Merge branch 'Test_IRC_Net8' of https://gitea.frp.extimaging.com/XCKJ/irc-netcore-api into Test_IRC_Net8

IRaCIS.Core.API/Controllers/ExtraController.cs

@@ -1,9 +1,10 @@
 using Amazon.Auth.AccessControlPolicy;
 using Amazon.SecurityToken;
 using Azure.Core;
+using IdentityModel.Client;
+using IdentityModel.OidcClient;
 using IRaCIS.Application.Contracts;
 using IRaCIS.Application.Interfaces;
-using IRaCIS.Core.API.OAuth;
 using IRaCIS.Core.Application.Auth;
 using IRaCIS.Core.Application.Contracts;
 using IRaCIS.Core.Application.Helper;
@@ -25,7 +26,9 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
+using System.Net.Http;
 using System.Text;
+using System.Text.Json;
 using System.Threading.Tasks;
 using ZiggyCreatures.Caching.Fusion;
 using AssumeRoleRequest = Amazon.SecurityToken.Model.AssumeRoleRequest;
@@ -433,63 +436,6 @@ namespace IRaCIS.Api.Controllers
             #endregion
 
 
-            #region 客户端方式获取logto 里面的信息
-
-            var baseUrl = "https://logto.test.extimaging.com";
-            var appId = "v2mr2ndxwkxz0xpsuc1th";
-            var appSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q";
-            var apiAddress = "https://default.logto.app/api"; //这里是个坑
-            var scope = "all";
-
-            var opts = new RestClientOptions(baseUrl);
-            using var client = new RestClient(opts);
-
-            //https://bump.sh/logto/doc/logto-management-api/authentication
-            var request = new RestRequest("oidc/token", Method.Post);
-            request
-                .AddHeader("Content-Type", "application/x-www-form-urlencoded")
-                .AddParameter("grant_type", "client_credentials")
-                .AddParameter("client_id", appId)
-                .AddParameter("client_secret", appSecret)
-                .AddParameter("resource", apiAddress) //注意这里默认值地址和api 地址有区别
-                .AddParameter("scope", scope);
-           
-
-            var response = await client.ExecuteAsync<LogtoTokenResponse>(request);
-
-            if (response.StatusCode == HttpStatusCode.OK)
-            {
-                var tokenResponse = response.Data;
-
-                Console.WriteLine(tokenResponse.ToJsonStr());
-
-                #region 获取应用信息
-
-                var applicationRequest = new RestRequest($"/api/applications", Method.Get)
-                    .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
-
-                var applicationResponse = await client.ExecuteAsync(applicationRequest);
-                #endregion
-
-                #region 获取用户信息
-                //curl \
-                // -X GET https://[tenant_id].logto.app/api/users/{userId} \
-                // -H "Authorization: Bearer $ACCESS_TOKEN"
-
-                var userId = "4fqx4cb3438k";
-                var userInfoRequest = new RestRequest($"api/users/{userId}", Method.Get)
-                    .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
-
-
-                var userResponse = await client.ExecuteAsync<LogtoUser>(userInfoRequest);
-
-                Console.WriteLine(userResponse.Content);
-
-                #endregion
-            }
-
-
-            #endregion
 
 
             return ResponseOutput.Ok();

