using System.Text;
using DS.Module.Core;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using NLog;
namespace DS.Module.Jwt;
///
/// Jwt 服务
///
public static class JwtInstall
{
static readonly Logger Logger = LogManager.GetCurrentClassLogger();
///
/// 将模块服务添加到依赖注入服务容器中
///
/// 依赖注入服务容器
///
public static IServiceCollection AddJwtInstall(this IServiceCollection services)
{
// 添加验证服务
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
// 是否开启签名认证
ValidateIssuerSigningKey = true,
IssuerSigningKey =
new SymmetricSecurityKey(
Encoding.ASCII.GetBytes(AppSetting.Configuration["JwtSettings:SecretKey"])),
// 发行人验证,这里要和token类中Claim类型的发行人保持一致
ValidateIssuer = true,
ValidIssuer = AppSetting.Configuration["JwtSettings:Issuer"], //发行人
// 接收人验证
ValidateAudience = true,
ValidAudience = AppSetting.Configuration["JwtSettings:Audience"], //订阅人
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
o.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
Logger.Log(LogLevel.Info,
"当前headers:" + JsonConvert.SerializeObject(context.HttpContext.Request.Headers));
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
}
};
});
return services;
}
}