feat: Add PssoService

masastack · Mar 27, 2024 · fe43666 · fe43666
1 parent 9c9d665
commit fe43666
Show file tree

Hide file tree

Showing 12 changed files with 312 additions and 3 deletions.
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Infrastructure/Models/SoaOptions.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Infrastructure/Models/SoaOptions.cs
@@ -0,0 +1,11 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Infrastructure.Models;
+
+public class SoaOptions
+{
+    public string ServerUrl { get; set; } = "";
+
+    public readonly static string Key = "$public.Soa";
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/AbpApiResponse.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/AbpApiResponse.cs
@@ -0,0 +1,13 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+public class AbpApiResponse<T>
+{
+    public bool Success { get; set; }
+
+    public string? Error { get; set; }
+
+    public T? Result { get; set; }
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/AssignedRoleDto.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/AssignedRoleDto.cs
@@ -0,0 +1,45 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+public class AssignedRoleDto
+{
+    public int? RoleId { set; get; }
+    public PssoRoleType? RoleType { set; get; }
+    public string RoleName { set; get; } = string.Empty;
+    public string AssociatedEntityId { set; get; } = string.Empty;
+    public string AssociatedEntityName { get; set; } = string.Empty;
+}
+
+public enum PssoRoleType : int
+{
+    /// <summary>
+    /// 默认
+    /// </summary>
+    Default = 0,
+    /// <summary>
+    /// 经销商
+    /// </summary>
+    Distributor = 1,
+    /// <summary>
+    /// 经销公司
+    /// </summary>
+    DistributionCompany = 2,
+    ///供应商
+    Supplier = 3,
+    /// <summary>
+    /// 服务中心
+    /// </summary>
+    ServiceCenter = 8,
+    ///// <summary>
+    ///// 技工技师
+    ///// </summary>
+    //[Display(Name = "技工技师")]
+    //Worker = 10,
+    ///// <summary>
+    ///// 临时技工技师
+    ///// </summary>
+    //[Display(Name = "临时技工技师")]
+    //TempWorker = 11,
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/FeatureTreeDto.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/FeatureTreeDto.cs
@@ -0,0 +1,50 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+public class FeatureTreeDto
+{
+    public string Id { set; get; } = string.Empty;
+    public string Name { get; set; } = string.Empty;
+    public string Code { get; set; } = string.Empty;
+    public string Url { get; set; } = string.Empty;
+    public FeatureType FeatureType { get; set; }
+    public int OrderIndex { get; set; }
+    public string Icon { get; set; } = string.Empty;
+    public string NamePinyin { get; set; } = string.Empty;
+    /// <summary>
+    /// 是否折叠
+    /// </summary>
+    public bool? IsCollapse { get; set; }
+    /// <summary>
+    /// 是否在演示中显示
+    /// </summary>
+    public bool? IsShowYS { get; set; }
+    public string ParentCode { set; get; } = string.Empty;
+    public IEnumerable<FeatureTreeDto> Children { set; get; } = new List<FeatureTreeDto>();
+}
+
+public enum FeatureType
+{
+    /// <summary>
+    /// 隐藏
+    /// </summary>
+    Display = 0,
+    /// <summary>
+    /// 应用
+    /// </summary>
+    App = 1,
+    /// <summary>
+    /// 模块
+    /// </summary>
+    Module = 2,
+    /// <summary>
+    /// 菜单
+    /// </summary>
+    Menu = 3,
+    /// <summary>
+    /// 设置
+    /// </summary>
+    Setting = 4,
