaultResponseType]
-        [HttpPost("get-school-info")]
-        [AuthToken(Roles = "Admin,Teacher", Permissions = "classroom-read,classroom-upd")]
+        [HttpPost("get-school-info")]       
         public async Task<IActionResult> GetSchoolInfo(JsonElement requert)
-        {
-            //var (id, school) = HttpContext.GetAuthTokenInfo(); //此API有設置權杖，需要取得權杖使用者id及當前學校代碼(學校不一定有)
-            
+        {   
             if (!requert.TryGetProperty("id_token", out JsonElement id_token)) return BadRequest();
             if (!requert.TryGetProperty("school_code", out JsonElement school_code)) return BadRequest();            
             var jwt = new JwtSecurityToken(id_token.GetString());
@@ -191,8 +188,11 @@ namespace TEAMModelOS.Controllers.Client
         [HttpPost("get-students-list")]
         public async Task<IActionResult> GetStudentsList(JsonElement requert)
         {
-            if (!requert.TryGetProperty("class_code", out JsonElement id_token)) return BadRequest();
+            if (!requert.TryGetProperty("id_token", out JsonElement id_token)) return BadRequest();
+            if (!requert.TryGetProperty("grant_type", out JsonElement grant_type)) return BadRequest();           
+            if (!requert.TryGetProperty("class_code", out JsonElement class_code)) return BadRequest();
             if (!requert.TryGetProperty("school_code", out JsonElement school_code)) return BadRequest();
+            
             List<object> students = new List<object>();
             return Ok(new { students });
         }

TEAMModelOS/Controllers/Teacher/InitController.cs

@@ -55,8 +55,7 @@ namespace TEAMModelOS.Controllers
         }
 
         //TODO 此API需處理對應前端返回的相關數據
-        [ProducesDefaultResponseType]
-        //[AuthToken(Roles = "Teacher")]
+        [ProducesDefaultResponseType]        
         [HttpPost("get-teacher-info")]
 
         public async Task<IActionResult> GetTeacherInfo(JsonElement request)
@@ -162,8 +161,7 @@ namespace TEAMModelOS.Controllers
         }
 
         //TODO 此API需處理對應前端返回的相關數據
-        [ProducesDefaultResponseType]
-        //[AuthToken(Roles = "Teacher")]
+        [ProducesDefaultResponseType]        
         [HttpPost("get-school-info")]
         public async Task<IActionResult> GetSchoolInfo(JsonElement requert)
         {