mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-11-04 15:10:50 +08:00
miles away
This commit is contained in:
Tom Pallister
@@ -1,5 +1,6 @@
|
||||
using System;
|
||||
using IdentityServer4.AccessTokenValidation;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
@@ -21,22 +22,22 @@ namespace Ocelot.Authentication.Handler.Creator
|
||||
throw new NotImplementedException();
|
||||
var builder = app.New();
|
||||
|
||||
if (authOptions.Provider.ToLower() == "jwt")
|
||||
/* if (authOptions.Provider.ToLower() == "jwt")
|
||||
{
|
||||
var authenticationConfig = authOptions.Config as JwtConfig;
|
||||
|
||||
/* builder.UseJwtBearerAuthentication(
|
||||
builder.UseJwtBearerAuthentication(
|
||||
new JwtBearerOptions()
|
||||
{
|
||||
Authority = authenticationConfig.Authority,
|
||||
Audience = authenticationConfig.Audience
|
||||
});*/
|
||||
});
|
||||
}
|
||||
else
|
||||
{
|
||||
var authenticationConfig = authOptions.Config as IdentityServerConfig;
|
||||
|
||||
/* builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
|
||||
builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
|
||||
{
|
||||
Authority = authenticationConfig.ProviderRootUrl,
|
||||
ApiName = authenticationConfig.ApiName,
|
||||
@@ -44,11 +45,12 @@ namespace Ocelot.Authentication.Handler.Creator
|
||||
AllowedScopes = authOptions.AllowedScopes,
|
||||
SupportedTokens = SupportedTokens.Both,
|
||||
ApiSecret = authenticationConfig.ApiSecret
|
||||
});*/
|
||||
}
|
||||
});
|
||||
}*/
|
||||
|
||||
var authenticationNext = builder.Build();
|
||||
|
||||
|
||||
return new OkResponse<RequestDelegate>(authenticationNext);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,14 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using IdentityServer4.Extensions;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Ocelot.Authentication.Handler.Factory;
|
||||
using Ocelot.Configuration;
|
||||
using Ocelot.Errors;
|
||||
@@ -34,6 +41,32 @@ namespace Ocelot.Authentication.Middleware
|
||||
|
||||
public async Task Invoke(HttpContext context)
|
||||
{
|
||||
/* var req = context.Request;
|
||||
var res = context.Response;
|
||||
if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder))
|
||||
{
|
||||
var name = remainder.Value.Substring(1);
|
||||
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
||||
var scheme = new AuthenticationScheme(name, name, typeof(TestHandler));
|
||||
auth.AddScheme(scheme);
|
||||
}
|
||||
else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
|
||||
{
|
||||
var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
|
||||
var result = await context.AuthenticateAsync(name);
|
||||
result.Principal.IsAuthenticated();
|
||||
}
|
||||
else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder))
|
||||
{
|
||||
var name = remainder.Value.Substring(1);
|
||||
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
||||
auth.RemoveScheme(name);
|
||||
}
|
||||
else
|
||||
{
|
||||
await _next.Invoke(context);
|
||||
}*/
|
||||
|
||||
if (IsAuthenticatedRoute(DownstreamRoute.ReRoute))
|
||||
{
|
||||
_logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated");
|
||||
@@ -81,5 +114,43 @@ namespace Ocelot.Authentication.Middleware
|
||||
return reRoute.IsAuthenticated;
|
||||
}
|
||||
}
|
||||
|
||||
public class TestHandler : AuthenticationHandler<TestOptions>
|
||||
{
|
||||
public TestHandler(IOptionsMonitor<TestOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
|
||||
{
|
||||
}
|
||||
|
||||
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
var principal = new ClaimsPrincipal();
|
||||
var id = new ClaimsIdentity();
|
||||
id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
|
||||
if (Options.Instance != null)
|
||||
{
|
||||
id.AddClaim(new Claim("Count", Options.Instance.Count.ToString()));
|
||||
}
|
||||
principal.AddIdentity(id);
|
||||
return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
|
||||
}
|
||||
}
|
||||
|
||||
public class TestOptions : AuthenticationSchemeOptions
|
||||
{
|
||||
public Singleton Instance { get; set; }
|
||||
}
|
||||
|
||||
public class Singleton
|
||||
{
|
||||
public static int _count;
|
||||
|
||||
public Singleton()
|
||||
{
|
||||
_count++;
|
||||
Count = _count;
|
||||
}
|
||||
|
||||
public int Count { get; }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -38,10 +38,14 @@ using Ocelot.Responder;
|
||||
using Ocelot.ServiceDiscovery;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Linq;