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetPermissionsByLonsidUserIdOutput.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetPermissionsByLonsidUserIdOutput.cs
@@ -0,0 +1,20 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+public class GetPermissionsByLonsidUserIdOutput
+{
+    /// <summary>
+    /// 用户id
+    /// </summary>
+    public Guid? LonsidUserId { set; get; }
+    /// <summary>
+    /// 授权权限集合
+    /// </summary>
+    public List<string> Permission { set; get; } = new();
+    /// <summary>
+    /// 用户角色
+    /// </summary>
+    public List<AssignedRoleDto> AssignedRoles { get; set; } = new();
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetUserFavoriteFeatureOutput.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetUserFavoriteFeatureOutput.cs
@@ -0,0 +1,15 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+public class GetUserFavoriteFeatureOutput
+{
+    public Guid Id { get; set; }
+    public Guid LonsidUserId { get; set; }
+    public long FeatureId { get; set; }
+    public string FeatureCode { get; set; } = string.Empty;
+    public string FeatureName { get; set; } = string.Empty;
+    public string Url { get; set; } = string.Empty;
+    public string Icon { get; set; } = string.Empty;
+}
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetUserInfoOutput.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Psso/GetUserInfoOutput.cs
@@ -0,0 +1,43 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Contracts.Admin.Psso;
+
+/// <summary>
+/// 获取用户信息
+/// </summary>
+public class GetUserInfoOutput
+{
+    public Guid Id { get; set; }
+    public Guid LonsidUserId { get; set; }
+    /// <summary>
+    /// 姓名
+    /// </summary>
+    public string Name { set; get; } = string.Empty;
+    /// <summary>
+    /// 租户ID
+    /// </summary>
+    public int? TenantId { set; get; }
+    /// <summary>
+    /// 部门ID
+    /// </summary>
+    public Guid? UnitId { set; get; }
+    /// <summary>
+    /// 经销公司ID
+    /// </summary>
+    public string CompanyId { set; get; } = string.Empty;
+    public string CompanyName { get; set; } = string.Empty;
+    public string SupplierId { get; set; } = string.Empty;
+    public string SupplierName { get; set; } = string.Empty;
+    public string DistributorId { get; set; } = string.Empty;
+    public string DistributorName { get; set; } = string.Empty;
+    public string DomainName { set; get; } = string.Empty;
+    public Guid? SystemUserId { get; set; }
+    public Guid? RegionId { get; set; }
+    public string RegionName { get; set; } = string.Empty;
+    public string RegionOwner { get; set; } = string.Empty;
+    public string ServiceCenterId { get; set; } = string.Empty;
+    public string ServiceCenterName { get; set; } = string.Empty;
+    public bool? IsPaymentYS { get; set; }
+    public bool? IsExclusiveStore { get; set; }
+}
diff --git a/src/Services/Masa.Auth.Service.Admin/Dockerfile b/src/Services/Masa.Auth.Service.Admin/Dockerfile
@@ -4,7 +4,7 @@ FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_sdk:6.0.403 AS publish
 WORKDIR /src
 COPY . .
 ENV CSPROJ="src/Services/Masa.Auth.Service.Admin/Masa.Auth.Service.Admin.csproj"
-RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://nuget.cdn.azure.cn/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
+RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://repo.huaweicloud.com/repository/nuget/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
 
