mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-11-05 00:10:49 +08:00
started adding some kind of auth config
This commit is contained in:
Tom Gardham-Pallister
@@ -0,0 +1,86 @@
|
|||||||
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using IdentityServer4.AccessTokenValidation;
|
||||||
|
using IdentityServer4.Models;
|
||||||
|
using IdentityServer4.Test;
|
||||||
|
|
||||||
|
namespace Ocelot.Configuration.Provider
|
||||||
|
{
|
||||||
|
public class HardCodedIdentityServerConfigurationProvider : IIdentityServerConfigurationProvider
|
||||||
|
{
|
||||||
|
public IdentityServerConfiguration Get()
|
||||||
|
{
|
||||||
|
var url = "";
|
||||||
|
return new IdentityServerConfiguration(
|
||||||
|
url,
|
||||||
|
"admin",
|
||||||
|
false,
|
||||||
|
SupportedTokens.Both,
|
||||||
|
"secret",
|
||||||
|
new List<string> {"admin", "openid", "offline_access"},
|
||||||
|
"Ocelot Administration",
|
||||||
|
true,
|
||||||
|
GrantTypes.ResourceOwnerPassword,
|
||||||
|
AccessTokenType.Jwt,
|
||||||
|
false,
|
||||||
|
new List<TestUser> {
|
||||||
|
new TestUser
|
||||||
|
{
|
||||||
|
Username = "admin",
|
||||||
|
Password = "admin",
|
||||||
|
SubjectId = "admin",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface IIdentityServerConfigurationProvider
|
||||||
|
{
|
||||||
|
IdentityServerConfiguration Get();
|
||||||
|
}
|
||||||
|
|
||||||
|
public class IdentityServerConfiguration
|
||||||
|
{
|
||||||
|
public IdentityServerConfiguration(
|
||||||
|
string identityServerUrl,
|
||||||
|
string apiName,
|
||||||
|
bool requireHttps,
|
||||||
|
SupportedTokens supportedTokens,
|
||||||
|
string apiSecret,
|
||||||
|
List<string> allowedScopes,
|
||||||
|
string description,
|
||||||
|
bool enabled,
|
||||||
|
IEnumerable<string> grantType,
|
||||||
|
AccessTokenType accessTokenType,
|
||||||
|
bool requireClientSecret,
|
||||||
|
List<TestUser> users)
|
||||||
|
{
|
||||||
|
IdentityServerUrl = identityServerUrl;
|
||||||
|
ApiName = apiName;
|
||||||
|
RequireHttps = requireHttps;
|
||||||
|
SupportedTokens = supportedTokens;
|
||||||
|
ApiSecret = apiSecret;
|
||||||
|
AllowedScopes = allowedScopes;
|
||||||
|
Description = description;
|
||||||
|
Enabled = enabled;
|
||||||
|
AllowedGrantTypes = grantType;
|
||||||
|
AccessTokenType = accessTokenType;
|
||||||
|
RequireClientSecret = requireClientSecret;
|
||||||
|
Users = users;
|
||||||
|
}
|
||||||
|
|
||||||
|
public string IdentityServerUrl { get; private set; }
|
||||||
|
public string ApiName { get; private set; }
|
||||||
|
public bool RequireHttps { get; private set; }
|
||||||
|
public List<string> AllowedScopes { get; private set; }
|
||||||
|
public SupportedTokens SupportedTokens { get; private set; }
|
||||||
|
public string ApiSecret { get; private set; }
|
||||||
|
public string Description {get;private set;}
|
||||||
|
public bool Enabled {get;private set;}
|
||||||
|
public IEnumerable<string> AllowedGrantTypes {get;private set;}
|
||||||
|
public AccessTokenType AccessTokenType {get;private set;}
|
||||||
|
public bool RequireClientSecret = false;
|
||||||
|
public List<TestUser> Users {get;private set;}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.Linq;
|
||||||
using System.Net.Http;
|
using System.Net.Http;
|
||||||
using CacheManager.Core;
|
using CacheManager.Core;
|
||||||
using IdentityServer4.Models;
|
using IdentityServer4.Models;
|
||||||
@@ -60,27 +61,25 @@ namespace Ocelot.DependencyInjection
|
|||||||
|
|
||||||
public static IServiceCollection AddOcelot(this IServiceCollection services)
|
public static IServiceCollection AddOcelot(this IServiceCollection services)
|
||||||
{
|
{
|
||||||
|
var authProvider = new HardCodedIdentityServerConfigurationProvider();
|
||||||
|
var identityServerConfig = authProvider.Get();
|
||||||
|
|
||||||
services.AddIdentityServer()
|
services.AddIdentityServer()
|
||||||
