using System.Security.Claims; using Fw.Utility.UnifyResponse; using Hotline.Caching.Interfaces; using Hotline.Caching.Services; using Hotline.Identity; using Hotline.Identity.Accounts; using Hotline.Orders; using Hotline.Push; using Hotline.Schedulings; using Hotline.SeedData; using Hotline.Settings; using Hotline.Share.Dtos.FlowEngine; using Hotline.Share.Dtos.Identity; using Hotline.Share.Dtos.Snapshot; using Hotline.Share.Enums.FlowEngine; using Hotline.Share.Enums.Identity; using Hotline.Share.Enums.Snapshot; using Hotline.Share.Enums.User; using Hotline.Share.Tools; using Hotline.Snapshot; using Hotline.Snapshot.Interfaces; using Hotline.Users; using IdentityModel; using Mapster; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; using SqlSugar; using XF.Domain.Authentications; using XF.Domain.Cache; using XF.Domain.Dependency; using XF.Domain.Exceptions; using XF.Domain.Options; using XF.Domain.Repository; namespace Hotline.Application.Identity; public class IdentityAppService : IIdentityAppService, IScopeDependency { private readonly IAccountRepository _accountRepository; private readonly IRepository _citizenRepository; private readonly ISessionContext _sessionContext; private readonly IAccountDomainService _accountDomainService; private readonly IRepository _userRepository; private readonly IJwtSecurity _jwtSecurity; private readonly IOptionsSnapshot _identityOptionsAccessor; private readonly ITypedCache _cacheAudience; private readonly IMessageCodeDomainService _messageCodeDomainService; private readonly IRepository _schedulingRepository; private readonly IOrderDomainService _orderDomainService; private readonly ISystemSettingCacheManager _systemSettingCacheManager; private readonly IThirdIdentiyService _thirdIdentiyService; private readonly IThirdAccountRepository _thirdAccountRepository; private readonly IGuiderInfoRepository _guiderInfoRepository; private readonly IVolunteerRepository _volunteerRepository; private readonly ISystemLogRepository _systemLog; public IdentityAppService( IAccountRepository accountRepository, IAccountDomainService accountDomainService, IRepository userRepository, IJwtSecurity jwtSecurity, IOptionsSnapshot identityOptionsAccessor, ITypedCache cacheAudience, IMessageCodeDomainService messageCodeDomainService, IRepository schedulingRepository, IOrderDomainService orderDomainService, ISystemSettingCacheManager systemSettingCacheManager, IThirdIdentiyService thirdIdentiyService, IThirdAccountRepository thirdAccountRepository, ISessionContext sessionContext, IRepository citizenRepository, IGuiderInfoRepository guiderInfoRepository, IVolunteerRepository volunteerRepository, ISystemLogRepository systemLog) { _accountRepository = accountRepository; _accountDomainService = accountDomainService; _userRepository = userRepository; _jwtSecurity = jwtSecurity; _identityOptionsAccessor = identityOptionsAccessor; _cacheAudience = cacheAudience; _messageCodeDomainService = messageCodeDomainService; _schedulingRepository = schedulingRepository; _orderDomainService = orderDomainService; _systemSettingCacheManager = systemSettingCacheManager; _thirdIdentiyService = thirdIdentiyService; _thirdAccountRepository = thirdAccountRepository; _sessionContext = sessionContext; _citizenRepository = citizenRepository; _guiderInfoRepository = guiderInfoRepository; _volunteerRepository = volunteerRepository; _systemLog = systemLog; } public async Task OldToNewLoginAsync(HotlineLoginOldToNewDto dto, CancellationToken cancellationToken) { var account = await _accountRepository.GetExtAsync( d => d.UserName == dto.UserName, d => d.Includes(x => x.Roles)); if (account is null) throw UserFriendlyException.SameMessage("未找到帐号，请联系管理员查看"); if (account.Status != EAccountStatus.Normal) throw UserFriendlyException.SameMessage("帐号已被注销，请联系管理员查看"); if (account.LockoutEnabled && account.LockoutEnd >= DateTime.Now) throw UserFriendlyException.SameMessage("账号被锁定！