 
 FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_aspnet:6.0.4

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/PssoService.cs b/src/Services/Masa.Auth.Service.Admin/Services/PssoService.cs
@@ -0,0 +1,98 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+using Masa.Auth.Contracts.Admin.Psso;
+
+namespace Masa.Auth.Service.Admin.Services;
+
+public class PssoService : ServiceBase
+{
+    IHttpContextAccessor _httpContextAccessor => GetRequiredService<IHttpContextAccessor>();
+    IHttpClientFactory _httpClientFactory => GetRequiredService<IHttpClientFactory>();
+    IMasaConfiguration _masaConfiguration => GetRequiredService<IMasaConfiguration>();
+
+    public PssoService() : base("api/psso")
+    {
+        RouteOptions.DisableAutoMapRoute = false;
+    }
+
+    private string? GetUserId()
+    {
+        var user = _httpContextAccessor?.HttpContext?.User;
+        var userId = user?.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?.Value;
+        return userId;
+    }
+
+    private string? GetUserType()
+    {
+        var user = _httpContextAccessor?.HttpContext?.User;
+        var userId = user?.FindFirst("http://Lonsid.org/identity/claims/userType")?.Value;
+        return userId;
+    }
+
+    private async Task<AbpApiResponse<TResult>> CheckConvertResult<TResult>(HttpResponseMessage response)
+    {
+        if (!response.IsSuccessStatusCode)
+        {
+            var errMsg = response.ReasonPhrase.IsNullOrEmpty() ? "Service call failed" : response.ReasonPhrase;
+            throw new UserFriendlyException(errMsg);
+        }
+
+        var result = await response.Content.ReadAsStringAsync();
+
+        if ((int)response.StatusCode == 299)
+        {
+            throw new UserFriendlyException(result);
+        }
+        var options = new JsonSerializerOptions
+        {
+            PropertyNameCaseInsensitive = true,
+            PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+            ReferenceHandler = ReferenceHandler.Preserve
+        };
+
+        return JsonSerializer.Deserialize<AbpApiResponse<TResult>>(result, options)!;
+    }
+
+    private HttpClient CreateClient()
+    {
+        var soaOptions = _masaConfiguration.ConfigurationApi.GetPublic().GetSection(SoaOptions.Key).Get<SoaOptions>();
+        var client = _httpClientFactory.CreateClient();
+        client.BaseAddress = new Uri(soaOptions.ServerUrl);
+        return client;
+    }
+
+    [AllowAnonymous]
+    public async Task<GetUserInfoOutput> GetUserInfoAsync()
+    {
+        var client = CreateClient();
+        var userId = GetUserId();
+        var userType = GetUserType();
+        var response = await client.GetAsync($"/api/pssom/lonsidUser/getUserInfo/{userId}?userType={userType}");
+        return (await CheckConvertResult<GetUserInfoOutput>(response)).Result!;
+    }
+
+    public async Task<GetPermissionsByLonsidUserIdOutput> GetPermissionsAsync()
+    {
+        var client = CreateClient();
+        var userId = GetUserId();
+        var response = await client.GetAsync($"/api/pssom/lonsidUser/getPermissions/{userId}");
+        return (await CheckConvertResult<GetPermissionsByLonsidUserIdOutput>(response)).Result!;
+    }
+
+    public async Task<List<FeatureTreeDto>> GetFeatureTreesByUserAsync(string moduleName)
+    {
+        var client = CreateClient();
+        var userId = GetUserId();
+        var response = await client.GetAsync($"/api/pssom/role/getFeatureTreesByUser/{userId}?moduleName={moduleName}");
+        return (await CheckConvertResult<List<FeatureTreeDto>>(response)).Result!;
+    }
+
+    public async Task<List<GetUserFavoriteFeatureOutput>> GetUserFavoriteFeatureAsync(string moduleName)
+    {
+        var client = CreateClient();
+        var userId = GetUserId();
+        var response = await client.GetAsync($"/api/pssom/role/getUserFavoriteFeature/{userId}?moduleName={moduleName}");
+        return (await CheckConvertResult<List<GetUserFavoriteFeatureOutput>>(response)).Result!;
+    }
+}
diff --git a/src/Web/Masa.Auth.Web.Admin.Server/Dockerfile b/src/Web/Masa.Auth.Web.Admin.Server/Dockerfile
@@ -16,7 +16,7 @@ FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_sdk:6.0.403 AS publish
 WORKDIR /src
 COPY . .
 ENV CSPROJ="src/Web/Masa.Auth.Web.Admin.Server/Masa.Auth.Web.Admin.Server.csproj"
-RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://nuget.cdn.azure.cn/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
+RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://repo.huaweicloud.com/repository/nuget/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
 
 FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_aspnet:6.0.4
 WORKDIR /app

diff --git a/src/Web/Masa.Auth.Web.Sso/Dockerfile b/src/Web/Masa.Auth.Web.Sso/Dockerfile
@@ -2,7 +2,7 @@ FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_sdk:6.0.403 AS publish
 WORKDIR /src
 COPY . .
 ENV CSPROJ="src/Web/Masa.Auth.Web.Sso/Masa.Auth.Web.Sso.csproj"
-RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://nuget.cdn.azure.cn/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
+RUN dotnet restore $CSPROJ -s "http://devops.lonsid.cn:8080/nuget;https://repo.huaweicloud.com/repository/nuget/v3/index.json" && dotnet publish $CSPROJ -c Release -o /app/publish
 
 FROM registry.cn-hangzhou.aliyuncs.com/masa/dotnet_aspnet:6.0.4
 WORKDIR /app

diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs
@@ -55,6 +55,20 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context)
             claims.Add(new Claim(IMPERSONATOR_USER_ID, cacheItem.ImpersonatorUserId.ToString()));
         }
 
+        var authUser = await _authClient.UserService.GetThirdPartyUserByUserIdAsync(new GetThirdPartyUserByUserIdModel
+        {
+            Scheme = "Psso",
+            UserId = cacheItem.TargetUserId
+        });
+
+        if (authUser != null)
+        {
+            foreach (var item in authUser.ClaimData)
+            {
+                claims.Add(new Claim(item.Key, item.Value));
+            }
+        }
+
         context.Result = new GrantValidationResult(cacheItem.TargetUserId.ToString(), "impersonation", claims);
     }
 }