|
||||
using System.Net.Http;
|
||||
using System.Reflection;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using IdentityServer4.AccessTokenValidation;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Ocelot.Configuration;
|
||||
using Ocelot.Creator.Configuration;
|
||||
@@ -75,7 +79,6 @@ namespace Ocelot.DependencyInjection
|
||||
services.TryAddSingleton<IAuthenticationProviderConfigCreator, AuthenticationProviderConfigCreator>();
|
||||
services.TryAddSingleton<IOcelotConfigurationRepository, InMemoryOcelotConfigurationRepository>();
|
||||
services.TryAddSingleton<IConfigurationValidator, FileConfigurationValidator>();
|
||||
services.TryAddSingleton<IBaseUrlFinder, BaseUrlFinder>();
|
||||
services.TryAddSingleton<IClaimsToThingCreator, ClaimsToThingCreator>();
|
||||
services.TryAddSingleton<IAuthenticationOptionsCreator, AuthenticationOptionsCreator>();
|
||||
services.TryAddSingleton<IUpstreamTemplatePatternCreator, UpstreamTemplatePatternCreator>();
|
||||
@@ -84,59 +87,7 @@ namespace Ocelot.DependencyInjection
|
||||
services.TryAddSingleton<IQoSOptionsCreator, QoSOptionsCreator>();
|
||||
services.TryAddSingleton<IReRouteOptionsCreator, ReRouteOptionsCreator>();
|
||||
services.TryAddSingleton<IRateLimitOptionsCreator, RateLimitOptionsCreator>();
|
||||
|
||||
var identityServerConfiguration = IdentityServerConfigurationCreator.GetIdentityServerConfiguration();
|
||||
|
||||
if(identityServerConfiguration != null)
|
||||
{
|
||||
services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
|
||||
services.TryAddSingleton<IHashMatcher, HashMatcher>();
|
||||
var identityServerBuilder = services
|
||||
.AddIdentityServer(options => {
|
||||
options.IssuerUri = "Ocelot";
|
||||
})
|
||||
.AddInMemoryApiResources(new List<ApiResource>
|
||||
{
|
||||
new ApiResource
|
||||
{
|
||||
Name = identityServerConfiguration.ApiName,
|
||||
Description = identityServerConfiguration.Description,
|
||||
Enabled = identityServerConfiguration.Enabled,
|
||||
DisplayName = identityServerConfiguration.ApiName,
|
||||
Scopes = identityServerConfiguration.AllowedScopes.Select(x => new Scope(x)).ToList(),
|
||||
ApiSecrets = new List<Secret>
|
||||
{
|
||||
new Secret
|
||||
{
|
||||
Value = identityServerConfiguration.ApiSecret.Sha256()
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
.AddInMemoryClients(new List<Client>
|
||||
{
|
||||
new Client
|
||||
{
|
||||
ClientId = identityServerConfiguration.ApiName,
|
||||
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
|
||||
ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
|
||||
AllowedScopes = identityServerConfiguration.AllowedScopes,
|
||||
AccessTokenType = identityServerConfiguration.AccessTokenType,
|
||||
Enabled = identityServerConfiguration.Enabled,
|
||||
RequireClientSecret = identityServerConfiguration.RequireClientSecret
|
||||
}
|
||||
}).AddResourceOwnerValidator<OcelotResourceOwnerPasswordValidator>();
|
||||
|
||||
if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
|
||||
{
|
||||
identityServerBuilder.AddDeveloperSigningCredential();
|
||||
}
|
||||
else
|
||||
{
|
||||
var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
|
||||
identityServerBuilder.AddSigningCredential(cert);
|
||||
}
|
||||
}
|
||||
services.TryAddSingleton<IBaseUrlFinder, BaseUrlFinder>();
|
||||
|
||||
var assembly = typeof(FileConfigurationController).GetTypeInfo().Assembly;
|
||||
|
||||
@@ -190,6 +141,76 @@ namespace Ocelot.DependencyInjection
|
||||
//Used to log the the start and ending of middleware
|
||||
services.TryAddSingleton<OcelotDiagnosticListener>();
|
||||
services.AddMiddlewareAnalysis();
|
||||
services.AddWebEncoders();
|
||||
|
||||
var identityServerConfiguration = IdentityServerConfigurationCreator.GetIdentityServerConfiguration();
|
||||
|
||||
if (identityServerConfiguration != null)
|
||||
{
|
||||
services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
|
||||
services.TryAddSingleton<IHashMatcher, HashMatcher>();
|
||||
var identityServerBuilder = services
|
||||
.AddIdentityServer(options => {
|
||||
options.IssuerUri = "Ocelot";
|
||||
})
|
||||
.AddInMemoryApiResources(new List<ApiResource>
|
||||
{
|
||||
new ApiResource
|
||||
{
|
||||
Name = identityServerConfiguration.ApiName,
|
||||
Description = identityServerConfiguration.Description,
|
||||
Enabled = identityServerConfiguration.Enabled,
|
||||
DisplayName = identityServerConfiguration.ApiName,
|
||||
