JWT的Token创建提取到Zero模块

SourceCode/Src/VberAdmin.Web.Core/Controllers/TokenAuthController.cs

@@ -4,11 +4,7 @@ using Abp.UI;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
-
 using VberAdmin.Authentication.External;
-using VberAdmin.Authentication.JwtBearer;
 using VberAdmin.Authorization;
 using VberAdmin.Authorization.Users;
 using VberAdmin.Models.TokenAuth;
@@ -17,6 +13,7 @@ using VberZero.AppService.Authorization;
 using VberZero.Authorization;
 using VberZero.Authorization.Users;
 using VberZero.BaseSystem.Users;
+using VberZero.Jwt;
 using VberZero.MultiTenancy;
 
 namespace VberAdmin.Controllers;
@@ -63,7 +60,7 @@ public class TokenAuthController : VberAdminControllerBase
             tenancyName
         );
 
-        var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
+        var accessToken = JwtHelper.CreateAccessToken(loginResult.Identity, _configuration);
 
         return new AuthenticateResultModel
         {
@@ -91,7 +88,7 @@ public class TokenAuthController : VberAdminControllerBase
         {
             case VzLoginResultType.Success:
                 {
-                    var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
+                    var accessToken = JwtHelper.CreateAccessToken(loginResult.Identity, _configuration);
                     return new ExternalAuthenticateResultModel
                     {
                         AccessToken = accessToken,
@@ -121,7 +118,7 @@ public class TokenAuthController : VberAdminControllerBase
                         );
                     }
 
-                    var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
+                    var accessToken = JwtHelper.CreateAccessToken(loginResult.Identity, _configuration);
 
                     return new ExternalAuthenticateResultModel
                     {
@@ -202,38 +199,6 @@ public class TokenAuthController : VberAdminControllerBase
         }
     }
 
-    private string CreateAccessToken(IEnumerable<Claim> claims, TimeSpan? expiration = null)
-    {
-        var now = DateTime.UtcNow;
-
-        var jwtSecurityToken = new JwtSecurityToken(
-            issuer: _configuration.Issuer,
-            audience: _configuration.Audience,
-            claims: claims,
-            notBefore: now,
-            expires: now.Add(expiration ?? _configuration.Expiration),
-            signingCredentials: _configuration.SigningCredentials
-        );
-
-        return new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
-    }
-
-    private static List<Claim> CreateJwtClaims(ClaimsIdentity identity)
-    {
-        var claims = identity.Claims.ToList();
-        var nameIdClaim = claims.First(c => c.Type == ClaimTypes.NameIdentifier);
-
-        // Specifically add the jti (random nonce), iat (issued timestamp), and sub (subject/user) claims.
-        claims.AddRange(new[]
-        {
-            new Claim(JwtRegisteredClaimNames.Sub, nameIdClaim.Value),
-            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
-            new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.Now.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)
-        });
-
-        return claims;
-    }
-
     private string GetEncryptedAccessToken(string accessToken)
     {
         return SimpleStringCipher.Instance.Encrypt(accessToken);

SourceCode/Src/VberAdmin.Web.Core/VberAdmin.Web.Core.csproj

@@ -24,7 +24,6 @@
     <ProjectReference Include="..\VberAdmin.EntityFrameworkCore\VberAdmin.EntityFrameworkCore.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
     <PackageReference Include="Abp.AspNetCore" Version="7.1.0" />
     <PackageReference Include="Abp.ZeroCore" Version="7.1.0" />

SourceCode/Src/VberAdmin.Web.Core/VberAdminWebCoreModule.cs

@@ -16,6 +16,7 @@ using VberAdmin.Configuration;
 
 using VberZero;
 using VberZero.Folders;
+using VberZero.Jwt;
 using VberZero.Navigation;
 
 namespace VberAdmin;

