CloudGamingAdmin/admin-server/CloudGaming.Core.Identity/Configs/CoreIdentityConfig.cs

namespace CloudGaming.Core.Identity.Configs;

/// <summary>
/// 共享身份认证配置
/// </summary>
public static class CoreIdentityConfig
{
    /// <summary>
    /// 添加身份认证
    /// </summary>
    public static void AddIdentity(this WebApplicationBuilder webApplicationBuilder)
    {
        // 注册身份认证
        var jwtTokenOptions = webApplicationBuilder.Configuration
            .GetSection(nameof(JwtTokenOptions))
            .Get<JwtTokenOptions>()
            ;

        webApplicationBuilder.Services
            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true, //是否验证Issuer
                    ValidateAudience = true, //是否验证Audience
                    ValidateLifetime = true, //是否验证失效时间
                    ValidateIssuerSigningKey = true, //是否验证SecurityKey
                    ValidAudience = jwtTokenOptions!.JwtValidAudience, //Audience
                    ValidIssuer = jwtTokenOptions.JwtValidIssuer, //Issuer，这两项和前面签发jwt的设置一致
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtTokenOptions!.JwtIssuerSigningKey!)), //拿到SecurityKey
                    RequireExpirationTime = true,
                };
                options.Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = context =>
                    {
                        //Token expired
                        if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                        {
                            context.Response.Headers.Add("Token-Expired", "true");
                        }
                        return Task.CompletedTask;
                    },
                    OnChallenge = (context) =>
                    {
                        if (context.HttpContext.Response.Headers.ContainsKey("Token-Expired"))
                        {
                            context.HttpContext.Response.Headers["Token-Expired"] = "true";
                        }
                        else
                        {
                            context.HttpContext.Response.Headers.Append("Token-Expired", "true");
                        }
                        return Task.CompletedTask;
                    }
                };
            });
    }

    /// <summary>
    /// 使用身份认证
    /// </summary>
    /// <param name="webApplication"></param>
    public static void UseIdentity(this WebApplication webApplication)
    {
        webApplication.UseAuthentication();

        webApplication.UseAuthorization();
    }


}