Scopes = identityServerConfiguration.AllowedScopes.Select(x => new Scope(x)).ToList(),
|
||||
ApiSecrets = new List<Secret>
|
||||
{
|
||||
new Secret
|
||||
{
|
||||
Value = identityServerConfiguration.ApiSecret.Sha256()
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
.AddInMemoryClients(new List<Client>
|
||||
{
|
||||
new Client
|
||||
{
|
||||
ClientId = identityServerConfiguration.ApiName,
|
||||
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
|
||||
ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
|
||||
AllowedScopes = identityServerConfiguration.AllowedScopes,
|
||||
AccessTokenType = identityServerConfiguration.AccessTokenType,
|
||||
Enabled = identityServerConfiguration.Enabled,
|
||||
RequireClientSecret = identityServerConfiguration.RequireClientSecret
|
||||
}
|
||||
}).AddResourceOwnerValidator<OcelotResourceOwnerPasswordValidator>();
|
||||
|
||||
|
||||
var whb = services.First(x => x.ServiceType == typeof(IWebHostBuilder));
|
||||
var urlFinder = new BaseUrlFinder((IWebHostBuilder)whb.ImplementationInstance);
|
||||
var baseSchemeUrlAndPort = urlFinder.Find();
|
||||
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
|
||||
|
||||
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddIdentityServerAuthentication(o =>
|
||||
{
|
||||
o.Authority = baseSchemeUrlAndPort + "admin";
|
||||
o.ApiName = identityServerConfiguration.ApiName;
|
||||
o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
|
||||
o.AllowedScopes = identityServerConfiguration.AllowedScopes;
|
||||
o.SupportedTokens = SupportedTokens.Both;
|
||||
o.ApiSecret = identityServerConfiguration.ApiSecret;
|
||||
});
|
||||
if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
|
||||
{
|
||||
identityServerBuilder.AddDeveloperSigningCredential();
|
||||
}
|
||||
else
|
||||
{
|
||||
var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
|
||||
identityServerBuilder.AddSigningCredential(cert);
|
||||
}
|
||||
}
|
||||
|
||||
return services;
|
||||
}
|
||||
|
||||
@@ -1,11 +1,13 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Diagnostics;
|
||||
using System.Reflection;
|
||||
using IdentityServer4.AccessTokenValidation;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Ocelot.Authentication.Middleware;
|
||||
using Ocelot.Cache.Middleware;
|
||||
using Ocelot.Claims.Middleware;
|
||||
using Ocelot.Controllers;
|
||||
using Ocelot.DownstreamRouteFinder.Middleware;
|
||||
using Ocelot.DownstreamUrlCreator.Middleware;
|
||||
using Ocelot.Errors.Middleware;
|
||||
@@ -179,28 +181,12 @@ namespace Ocelot.Middleware
|
||||
|
||||
if(!string.IsNullOrEmpty(configuration.AdministrationPath) && identityServerConfiguration != null)
|
||||
{
|
||||
var urlFinder = (IBaseUrlFinder)builder.ApplicationServices.GetService(typeof(IBaseUrlFinder));
|
||||
|
||||
var baseSchemeUrlAndPort = urlFinder.Find();
|
||||
|
||||
builder.Map(configuration.AdministrationPath, app =>
|
||||
{
|
||||
var identityServerUrl = $"{baseSchemeUrlAndPort}/{configuration.AdministrationPath.Remove(0,1)}";
|
||||
|
||||
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddIdentityServerAuthentication(o =>
|
||||
{
|
||||
o.Authority = identityServerUrl;
|
||||
o.ApiName = identityServerConfiguration.ApiName;
|
||||
o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
|
||||
o.AllowedScopes = identityServerConfiguration.AllowedScopes;
|
||||
o.SupportedTokens = SupportedTokens.Both;
|
||||
o.ApiSecret = identityServerConfiguration.ApiSecret;
|
||||
});
|
||||
|
||||
app.UseMvc();
|
||||
app.UseIdentityServer();
|
||||
app.UseAuthentication();
|
||||
app.UseMvc();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,6 +26,7 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.0.0-rc1" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="2.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.0.0" />
|
||||
@@ -36,7 +37,6 @@
|
||||
<PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="2.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.0.0" />
|
||||
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.0" />
|
||||
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.0.0-rc1" />
|
||||
<PackageReference Include="CacheManager.Core" Version="1.1.1" />
|
||||
<PackageReference Include="CacheManager.Microsoft.Extensions.Configuration" Version="1.1.1" />
|
||||
<PackageReference Include="CacheManager.Microsoft.Extensions.Logging" Version="1.1.1" />
|
||||
|
||||
Reference in New Issue
Block a user