zhibinlv
/
FIS1.5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
2 Branches
0 Tags
216 MiB
Tree: 8621f20ace
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8621f20ace'
${ noResults }
FIS1.5/src/AuthServer/AuthServer.Host/AuthServerDataSeeder.cs

256 lines
9.1 KiB
Raw Normal View History

FIS1.5第一次提交
2 years ago
using IdentityServer4.Models;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Data;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Guids;
using Volo.Abp.Identity;
using Volo.Abp.IdentityServer.ApiResources;
using Volo.Abp.IdentityServer.ApiScopes;
using Volo.Abp.IdentityServer.Clients;
using Volo.Abp.IdentityServer.IdentityResources;
using Volo.Abp.PermissionManagement;
using Volo.Abp.Uow;
using ApiResource = Volo.Abp.IdentityServer.ApiResources.ApiResource;
using ApiScope = Volo.Abp.IdentityServer.ApiScopes.ApiScope;
using Client = Volo.Abp.IdentityServer.Clients.Client;
namespace AuthServer.Host
{
public class AuthServerDataSeeder : IDataSeedContributor, ITransientDependency
{
private readonly IApiResourceRepository _apiResourceRepository;
private readonly IApiScopeRepository _apiScopeRepository;
private readonly IClientRepository _clientRepository;
private readonly IIdentityResourceDataSeeder _identityResourceDataSeeder;
private readonly IGuidGenerator _guidGenerator;
private readonly IPermissionDataSeeder _permissionDataSeeder;
public AuthServerDataSeeder(
IClientRepository clientRepository,
IApiResourceRepository apiResourceRepository,
IApiScopeRepository apiScopeRepository,
IIdentityResourceDataSeeder identityResourceDataSeeder,
IGuidGenerator guidGenerator,
IPermissionDataSeeder permissionDataSeeder)
{
_clientRepository = clientRepository;
_apiResourceRepository = apiResourceRepository;
_apiScopeRepository = apiScopeRepository;
_identityResourceDataSeeder = identityResourceDataSeeder;
_guidGenerator = guidGenerator;
_permissionDataSeeder = permissionDataSeeder;
}
[UnitOfWork]
public virtual async Task SeedAsync(DataSeedContext context)
{
await _identityResourceDataSeeder.CreateStandardResourcesAsync();
await CreateApiResourcesAsync();
await CreateApiScopesAsync();
await CreateClientsAsync();
}
private async Task CreateApiScopesAsync()
{
await CreateApiScopeAsync("BaseService");
await CreateApiScopeAsync("InternalGateway");
await CreateApiScopeAsync("WebAppGateway");
await CreateApiScopeAsync("TenantService");
await CreateApiScopeAsync("BusinessService");
await CreateApiScopeAsync("FileStorageService");
await CreateApiScopeAsync("IdentityService");
await CreateApiScopeAsync("SettleAccount");
}
private async Task CreateApiResourcesAsync()
{
var commonApiUserClaims = new[]
{
"email",
"email_verified",
"name",
"user_name",
"phone_number",
"phone_number_verified",
"role"
};
await CreateApiResourceAsync("IdentityService", commonApiUserClaims);
await CreateApiResourceAsync("BaseService", commonApiUserClaims);
await CreateApiResourceAsync("InternalGateway", commonApiUserClaims);
await CreateApiResourceAsync("WebAppGateway", commonApiUserClaims);
await CreateApiResourceAsync("TenantService", commonApiUserClaims);
await CreateApiResourceAsync("BusinessService", commonApiUserClaims);
await CreateApiResourceAsync("FileStorageService", commonApiUserClaims);
await CreateApiResourceAsync("SettleAccount", commonApiUserClaims);
}
private async Task<ApiResource> CreateApiResourceAsync(string name, IEnumerable<string> claims)
{
var apiResource = await _apiResourceRepository.FindByNameAsync(name);
if (apiResource == null)
{
apiResource = await _apiResourceRepository.InsertAsync(
new ApiResource(
_guidGenerator.Create(),
name,
name + " API"
),
autoSave: true
);
}
foreach (var claim in claims)
{
if (apiResource.FindClaim(claim) == null)
{
apiResource.AddUserClaim(claim);
}
}
return await _apiResourceRepository.UpdateAsync(apiResource);
}
private async Task<ApiScope> CreateApiScopeAsync(string name)
{
var apiScope = await _apiScopeRepository.GetByNameAsync(name);
if (apiScope == null)
{
apiScope = await _apiScopeRepository.InsertAsync(
new ApiScope(
_guidGenerator.Create(),
name,
name + " API"
),
autoSave: true
);
}
return apiScope;
}
private async Task CreateClientsAsync()
{
var commonScopes = new[]
{
"email",
"username",
"name",
"openid",
"profile",
"role",
"phone",
"address"
};
await CreateClientAsync(
"basic-web",
new[] { "IdentityService", "BaseService", "WebAppGateway", "FileStorageService", "TenantService", "BusinessService", "SettleAccount" },
new[] { "password" },
"1q2w3e*".Sha256()
);
//BaseDataService
await CreateClientAsync(
"business-app",
new[] { "InternalGateway", "IdentityService", "BaseService", "FileStorageService", "SettleAccount" },
new[] { "client_credentials" },
"1q2w3e*".Sha256(),
permissions: new[] { IdentityPermissions.Users.Default }
);
//FileStorge
await CreateClientAsync(
"file-app",
new[] { "InternalGateway", "IdentityService", "BaseService", "BaseDataService", "BusinessService" },
new[] { "client_credentials" },
"1q2w3e*".Sha256(),
permissions: new[] { IdentityPermissions.Users.Default }
);
}
private async Task<Client> CreateClientAsync(
string name,
IEnumerable<string> scopes,
IEnumerable<string> grantTypes,
string secret,
string redirectUri = null,
string postLogoutRedirectUri = null,
IEnumerable<string> permissions = null)
{
var client = await _clientRepository.FindByClientIdAsync(name);
if (client == null)
{
client = await _clientRepository.InsertAsync(
new Client(
_guidGenerator.Create(),
name
)
{
ClientName = name,
ProtocolType = "oidc",
Description = name,
AlwaysIncludeUserClaimsInIdToken = true,
AllowOfflineAccess = true,
AbsoluteRefreshTokenLifetime = 31536000, //365 days
AccessTokenLifetime = 31536000, //365 days
AuthorizationCodeLifetime = 300,
IdentityTokenLifetime = 300,
RequireConsent = false
},
autoSave: true
);
}
foreach (var scope in scopes)
{
if (client.FindScope(scope) == null)
{
client.AddScope(scope);
}
}
foreach (var grantType in grantTypes)
{
if (client.FindGrantType(grantType) == null)
{
client.AddGrantType(grantType);
}
}
if (client.FindSecret(secret) == null)
{
client.AddSecret(secret);
}
if (redirectUri != null)
{
if (client.FindRedirectUri(redirectUri) == null)
{
client.AddRedirectUri(redirectUri);
}
}
if (postLogoutRedirectUri != null)
{
if (client.FindPostLogoutRedirectUri(postLogoutRedirectUri) == null)
{
client.AddPostLogoutRedirectUri(postLogoutRedirectUri);
}
}
if (permissions != null)
{
await _permissionDataSeeder.SeedAsync(
ClientPermissionValueProvider.ProviderName,
name,
permissions
);
}
return await _clientRepository.UpdateAsync(client);
}
}
}