IRaCIS.Core.API/IRaCIS.Core.API.xml

@@ -346,147 +346,6 @@
             </summary>
             <returns></returns>
         </member>
-        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Tokens">
-            <summary>
-            The token names used by Cookie and OpenID Connect middleware to store and retrieve tokens from
-            Logto OpenID Connect provider.
-            <br/>
-            See <see href="https://github.com/dotnet/aspnetcore/blob/4a9118c674a798aaf6379b4b7b2d8787bc688f96/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L994-L1035">tokens that are stored by OpenID Connect middleware</see> for more details.
-            </summary>
-        </member>
-        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes">
-            <summary>
-            The scope names used by Logto OpenID Connect provider to request for user information.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Email">
-            <summary>
-            The scope name for requesting user's email.
-            Logto will issue two claims to the ID token: <c>email</c> and <c>email_verified</c>.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Phone">
-            <summary>
-            The scope name for requesting user's phone number.
-            Logto will issue two claims to the ID token: <c>phone</c> and <c>phone_verified</c>.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.CustomData">
-            <summary>
-            The scope name for requesting user's custom data.
-            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>custom_data</c>.
-            <br/>
-            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Scopes.Identities">
-            <summary>
-            The scope name for requesting user's identities.
-            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>identities</c>.
-            <br/>
-            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
-            </summary>
-        </member>
-        <member name="T:IRaCIS.Core.API.OAuth.LogtoParameters.Claims">
-            <summary>
-            The claim names used by Logto OpenID Connect provider for ID token and userinfo endpoint.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Issuer">
-            <summary>
-            The claim name for the issuer identifier for whom issued the token.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Subject">
-            <summary>
-            The claim name for the subject identifier for whom the token is intended (user ID).
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Audience">
-            <summary>
-            The claim name for the audience that the token is intended for, which is the client ID.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Expiration">
-            <summary>
-            The claim name for the expiration time of the token (in seconds).
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.IssuedAt">
-            <summary>
-            The claim name for the time at which the token was issued (in seconds).
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Name">
-            <summary>
-            The claim name for the user's full name.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Username">
-            <summary>
-            The claim name for user's username.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Picture">
-            <summary>
-            The claim name for user's profile picture URL.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Email">
-            <summary>
-            The claim name for user's email.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.EmailVerified">
-            <summary>
-            The claim name for user's email verification status.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.PhoneNumber">
-            <summary>
-            The claim name for user's phone number.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.PhoneNumberVerified">
-            <summary>
-            The claim name for user's phone number verification status.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.CustomData">
-            <summary>
-            The claim name for user's custom data.
-            </summary>
-        </member>
-        <member name="F:IRaCIS.Core.API.OAuth.LogtoParameters.Claims.Identities">
-            <summary>
-            The claim name for user's identities.
-            </summary>
-        </member>
-        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.AccessToken">
-            <summary>
-            The access token issued by the Logto authorization server.
-            </summary>
-        </member>
-        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.TokenType">
-            <summary>
-            The type of the token issued by the Logto authorization server.
-            </summary>
-        </member>
-        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.ExpiresIn">
-            <summary>
-            The lifetime in seconds of the access token.
-            </summary>
-        </member>
-        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.RefreshToken">
-            <summary>
-            The refresh token, which can be used to obtain new access tokens using the same authorization grant.
-            </summary>
-        </member>
-        <member name="P:IRaCIS.Core.API.OAuth.LogtoTokenResponse.IdToken">
-            <summary>
-            The ID token, which can be used to verify the identity of the user.
-            </summary>
-        </member>
         <member name="T:IRaCIS.Core.API.IpPolicyRateLimitSetup">
             <summary>
             IPLimit限流 启动服务

IRaCIS.Core.Application/IRaCIS.Core.Application.csproj

@@ -32,6 +32,7 @@
 	</ItemGroup>
 
 	<ItemGroup>
+		<PackageReference Include="IdentityModel.OidcClient" Version="6.0.0" />
 		<PackageReference Include="AlibabaCloud.SDK.Sts20150401" Version="1.1.4" />
 		<PackageReference Include="AWSSDK.SecurityToken" Version="3.7.400.36" />
 		<PackageReference Include="Aliyun.OSS.SDK.NetCore" Version="2.14.1" />

