PEIS/PEIS.Cloud/Startup.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Text;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using PEIS.Common.Helper.Encryption;
using PEIS.Common.Middleware;

namespace PEIS.Cloud
{
    public class Startup
    {

        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        private readonly bool _swagger = AppSettingJsonHelper.GetSection("Swagger", "Using") == "true";
        public IConfiguration Configuration { get; }

        /// <summary>
        /// 这个方法被运行时调用。 使用此方法向容器添加服务
        /// </summary>
        /// <param name="services"></param>
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();
            services.AddControllersWithViews()
                .AddNewtonsoftJson(options =>
                    options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
                );
            // swagger 配置
            if (_swagger)
            {
                services.AddSwaggerGen(c =>
                {
                    c.SwaggerDoc("v1", new OpenApiInfo { Title = "OutCollect", Version = "v1" });
                    var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
                    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
                    c.IncludeXmlComments(xmlPath, true);

                    //添加Authorization
                    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
                    {
                        Description = "JWT Authorization header using the Bearer scheme.",
                        Name = "Authorization",
                        In = ParameterLocation.Header,
                        Scheme = "bearer",
                        Type = SecuritySchemeType.Http,
                        BearerFormat = "JWT"
                    });
                    //把所有方法配置为增加bearer头部信息;
                    c.AddSecurityRequirement(new OpenApiSecurityRequirement
                    {
                        {
                            new OpenApiSecurityScheme
                            {
                                Reference = new OpenApiReference
                                {
                                    Type = ReferenceType.SecurityScheme,
                                    Id = "bearerAuth"
                                }
                            },
                            new string[] {}
                        }
                    });

                    c.AddSecurityRequirement(new OpenApiSecurityRequirement
                    {
                        {
                            new OpenApiSecurityScheme
                            {
                                Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" }
                            },
                            new List<string>()
                        }
                    });
                });
            }
            // jwt 配置
            services.AddAuthentication(options =>
            {
                // 设置默认使用jwt验证方式
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                var confSection = Configuration.GetSection("Authentication");
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    // 验证接收者
                    ValidateAudience = true,
                    // 验证发布者 //是否验证发行人，就是验证载荷中的Iss是否对应ValidIssuer参数
                    ValidateIssuer = true,
                    // 验证过期时间//是否验证过期时间，过期了就拒绝访问
                    ValidateLifetime = true,
                    // 验证秘钥 //是否验证签名,不验证的画可以篡改数据，不安全
                    ValidateIssuerSigningKey = true,
                    // 读配置Issuer//发行人
                    ValidIssuer = confSection["IsSure"],
                    // 读配置Audience//订阅人
                    ValidAudience = confSection["Audience"],
                    // 设置生成token的秘钥 //解密的密钥
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(confSection["SecurityKey"]))
                };
            });

        }


        /// <summary>
        ///  此方法由运行时调用。 使用此方法配置 HTTP 请求管道
        /// </summary>
        /// <param name="app"></param>
        /// <param name="env"></param>
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/error");
            }

            if (_swagger)
            {
                app.UseSwagger();
                // Enable middleware to serve generated Swagger as a JSON endpoint.
                app.UseSwagger(c =>
                {
                    c.SerializeAsV2 = true;
                });
                app.UseSwaggerUI(c =>
                {
                    c.SwaggerEndpoint("/swagger/v1/swagger.json", "debug NetFL v1");
                });

            }

            app.UseHttpsRedirection();
            app.UseRouting();


            // custom jwt auth middleware
            app.UseMiddleware<JwtMiddleware>();
            // jwt
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}