update .

TEAMModelBI/Controllers/OpenApi/OpenApiConfigController.cs

@@ -0,0 +1,73 @@
+using Azure.Cosmos;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Json;
+using System.Threading.Tasks;
+using TEAMModelOS.Filter;
+using TEAMModelOS.Models;
+using TEAMModelOS.SDK.DI;
+using TEAMModelOS.SDK.Extension;
+using TEAMModelOS.SDK.Models;
+using TEAMModelOS.SDK.Models.Cosmos;
+using TEAMModelOS.SDK.Models.Table;
+
+namespace TEAMModelBI.Controllers
+{
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
+    [Route("openapi-config")]
+    [ApiController]
+    public class OpenApiConfigController : ControllerBase
+    {
+        private readonly AzureCosmosFactory _azureCosmos;
+        private readonly AzureStorageFactory _azureStorage;
+        private readonly AzureRedisFactory _azureRedis;
+        private readonly DingDing _dingDing;
+        private readonly Option _option;
+        public OpenApiConfigController(AzureCosmosFactory azureCosmos, AzureStorageFactory azureStorage, AzureRedisFactory azureRedis, DingDing dingDing, IOptionsSnapshot<Option> option)
+        {
+
+            _azureCosmos = azureCosmos;
+            _azureStorage = azureStorage;
+            _azureRedis = azureRedis;
+            _dingDing = dingDing;
+            _option = option?.Value;
+        }
+        /// <summary>
+        /// {"id":"uuid","code":"hbcn学校编码"} 
+        /// </summary>
+        /// <param name="requert"></param>
+        /// <returns></returns>
+        [ProducesDefaultResponseType]
+        //[AuthToken(Roles = "admin")]
+        [HttpPost("create-token")]
+        //[Authorize(Roles = "IES")]
+        public async Task<IActionResult> CreateToken(JsonElement request)
+        {
+            try
+            {   if (!request.TryGetProperty("id", out JsonElement _id)) { return BadRequest(); }
+                var table = _azureStorage.GetCloudTableClient().GetTableReference("IESOpenApi");
+                List<BusinessConfig> configs = table.FindListByDictSync<BusinessConfig>(new Dictionary<string, object> { { "PartitionKey", $"BusinessConfig" }, { "RowKey", $"{_id}" } });
+                string jtw = "";
+                if (configs.Any()) {
+                    var auth_token = JwtAuthExtension.CreateBusinessApiToken(_option.HostName, configs[0].RowKey, _option.JwtSecretKey, "business");
+                    jtw = auth_token.jtw;
+                    configs[0].jti = auth_token.jti;
+                    await table.SaveOrUpdate<BusinessConfig>(configs[0]);
+                }
+               
+                return Ok(new {jtw  });
+            }
+            catch (Exception e)
+            {
+                await _dingDing.SendBotMsg($"OS，{_option.Location}，open-api/upsert()\n{e.Message}\n{e.StackTrace}\n{e.StackTrace}", GroupNames.醍摩豆服務運維群組);
+                return BadRequest();
+            }
+        }
+    }
+}

TEAMModelOS.SDK/Extension/JwtAuthExtension.cs

@@ -46,6 +46,40 @@ namespace TEAMModelOS.SDK.Extension
 
             return serializeToken;
         }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="issuer">颁发者</param>
+        /// <param name="id">第三方合作uuid</param>
+        /// <param name="salt"></param>
+        /// <param name="expire"></param>
+        /// <returns></returns>
+        public static (string jtw , string jti) CreateBusinessApiToken(string issuer, string id, string salt  ,string scope)
+        {
+            string jti = Guid.NewGuid().ToString();
+            // 設定要加入到 JWT Token 中的聲明資訊(Claims)  
+            var payload = new JwtPayload {
+                { JwtRegisteredClaimNames.Iss, issuer }, //發行者 iss: jwt签发者
+                { JwtRegisteredClaimNames.Sub, id }, // APPID sub: jwt所面向的用户
+                {JwtRegisteredClaimNames.Jti, jti},
+                { "scope",scope}
+            };
+
+            // 建立一組對稱式加密的金鑰，主要用於 JWT 簽章之用
+            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(salt));
+            // HmacSha256 有要求必須要大於 128 bits，所以 salt 不能太短，至少要 16 字元以上
+            // https://stackoverflow.com/questions/47279947/idx10603-the-algorithm-hs256-requires-the-securitykey-keysize-to-be-greater
+            var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
+            var header = new JwtHeader(signingCredentials);
+            var secToken = new JwtSecurityToken(header, payload);
+            // 產出所需要的 JWT securityToken 物件，並取得序列化後的 Token 結果(字串格式)
+            var tokenHandler = new JwtSecurityTokenHandler();
+            //var securityToken = tokenHandler.CreateToken(tokenDescriptor);
+            var serializeToken = tokenHandler.WriteToken(secToken);
+            return (serializeToken,jti);
+        }
+
         public static string CreateApiToken(string issuer, string id, string salt, string name, List<int> auth, string schoolID = "", int expire = 1)
         {