SourceCode/Zero/VberYue.Zero/Jwt/JwtHelper.cs

@@ -0,0 +1,113 @@
+using Microsoft.IdentityModel.Tokens;
+
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+
+namespace VberZero.Jwt
+{
+    public static class JwtHelper
+    {
+        public static string CreateAccessToken(ClaimsIdentity identity, TokenAuthConfiguration configuration, TimeSpan? expiration = null)
+        {
+            return CreateAccessToken(CreateJwtClaims(identity), configuration, expiration);
+        }
+
+        public static string CreateAccessToken(IEnumerable<Claim> claims, TokenAuthConfiguration configuration, TimeSpan? expiration = null)
+        {
+            var now = DateTime.UtcNow;
+
+            var jwtSecurityToken = new JwtSecurityToken(
+                issuer: configuration.Issuer,
+                audience: configuration.Audience,
+                claims: claims,
+                notBefore: now,
+                expires: now.Add(expiration ?? configuration.Expiration),
+                signingCredentials: configuration.SigningCredentials
+            );
+
+            return new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
+        }
+
+        private static List<Claim> CreateJwtClaims(ClaimsIdentity identity)
+        {
+            var claims = identity.Claims.ToList();
+            var nameIdClaim = claims.First(c => c.Type == ClaimTypes.NameIdentifier);
+
+            // Specifically add the jti (random nonce), iat (issued timestamp), and sub (subject/user) claims.
+            claims.AddRange(new[]
+            {
+                new Claim(JwtRegisteredClaimNames.Sub, nameIdClaim.Value),
+                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
+                new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.Now.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)
+            });
+
+            return claims;
+        }
+
+        //public static ClaimsPrincipal ReadJwtToken(string token)
+        //{
+        //    var validateParameter = new TokenValidationParameters()
+        //    {
+        //        ValidateLifetime = false,
+        //        ValidateAudience = false,
+        //        ValidateIssuer = false,
+        //        ValidateIssuerSigningKey = false,
+        //    };
+        //    ClaimsPrincipal principal =
+        //        new JwtSecurityTokenHandler().ValidateToken(token, validateParameter, out var securityToken);
+        //    return principal;
+        //}
+
+        /// <summary>
+        /// 校验token
+        /// </summary>
+        /// <param name="token"></param>
+        /// <param name="configuration"></param>
+        /// <param name="principal"></param>
+        /// <param name="jwtPayload"></param>
+        /// <returns></returns>
+        public static bool VerifyJwtToken(string token, TokenAuthConfiguration configuration, out ClaimsPrincipal principal, out string jwtPayload)
+        {
+            principal = null;
+            jwtPayload = null;
+            //校验token
+            var validateParameter = new TokenValidationParameters()
+            {
+                ValidateLifetime = true,
+                ValidateAudience = true,
+                ValidateIssuer = true,
+                ValidateIssuerSigningKey = true,
+                ValidIssuer = configuration.Issuer,
+                ValidAudience = configuration.Audience,
+                IssuerSigningKey = configuration.SecurityKey,
+                ClockSkew = TimeSpan.Zero//校验过期时间必须加此属性
+            };
+            //不校验，直接解析token
+            //jwtToken = new JwtSecurityTokenHandler().ReadJwtToken(token1);
+            bool success;
+            try
+            {
+                //校验并解析token,validatedToken是解密后的对象
+                principal = new JwtSecurityTokenHandler().ValidateToken(token, validateParameter, out SecurityToken validatedToken);
+                //获取payload中的数据
+                jwtPayload = ((JwtSecurityToken)validatedToken).Payload.SerializeToJson();
+                success = true;
+            }
+            catch (SecurityTokenExpiredException ex)
+            {
+                //表示过期
+                success = false;
+            }
+            catch (SecurityTokenException ex)
+            {
+                //表示token错误
+                success = false;
+            }
+            catch (Exception ex)
+            {
+                success = false;
+            }
+            return success;
+        }
+    }
+}

SourceCode/Src/VberAdmin.Web.Core/Authentication/JwtBearer/TokenAuthConfiguration.cs → SourceCode/Zero/VberYue.Zero/Jwt/TokenAuthConfiguration.cs

@@ -1,8 +1,6 @@
-using System;
+using Microsoft.IdentityModel.Tokens;
 
-using Microsoft.IdentityModel.Tokens;
-
-namespace VberAdmin.Authentication.JwtBearer;
+namespace VberZero.Jwt;
 
 public class TokenAuthConfiguration
 {

SourceCode/Zero/VberYue.Zero/VberYue.Zero.csproj

@@ -41,7 +41,6 @@
     <PackageReference Include="Abp.AutoMapper" Version="7.1.0" />
     <PackageReference Include="Abp.EntityFrameworkCore" Version="7.1.0" />
     <PackageReference Include="Abp.MailKit" Version="7.1.0" />
-
   </ItemGroup>
 
 
@@ -51,7 +50,7 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.0" />
     <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
-    <PackageReference Include="SixLabors.ImageSharp" Version="2.1.3" />
+    <PackageReference Include="SixLabors.ImageSharp" Version="2.1.3" /><PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.0" />
   </ItemGroup>