IRaCIS.Core.Application/IRaCIS.Core.Application.xml

@@ -2340,6 +2340,153 @@
         </member>
         <!-- Badly formed XML comment ignored for member "T:IRaCIS.Core.Application.Service.MinimalApiService.TestMinimalApiService" -->
         <!-- Badly formed XML comment ignored for member "M:IRaCIS.Core.Application.Service.MinimalApiService.TestMinimalApiService.#ctor(IRaCIS.Core.Domain.Share.IUserInfo)" -->
+        <member name="M:IRaCIS.Core.Application.Service.OAuthService.TestClientCredentialsAsync">
+            <summary>
+            测试客户端凭证代码
+            </summary>
+            <returns></returns>
+        </member>
+        <member name="T:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Tokens">
+            <summary>
+            The token names used by Cookie and OpenID Connect middleware to store and retrieve tokens from
+            Logto OpenID Connect provider.
+            <br/>
+            See <see href="https://github.com/dotnet/aspnetcore/blob/4a9118c674a798aaf6379b4b7b2d8787bc688f96/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L994-L1035">tokens that are stored by OpenID Connect middleware</see> for more details.
+            </summary>
+        </member>
+        <member name="T:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Scopes">
+            <summary>
+            The scope names used by Logto OpenID Connect provider to request for user information.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Scopes.Email">
+            <summary>
+            The scope name for requesting user's email.
+            Logto will issue two claims to the ID token: <c>email</c> and <c>email_verified</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Scopes.Phone">
+            <summary>
+            The scope name for requesting user's phone number.
+            Logto will issue two claims to the ID token: <c>phone</c> and <c>phone_verified</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Scopes.CustomData">
+            <summary>
+            The scope name for requesting user's custom data.
+            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>custom_data</c>.
+            <br/>
+            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Scopes.Identities">
+            <summary>
+            The scope name for requesting user's identities.
+            Logto will issue a claim to the response of the <c>userinfo</c> endpoint: <c>identities</c>.
+            <br/>
+            Note that when requesting this scope, you must set <see cref="!:LogtoOptions.GetClaimsFromUserInfoEndpoint"/> to <c>true</c>.
+            </summary>
+        </member>
+        <member name="T:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims">
+            <summary>
+            The claim names used by Logto OpenID Connect provider for ID token and userinfo endpoint.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Issuer">
+            <summary>
+            The claim name for the issuer identifier for whom issued the token.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Subject">
+            <summary>
+            The claim name for the subject identifier for whom the token is intended (user ID).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Audience">
+            <summary>
+            The claim name for the audience that the token is intended for, which is the client ID.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Expiration">
+            <summary>
+            The claim name for the expiration time of the token (in seconds).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.IssuedAt">
+            <summary>
+            The claim name for the time at which the token was issued (in seconds).
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Name">
+            <summary>
+            The claim name for the user's full name.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Username">
+            <summary>
+            The claim name for user's username.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Picture">
+            <summary>
+            The claim name for user's profile picture URL.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Email">
+            <summary>
+            The claim name for user's email.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.EmailVerified">
+            <summary>
+            The claim name for user's email verification status.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.PhoneNumber">
+            <summary>
+            The claim name for user's phone number.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.PhoneNumberVerified">
+            <summary>
+            The claim name for user's phone number verification status.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.CustomData">
+            <summary>
+            The claim name for user's custom data.
+            </summary>
+        </member>
+        <member name="F:IRaCIS.Core.Application.Service.OAuth.LogtoParameters.Claims.Identities">
+            <summary>
+            The claim name for user's identities.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.Application.Service.OAuth.LogtoTokenResponse.AccessToken">
+            <summary>
+            The access token issued by the Logto authorization server.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.Application.Service.OAuth.LogtoTokenResponse.TokenType">
+            <summary>
+            The type of the token issued by the Logto authorization server.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.Application.Service.OAuth.LogtoTokenResponse.ExpiresIn">
+            <summary>
+            The lifetime in seconds of the access token.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.Application.Service.OAuth.LogtoTokenResponse.RefreshToken">
+            <summary>
+            The refresh token, which can be used to obtain new access tokens using the same authorization grant.
+            </summary>
+        </member>
+        <member name="P:IRaCIS.Core.Application.Service.OAuth.LogtoTokenResponse.IdToken">
+            <summary>
+            The ID token, which can be used to verify the identity of the user.
+            </summary>
+        </member>
         <member name="M:IRaCIS.Core.Application.Service.QCCommon.VerifyIsCRCSubmmitAsync(IRaCIS.Core.Infra.EFCore.IRepository{IRaCIS.Core.Domain.Models.SubjectVisit},IRaCIS.Core.Domain.Share.IUserInfo,System.Nullable{System.Guid})">
             <summary>
             验证CRC 是否已提交 已提交 就不允许进行任何操作，如果是IQC 那么还验证是否是当前任务领取人

IRaCIS.Core.Application/Service/MinimalApiService/OAuth/LogotoParams.cs

@@ -1,7 +1,7 @@
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using System.Text.Json.Serialization;
 
-namespace IRaCIS.Core.API.OAuth;
+namespace IRaCIS.Core.Application.Service.OAuth;
 
 
 

IRaCIS.Core.Application/Service/MinimalApiService/OAuth/LogtoTokenResponse.cs

@@ -1,6 +1,6 @@
 using System.Text.Json.Serialization;
 
-namespace IRaCIS.Core.API.OAuth;
+namespace IRaCIS.Core.Application.Service.OAuth;
 
 public class LogtoTokenResponse
 {

IRaCIS.Core.Application/Service/MinimalApiService/OAuth/LogtoUser.cs

@@ -1,7 +1,7 @@
 using Org.BouncyCastle.Tls;
 using System.Collections.Generic;
 
