| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 |
- using Microsoft.AspNetCore.Builder;
- using Microsoft.AspNetCore.Hosting;
- using Microsoft.AspNetCore.HttpsPolicy;
- using Microsoft.AspNetCore.Mvc;
- using Microsoft.Extensions.Configuration;
- using Microsoft.Extensions.DependencyInjection;
- using Microsoft.Extensions.Hosting;
- using Microsoft.Extensions.Logging;
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Threading.Tasks;
- using TEAMModelOS.Models;
- using TEAMModelOS.SDK.DI;
- using System.IdentityModel.Tokens.Jwt;
- using Microsoft.AspNetCore.Authentication.JwtBearer;
- using Microsoft.IdentityModel.Tokens;
- using TEAMModelOS.Filter;
- using TEAMModelOS.SDK.Helper.Common.ReflectorExtensions;
- using System.Reflection;
- using TEAMModelOS.SDK.Extension;
- using TEAMModelOS.SDK;
- using TEAMModelOS.SDK.Models;
- namespace TEAMModelAPI
- {
- public class Startup
- {
- readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
- public Startup(IConfiguration configuration)
- {
- Configuration = configuration;
- }
- public IConfiguration Configuration { get; }
- // This method gets called by the runtime. Use this method to add services to the container.
- public void ConfigureServices(IServiceCollection services)
- {
-
- JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
- services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme)
- .AddJwtBearer(options => //AzureADJwtBearer
- {
- //options.SaveToken = true; //驗證令牌由服務器生成才有效,不適用於服務重啟或分布式架構
- options.Authority = Configuration["Option:Authority"];
- options.Audience = Configuration["Option:Audience"];
- options.RequireHttpsMetadata = true;
- options.TokenValidationParameters = new TokenValidationParameters
- {
- RoleClaimType = "roles",
- ValidAudiences = new string[] { Configuration["Option:Audience"], $"api://{Configuration["Option:Audience"]}" }
- };
- options.Events = new JwtBearerEvents();
- //下列事件有需要紀錄則打開
- //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); };
- //options.Events.OnForbidden = async context => { await Task.FromResult(0); };
- //options.Events.OnChallenge = async context => { await Task.FromResult(0); };
- //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); };
- options.Events.OnTokenValidated = async context =>
- {
- if (!context.Principal.Claims.Any(x => x.Type.Equals("http://schemas.microsoft.com/identity/claims/scope")) //ClaimConstants.Scope
- && !context.Principal.Claims.Any(y => y.Type .Equals("roles"))) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role
- {
- //TODO 需處理額外授權非角色及範圍的訪問異常紀錄
- throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
- }
- await Task.FromResult(0);
- };
- });
- //設定跨域請求
- services.AddCors(options =>
- {
- options.AddPolicy(MyAllowSpecificOrigins,
- builder =>
- {
- builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn",
- "https://www.teammodel.cn", "https://localhost:5001",
- "http://localhost:5000", "http://localhost:64524",
- "https://localhost:44341", "https://localhost:8888", "http://localhost:8888")
- .AllowAnyHeader()
- .AllowAnyMethod();
- });
- });
- services.AddControllers().AddJsonOptions(options => { options.JsonSerializerOptions.IgnoreNullValues = false; });
- services.AddAzureStorage(Configuration.GetValue<string>("Azure:Storage:ConnectionString"));
- services.AddAzureRedis(Configuration.GetValue<string>("Azure:Redis:ConnectionString"));
- services.AddAzureCosmos(Configuration.GetValue<string>("Azure:Cosmos:ConnectionString"));
- services.AddAzureServiceBus(Configuration.GetValue<string>("Azure:ServiceBus:ConnectionString"));
- services.AddMemoryCache();
- services.AddSnowflakeId(Convert.ToInt64(Configuration.GetValue<string>("Option:LocationNum")), 1);
- services.AddHttpClient();
- services.AddHttpClient<DingDing>();
- services.AddCoreAPIHttpService(Configuration);
- //HttpContextAccessor,并用来访问HttpContext。(提供組件或非控制器服務存取HttpContext)
- services.AddHttpContextAccessor();
- services.Configure<Option>(options => Configuration.GetSection("Option").Bind(options));
-
- }
- // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env,AzureStorageFactory azureStorage)
- {
- if (env.IsDevelopment())
- {
- app.UseDeveloperExceptionPage();
- }
- app.UseHttpsRedirection();
- app.UseRouting();
- app.UseCors(MyAllowSpecificOrigins); //使用跨域設定
- app.UseAuthentication();
- app.UseAuthorization();
- app.UseEndpoints(endpoints =>
- {
- endpoints.MapControllers();
- });
- #if DEBUG
- //在开发模式时,自检 [ApiToken(Auth = "1")] 有重复的接口 https://teammodelos.table.core.chinacloudapi.cn/IESOpenApi
- List<ApiTokenAttribute> auths = new List<ApiTokenAttribute>();
- List<Attribute> attributes = ReflectorExtensions.GetMethodCustomAttribute<ApiTokenAttribute>(new string[] { "TEAMModelAPI" });
- List<OpenApi> openApis = new List<OpenApi>();
- attributes.ForEach(x => {
- ApiTokenAttribute attribute = (ApiTokenAttribute)x;
- openApis.Add(new OpenApi {
- PartitionKey="IES5-API",
- RowKey= attribute.Auth,
- auth=int.Parse(attribute.Auth),
- // descr=attribute.Name,
- method="POST",
- name=attribute.Name,
-
- });
- auths.Add(attribute);
- });
-
- auths.GroupBy(x => x.Auth).ToList().ForEach(x => {
- if (x.Count() > 1)
- {
- throw new Exception($"接口Auth重复定义{x.ToList()}");
- }
- });
- var table = azureStorage.GetCloudTableClient().GetTableReference("IESOpenApi");
- #endif
- }
- }
- }
|
