TEAMModelOS/TEAMModelBI/Tool/Extension/JwtAuth.cs

using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using TEAMModelOS.SDK.Models.Cosmos.BI;

namespace TEAMModelBI.Models.Extension
{
    public static class JwtAuth
    {
        /// <summary>
        /// BI AuthToken
        /// </summary>
        /// <param name="issuser">站点</param>
        /// <param name="id">醍摩豆ID</param>
        /// <param name="name">醍摩豆名称</param>
        /// <param name="picture">醍摩豆头像</param>
        /// <param name="salt">秘钥</param>
        /// <param name="scope">范围</param>
        /// <param name="Website">平台</param>
        /// <param name="isExploit">是否是工程模式</param>
        /// <param name="did">钉钉Id</param>
        /// <param name="dname">钉钉名称</param>
        /// <param name="dpicture">钉钉头像</param>
        /// <param name="roles">角色</param>
        /// <param name="permissions">权限</param>
        /// <param name="expire">到期时间</param>
        /// <returns></returns>
        public static string CreateAuthTokenBI(string issuser, string id, string name, string picture, string salt, string scope, string webSite, bool isex = false, string did = null, string dname = null, string dpicture = null, string[] roles = null, string[] permissions = null, int expire = 1)
        {
            var payload = new JwtPayload
            {
                { JwtRegisteredClaimNames.Iss,issuser}, //发行者
                { JwtRegisteredClaimNames.Sub,id},   //用户ID
                { JwtRegisteredClaimNames.Azp,isex}, //是否是开发部的
                { JwtRegisteredClaimNames.Exp,DateTimeOffset.UtcNow.AddHours(expire).ToUnixTimeSeconds().ToString()},//到期时间
                { "name",name},//用户显示名称
                { "picture",picture}, // 用户头像
                { "roles",roles}, //登陆者的角色， (admin、assist) 
                { "permissions",permissions}, //登陆者的权限
                { "ddsub",did } ,  //登陆者的钉钉用户id
                { "ddname",dname } ,  //登陆者的钉钉用户名称
                { "ddpicture",dpicture },  //登陆者的钉钉用户头像
                { "scope",scope}, //
                { JwtRegisteredClaimNames.Website,webSite}, // 平台站点
            };

            // 建立加密的秘钥
            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(salt));
            // HmacSha256 有要求必须要大于 128 bits，所以 salt 不能太短，至少要 16 字元以上
            // https://stackoverflow.com/questions/47279947/idx10603-the-algorithm-hs256-requires-the-securitykey-keysize-to-be-greater
            //var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
            var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
            var header = new JwtHeader(signingCredentials);
            var secToken = new JwtSecurityToken(header, payload);
            // 產出所需要的 JWT securityToken 物件，並取得序列化後的 Token 結果(字串格式)
            var tokenHandler = new JwtSecurityTokenHandler();
            //var securityToken = tokenHandler.CreateToken(tokenDescriptor);
            var serializeToken = tokenHandler.WriteToken(secToken);
            return serializeToken;
        }

        /// <summary>
        /// 应用审核后生成的JwtKey秘钥
        /// </summary>
        /// <param name="issuser">站点</param>
        /// <param name="salt">加密秘钥</param>
        /// <param name="appCompany">应用信息</param>
        /// <returns></returns>
        public static string CreateApplyJwtKeyBI(string issuser, string salt, AppCompany appCompany) 
        {
            var payload = new JwtPayload
            {
                { JwtRegisteredClaimNames.Iss,issuser}, //发布站点
                { JwtRegisteredClaimNames.Sub,appCompany.id},      //应用ID
                { JwtRegisteredClaimNames.Aud,appCompany.code},    //应用Code
                { JwtRegisteredClaimNames.Iat,DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString()},    //秘钥发布时间
                { JwtRegisteredClaimNames.Exp,appCompany.expiresTime},    //应用到期时间
                { JwtRegisteredClaimNames.Azp,appCompany.pk},     //企业pk
                { "name",appCompany.name},   //应用名称
                { "type",appCompany.type},   //类型  1应用类型
                { "picture",appCompany.picture},  //应用头像
                { "status",appCompany.status},    //应用状态 -1内测中，0已下架，1已上架
                { "audit",appCompany.audit},      //应用审核状态 
                { "gateways",appCompany.gateways},  //应用的回调网关
                { "apis",appCompany.apis},        //开放接口申请状态
                { "webhook",appCompany.webhookDomain},  //企业默认的通知回调地址
                { "webHooks",appCompany.webHooks}, //开放平台 通知回调地址
                {"schools",appCompany.schools },    //开放学校
            };

            // 建立加密的秘钥
            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(salt));
            // HmacSha256 有要求必须要大于 128 bits，所以 salt 不能太短，至少要 16 字元以上
            // https://stackoverflow.com/questions/47279947/idx10603-the-algorithm-hs256-requires-the-securitykey-keysize-to-be-greater
            //var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
            var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
            var header = new JwtHeader(signingCredentials);
            var secToken = new JwtSecurityToken(header, payload);
            // 产出所需要的 JWT securityToken 物件，并取得序列化后的 Token 结果(字串格式)
            var tokenHandler = new JwtSecurityTokenHandler();
            //var securityToken = tokenHandler.CreateToken(tokenDescriptor);
            var serializeToken = tokenHandler.WriteToken(secToken);

            return serializeToken;
        }

    }
}