-namespace IRaCIS.Core.API.OAuth;
+namespace IRaCIS.Core.Application.Service.OAuth;
 
 public class LogtoUser
 {

IRaCIS.Core.Application/Service/MinimalApiService/OAuthService.cs

@@ -0,0 +1,146 @@
+using IdentityModel.Client;
+using IRaCIS.Core.Application.Service.OAuth;
+using Microsoft.AspNetCore.Builder;
+using RestSharp;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Text;
+using System.Text.Json;
+using System.Threading.Tasks;
+
+namespace IRaCIS.Core.Application.Service
+{
+    public class OAuthService : ServiceBase
+    {
+
+
+        /// <summary>
+        /// 测试客户端凭证代码
+        /// </summary>
+        /// <returns></returns>
+        public async Task<IResponseOutput> TestClientCredentialsAsync()
+        {
+
+            #region 使用IdentityModel.OidcClient 测试
+
+            // discover endpoints from metadata
+            var client = new HttpClient();
+
+            var disco = await client.GetDiscoveryDocumentAsync("https://logto.test.extimaging.com/oidc");
+            if (disco.IsError)
+            {
+                Console.WriteLine(disco.Error);
+            }
+
+            // request token
+            var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
+            {
+                Address = disco.TokenEndpoint,
+                ClientId = "v2mr2ndxwkxz0xpsuc1th",
+                ClientSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q",
+                Resource = new List<string>() { "https://default.logto.app/api" },
+                Scope = "all"
+            });
+
+            if (tokenResponse.IsError)
+            {
+                Console.WriteLine(tokenResponse.Error);
+                Console.WriteLine(tokenResponse.ErrorDescription);
+            }
+            else
+            {
+                Console.WriteLine(tokenResponse.AccessToken);
+                Console.WriteLine("\n\n");
+
+                // call api
+                var apiClient = new HttpClient();
+                apiClient.SetBearerToken(tokenResponse.AccessToken);
+
+                var response = await apiClient.GetAsync("https://logto.test.extimaging.com/api/applications");
+                if (!response.IsSuccessStatusCode)
+                {
+                    Console.WriteLine(response.StatusCode);
+                }
+                else
+                {
+                    var doc = JsonDocument.Parse(await response.Content.ReadAsStringAsync()).RootElement;
+                    Console.WriteLine(JsonSerializer.Serialize(doc, new JsonSerializerOptions { WriteIndented = true }));
+                }
+            }
+
+
+            #endregion
+
+            return ResponseOutput.Ok();
+
+
+        }
+
+        public async Task<IResponseOutput> TestClientCredentialsOriginAsync()
+        {
+            #region 客户端方式获取logto 里面的信息
+            {
+
+                var baseUrl = "https://logto.test.extimaging.com";
+                var appId = "v2mr2ndxwkxz0xpsuc1th";
+                var appSecret = "yq9jUxl70QoOmwHxJ37h1rDoyJ5iz92Q";
+                var apiAddress = "https://default.logto.app/api"; //这里是个坑
+                var scope = "all";
+
+                var opts = new RestClientOptions(baseUrl);
+                using var client = new RestClient(opts);
+
+                //https://bump.sh/logto/doc/logto-management-api/authentication
+                var request = new RestRequest("oidc/token", Method.Post);
+                request
+                    .AddHeader("Content-Type", "application/x-www-form-urlencoded")
+                    .AddParameter("grant_type", "client_credentials")
+                    .AddParameter("client_id", appId)
+                    .AddParameter("client_secret", appSecret)
+                    .AddParameter("resource", apiAddress) //注意这里默认值地址和api 地址有区别
+                    .AddParameter("scope", scope);
+
+
+                var response = await client.ExecuteAsync<LogtoTokenResponse>(request);
+
+                if (response.StatusCode == HttpStatusCode.OK)
+                {
+                    var tokenResponse = response.Data;
+
+                    Console.WriteLine(tokenResponse.ToJsonStr());
+
+                    #region 获取应用信息
+
+                    var applicationRequest = new RestRequest($"/api/applications", Method.Get)
+                        .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
+
+                    var applicationResponse = await client.ExecuteAsync(applicationRequest);
+                    #endregion
+
+                    #region 获取用户信息
+                    //curl \
+                    // -X GET https://[tenant_id].logto.app/api/users/{userId} \
+                    // -H "Authorization: Bearer $ACCESS_TOKEN"
+
+                    var userId = "4fqx4cb3438k";
+                    var userInfoRequest = new RestRequest($"api/users/{userId}", Method.Get)
+                        .AddHeader("Authorization", $"Bearer {tokenResponse.AccessToken}");
+
+
+                    var userResponse = await client.ExecuteAsync<LogtoUser>(userInfoRequest);
+
+                    Console.WriteLine(userResponse.Content);
+
+                    #endregion
+                }
+
+
+            }
+            #endregion
+
+            return ResponseOutput.Ok();
+        }
+    }
+}