tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-11-04 15:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

started adding some kind of auth config

Browse Source
This commit is contained in:
Tom Gardham-Pallister
2017-02-22 20:04:51 +00:00
parent aa0d8fe59a
commit f8804f5d9d
3 changed files with 111 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
src/Ocelot/Configuration/Provider/HardCodedIdentityServerConfigurationProvider.cs Normal file
View File

@@ -0,0 +1,86 @@
using System;
using System.Collections.Generic;
using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models;
using IdentityServer4.Test;
namespace Ocelot.Configuration.Provider
{
public class HardCodedIdentityServerConfigurationProvider : IIdentityServerConfigurationProvider
{
public IdentityServerConfiguration Get()
{
var url = "";
return new IdentityServerConfiguration(
url,
"admin",
false,
SupportedTokens.Both,
"secret",
new List<string> {"admin", "openid", "offline_access"},
"Ocelot Administration",
true,
GrantTypes.ResourceOwnerPassword,
AccessTokenType.Jwt,
false,
new List<TestUser> {
new TestUser
{
Username = "admin",
Password = "admin",
SubjectId = "admin",
}
}
);
}
}
public interface IIdentityServerConfigurationProvider
{
IdentityServerConfiguration Get();
}
public class IdentityServerConfiguration
{
public IdentityServerConfiguration(
string identityServerUrl,
string apiName,
bool requireHttps,
SupportedTokens supportedTokens,
string apiSecret,
List<string> allowedScopes,
string description,
bool enabled,
IEnumerable<string> grantType,
AccessTokenType accessTokenType,
bool requireClientSecret,
List<TestUser> users)
{
IdentityServerUrl = identityServerUrl;
ApiName = apiName;
RequireHttps = requireHttps;
SupportedTokens = supportedTokens;
ApiSecret = apiSecret;
AllowedScopes = allowedScopes;
Description = description;
Enabled = enabled;
AllowedGrantTypes = grantType;
AccessTokenType = accessTokenType;
RequireClientSecret = requireClientSecret;
Users = users;
}
public string IdentityServerUrl { get; private set; }
public string ApiName { get; private set; }
public bool RequireHttps { get; private set; }
public List<string> AllowedScopes { get; private set; }
public SupportedTokens SupportedTokens { get; private set; }
public string ApiSecret { get; private set; }
public string Description {get;private set;}
public bool Enabled {get;private set;}
public IEnumerable<string> AllowedGrantTypes {get;private set;}
public AccessTokenType AccessTokenType {get;private set;}
public bool RequireClientSecret = false;
public List<TestUser> Users {get;private set;}
}
}

44
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using CacheManager.Core;
using IdentityServer4.Models;
@@ -60,27 +61,25 @@ namespace Ocelot.DependencyInjection
public static IServiceCollection AddOcelot(this IServiceCollection services)
{
var authProvider = new HardCodedIdentityServerConfigurationProvider();
var identityServerConfig = authProvider.Get();
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = "admin",
Description = "Ocelot Administration",
Enabled = true,
DisplayName = "admin",
Scopes = new List<Scope>()
{
new Scope("admin"),
new Scope("openid"),
new Scope("offline_access")
},
Name = identityServerConfig.ApiName,
Description = identityServerConfig.Description,
Enabled = identityServerConfig.Enabled,
DisplayName = identityServerConfig.ApiName,
Scopes = identityServerConfig.AllowedScopes.Select(x => new Scope(x)).ToList(),
ApiSecrets = new List<Secret>
{
new Secret
{
Value = "secret".Sha256()
Value = identityServerConfig.ApiSecret.Sha256()
}
}
}
@@ -89,24 +88,17 @@ namespace Ocelot.DependencyInjection
{
new Client
{
ClientId = "admin",
ClientId = identityServerConfig.ApiName,
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets = new List<Secret> {new Secret("secret".Sha256())},
AllowedScopes = new List<string> {"admin", "openid", "offline_access"},
AccessTokenType = AccessTokenType.Jwt,
Enabled = true,
RequireClientSecret = false
ClientSecrets = new List<Secret> {new Secret(identityServerConfig.ApiSecret.Sha256())},
AllowedScopes = identityServerConfig.AllowedScopes,
AccessTokenType = identityServerConfig.AccessTokenType,
Enabled = identityServerConfig.Enabled,
RequireClientSecret = identityServerConfig.RequireClientSecret
}
})
.AddTestUsers(new List<TestUser>
{
new TestUser
{
Username = "admin",
Password = "admin",
SubjectId = "admin",
}
});
.AddTestUsers(identityServerConfig.Users);
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();

11
src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
View File

@@ -157,6 +157,9 @@ namespace Ocelot.Middleware
{
var configuration = await CreateConfiguration(builder);
var authProvider = new HardCodedIdentityServerConfigurationProvider();
var identityServerConfig = authProvider.Get();
if(!string.IsNullOrEmpty(configuration.AdministrationPath))
{
builder.Map(configuration.AdministrationPath, app =>
@@ -166,11 +169,11 @@ namespace Ocelot.Middleware
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = identityServerUrl,
ApiName = "admin",
RequireHttpsMetadata = false,
AllowedScopes = new List<string>(),
ApiName = identityServerConfig.ApiName,
RequireHttpsMetadata = identityServerConfig.RequireHttps,
AllowedScopes = identityServerConfig.AllowedScopes,
SupportedTokens = SupportedTokens.Both,
ApiSecret = "secret"
ApiSecret = identityServerConfig.ApiSecret
});
app.UseIdentityServer();