.AddTemporarySigningCredential()
|
.AddTemporarySigningCredential()
|
||||||
.AddInMemoryApiResources(new List<ApiResource>
|
.AddInMemoryApiResources(new List<ApiResource>
|
||||||
{
|
{
|
||||||
new ApiResource
|
new ApiResource
|
||||||
{
|
{
|
||||||
Name = "admin",
|
Name = identityServerConfig.ApiName,
|
||||||
Description = "Ocelot Administration",
|
Description = identityServerConfig.Description,
|
||||||
Enabled = true,
|
Enabled = identityServerConfig.Enabled,
|
||||||
DisplayName = "admin",
|
DisplayName = identityServerConfig.ApiName,
|
||||||
Scopes = new List<Scope>()
|
Scopes = identityServerConfig.AllowedScopes.Select(x => new Scope(x)).ToList(),
|
||||||
{
|
|
||||||
new Scope("admin"),
|
|
||||||
new Scope("openid"),
|
|
||||||
new Scope("offline_access")
|
|
||||||
},
|
|
||||||
ApiSecrets = new List<Secret>
|
ApiSecrets = new List<Secret>
|
||||||
{
|
{
|
||||||
new Secret
|
new Secret
|
||||||
{
|
{
|
||||||
Value = "secret".Sha256()
|
Value = identityServerConfig.ApiSecret.Sha256()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -89,24 +88,17 @@ namespace Ocelot.DependencyInjection
|
|||||||
{
|
{
|
||||||
new Client
|
new Client
|
||||||
{
|
{
|
||||||
ClientId = "admin",
|
ClientId = identityServerConfig.ApiName,
|
||||||
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
|
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
|
||||||
ClientSecrets = new List<Secret> {new Secret("secret".Sha256())},
|
ClientSecrets = new List<Secret> {new Secret(identityServerConfig.ApiSecret.Sha256())},
|
||||||
AllowedScopes = new List<string> {"admin", "openid", "offline_access"},
|
AllowedScopes = identityServerConfig.AllowedScopes,
|
||||||
AccessTokenType = AccessTokenType.Jwt,
|
AccessTokenType = identityServerConfig.AccessTokenType,
|
||||||
Enabled = true,
|
Enabled = identityServerConfig.Enabled,
|
||||||
RequireClientSecret = false
|
RequireClientSecret = identityServerConfig.RequireClientSecret
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
.AddTestUsers(new List<TestUser>
|
.AddTestUsers(identityServerConfig.Users);
|
||||||
{
|
|
||||||
new TestUser
|
|
||||||
{
|
|
||||||
Username = "admin",
|
|
||||||
Password = "admin",
|
|
||||||
SubjectId = "admin",
|
|
||||||
}
|
|
||||||
});
|
|
||||||
services.AddMvcCore()
|
services.AddMvcCore()
|
||||||
.AddAuthorization()
|
.AddAuthorization()
|
||||||
.AddJsonFormatters();
|
.AddJsonFormatters();
|
||||||
|
|||||||
@@ -157,6 +157,9 @@ namespace Ocelot.Middleware
|
|||||||
{
|
{
|
||||||
var configuration = await CreateConfiguration(builder);
|
var configuration = await CreateConfiguration(builder);
|
||||||
|
|
||||||
|
var authProvider = new HardCodedIdentityServerConfigurationProvider();
|
||||||
|
var identityServerConfig = authProvider.Get();
|
||||||
|
|
||||||
if(!string.IsNullOrEmpty(configuration.AdministrationPath))
|
if(!string.IsNullOrEmpty(configuration.AdministrationPath))
|
||||||
{
|
{
|
||||||
builder.Map(configuration.AdministrationPath, app =>
|
builder.Map(configuration.AdministrationPath, app =>
|
||||||
@@ -166,11 +169,11 @@ namespace Ocelot.Middleware
|
|||||||
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
|
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
|
||||||
{
|
{
|
||||||
Authority = identityServerUrl,
|
Authority = identityServerUrl,
|
||||||
ApiName = "admin",
|
ApiName = identityServerConfig.ApiName,
|
||||||
RequireHttpsMetadata = false,
|
RequireHttpsMetadata = identityServerConfig.RequireHttps,
|
||||||
AllowedScopes = new List<string>(),
|
AllowedScopes = identityServerConfig.AllowedScopes,
|
||||||
SupportedTokens = SupportedTokens.Both,
|
SupportedTokens = SupportedTokens.Both,
|
||||||
ApiSecret = "secret"
|
ApiSecret = identityServerConfig.ApiSecret
|
||||||
});
|
});
|
||||||
|
|
||||||
app.UseIdentityServer();
|
app.UseIdentityServer();
|
||||||
|
|||||||
Reference in New Issue
Block a user