实现基于策略的授权和相关服务注册

在 `BaseController.cs` 中，添加了 `[Authorize(Policy = AppDefaults.AuthPolicy.Hotline)]` 属性以启用基于策略的授权，并移除了注释掉的 `[LogFilter]`。

在 `StartupExtensions.cs` 中，添加了授权相关的服务注册，包括 `IAuthorizationPolicyProvider` 和 `IAuthorizationHandler` 的单例服务，以及调用 `RegisterAuthorization` 方法来注册授权策略。

在 `StartupHelper.cs` 中，新增了 `RegisterAuthorization` 扩展方法，用于注册授权策略，特别是添加了一个名为 `AppDefaults.AuthPolicy.Hotline` 的策略，该策略要求存在 `scope` 声明。

在 `IdentityAppService.cs` 中，修改了 JWT 令牌中的 `Scope` 声明，从 `jwtOptions.Scope` 改为 `account.Scope`，并注释掉了原来的 `jwtOptions.Scope`。

在 `AppDefaults.cs` 中，新增了 `AuthPolicy` 类，并在其中定义了 `Hotline` 常量。

在 `Account.cs` 中，新增了 `Scope` 属性，并设置默认值为 `hotline_api`。

src/Hotline.Api/Controllers/BaseController.cs

@@ -2,13 +2,14 @@
 using Microsoft.AspNetCore.Mvc;
 using MiniExcelLibs;
 using System.IO;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Hotline.Api.Controllers;
 
 [ApiController]
 [Produces("application/json")]
 [Route("api/v1/[controller]")]
-//[LogFilter]
+[Authorize(Policy = AppDefaults.AuthPolicy.Hotline)]
 public class BaseController : ControllerBase
 {
     protected FileStreamResult ExcelStreamResult(Stream stream, string fileName = null)

src/Hotline.Api/StartupExtensions.cs

@@ -208,7 +208,10 @@ internal static class StartupExtensions
         //compression
         services.RegisterCompression();
 
+        //authorization
         services.AddSingleton<IAuthorizationPolicyProvider, AuthorizationPolicyProvider>();
+        services.RegisterAuthorization(configuration);
+
         services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
         services.AddScoped<ExpireTimeFactory>();
         services.AddScoped<IExpireTimeSupplier, DaySupplier>();

src/Hotline.Api/StartupHelper.cs

@@ -126,6 +126,15 @@ namespace Hotline.Api
             return services;
         }
 
+        public static IServiceCollection RegisterAuthorization(this IServiceCollection services, ConfigurationManager configuration)
+        {
+            services.AddAuthorization(options =>
+            {
+                options.AddPolicy(AppDefaults.AuthPolicy.Hotline, d => d.RequireClaim("scope", AppDefaults.AuthPolicy.Hotline));
+            });
+            return services;
+        }
+
         /// <summary>
         /// Swagger
         /// </summary>

src/Hotline.Application/Identity/IdentityAppService.cs

@@ -128,7 +128,8 @@ public class IdentityAppService : IIdentityAppService, IScopeDependency
             new(JwtClaimTypes.Subject, account.Id),
             new(JwtClaimTypes.PhoneNumber, account.PhoneNo ?? string.Empty),
             new(AppClaimTypes.UserDisplayName, account.Name),
-            new(JwtClaimTypes.Scope, jwtOptions.Scope),
+            //new(JwtClaimTypes.Scope, jwtOptions.Scope),
+            new(JwtClaimTypes.Scope, account.Scope),
             new(AppClaimTypes.UserPasswordChanged, account.PasswordChanged.ToString()),
             new(AppClaimTypes.StaffNo, user.StaffNo ?? string.Empty),
         };
@@ -247,7 +248,8 @@ public class IdentityAppService : IIdentityAppService, IScopeDependency
             new(JwtClaimTypes.Subject, account.Id),
             new(JwtClaimTypes.PhoneNumber, account.PhoneNo ?? string.Empty),
             new(AppClaimTypes.UserDisplayName, account.Name),
-            new(JwtClaimTypes.Scope, jwtOptions.Scope),
+            //new(JwtClaimTypes.Scope, jwtOptions.Scope),
+            new(JwtClaimTypes.Scope, account.Scope),
             new(AppClaimTypes.UserPasswordChanged, account.PasswordChanged.ToString()),
             new(AppClaimTypes.StaffNo, user.StaffNo ?? string.Empty),
         };
@@ -343,7 +345,7 @@ public class IdentityAppService : IIdentityAppService, IScopeDependency
         {
             new(JwtClaimTypes.Subject, thirdAccount.Id),
             new(JwtClaimTypes.PhoneNumber, thirdAccount.PhoneNumber ?? string.Empty),
-            new(JwtClaimTypes.Scope, jwtOptions.Scope),
+            new(JwtClaimTypes.Scope, jwtOptions.Scope),//todo 三方账号的scope
             new(AppClaimTypes.OpenId, thirdAccount.OpenId),
         };
         claims = await _thirdAccountDomainFactory.GetClaimAsync(thirdAccount, claims, cancel);

src/Hotline/AppDefaults.cs

@@ -34,5 +34,10 @@ namespace Hotline
             public const string ZiGong = "ZiGong";
             public const string LuZhou = "LuZhou";
         }
+
+        public class AuthPolicy
+        {
+            public const string Hotline = "hotline_api";
+        }
     }
 }

src/Hotline/Identity/Accounts/Account.cs

@@ -65,6 +65,9 @@ namespace Hotline.Identity.Accounts
         /// </summary>
         public EAccountType AccountType { get; set; } = EAccountType.Personal;
 
+        [SugarColumn(DefaultValue = "hotline_api")]
+        public string Scope { get; set; }
+
         [Navigate(typeof(AccountRole), nameof(AccountRole.AccountId), nameof(AccountRole.RoleId))]
         public List<Role> Roles { get; set; }