请联系管理员查看"); var userInfo = await _userRepository.GetAsync(p => p.Id == account.Id, cancellationToken); //限制系统类型账户频繁获取token的行为 //todo if (account.LockoutEnd.HasValue || account.AccessFailedCount > 0) { account.LockoutEnd = null; account.AccessFailedCount = 0; await _accountRepository.UpdateAsync(account, cancellationToken); } var user = await _userRepository.Queryable() .Includes(d => d.Organization) .FirstAsync(d => d.Id == account.Id); //平均派单 var averageSendOrder = bool.Parse(_systemSettingCacheManager.GetSetting(SettingConstants.AverageSendOrder).SettingValue[0]); if (averageSendOrder) { await AverageOrderScheduling(account.Id, cancellationToken); } var jwtOptions = _identityOptionsAccessor.Value.Jwt; var claims = new List { //new(JwtClaimTypes.Id, account.Id), new(JwtClaimTypes.Subject, account.Id), new(JwtClaimTypes.PhoneNumber, account.PhoneNo ?? string.Empty), new(AppClaimTypes.UserDisplayName, account.Name), new(JwtClaimTypes.Scope, jwtOptions.Scope), new(AppClaimTypes.UserPasswordChanged, account.PasswordChanged.ToString()), new(AppClaimTypes.StaffNo, user.StaffNo ?? string.Empty), }; if (!string.IsNullOrEmpty(user.OrgId) && user.Organization is not null) { claims.AddRange( new List { new(AppClaimTypes.DepartmentId, user.OrgId ?? string.Empty), new(AppClaimTypes.DepartmentIsCenter, user.Organization?.IsCenter.ToString()), new(AppClaimTypes.DepartmentName, user.Organization?.Name ?? string.Empty), new(AppClaimTypes.DepartmentAreaCode, user.Organization?.AreaCode ?? string.Empty), new(AppClaimTypes.DepartmentAreaName, user.Organization?.AreaName ?? string.Empty), new(AppClaimTypes.DepartmentLevel, user.Organization?.Level.ToString() ?? string.Empty), new(AppClaimTypes.AreaId, user.OrgId?.GetHigherOrgId() ?? string.Empty), } ); } claims.AddRange(account.Roles.Select(d => new Claim(JwtClaimTypes.Role, d.Name))); var audience = new AudienceTicket(account.Id); var expiredSeconds = jwtOptions.Expired <= 0 ? 3600 : jwtOptions.Expired; await _cacheAudience.SetAsync(audience.Id, audience, TimeSpan.FromSeconds(expiredSeconds), cancellationToken); var token = _jwtSecurity.EncodeJwtToken(claims, audience.Ticket); return token; } public async Task<(bool,bool, User)> IsCheckAdmin(string userName) { var isAdmin = false; var isCenter = false; var account = await _accountRepository.GetExtAsync( d => d.UserName == userName, d => d.Includes(x => x.Roles) ); if (account is null) throw UserFriendlyException.SameMessage("未找到帐号，请联系管理员查看"); if (account.Status != EAccountStatus.Normal) throw UserFriendlyException.SameMessage("帐号已被注销，请联系管理员查看"); if (account.LockoutEnabled && account.LockoutEnd >= DateTime.Now) throw UserFriendlyException.SameMessage("账号被锁定！请联系管理员查看"); var user = await _userRepository.Queryable() .Includes(d => d.Organization) .Includes(d => d.Roles) .FirstAsync(d => d.Id == account.Id); var systemAdministrator = _systemSettingCacheManager.GetSetting(SettingConstants.SystemAdministrator)?.SettingValue[0]; if (!string.IsNullOrEmpty(systemAdministrator) && (user.Roles.Any(x=>x.Name.Contains(systemAdministrator)) || user.Roles.Any(x=>x.Name.Contains(RoleSeedData.AdminRole)))) isAdmin = true; else isAdmin = false; isCenter = user.Organization.IsCenter; return (isAdmin, isCenter,user); } public async Task LoginAsync(LoginDto dto, CancellationToken cancellationToken) { var account = await _accountRepository.GetExtAsync( d => d.UserName == dto.Username, d => d.Includes(x => x.Roles)); if (account == null) throw new UserFriendlyException($"用户名或密码错误！{System.Text.Json.JsonSerializer.Serialize(dto)}", "用户名或密码错误！"); var userInfo = await _userRepository.GetAsync(p => p.Id == account.Id, cancellationToken); //校验验证码 await _messageCodeDomainService.CheckdCode(account.UserName, userInfo.PhoneNo, dto.MsgCode, cancellationToken); if (account.Status != EAccountStatus.Normal) throw UserFriendlyException.SameMessage("用户名或密码错误！"); if (account.LockoutEnabled && account.LockoutEnd >= DateTime.Now) throw UserFriendlyException.SameMessage("账号被锁定！"); var verifyResult = _accountDomainService.VerifyPassword(account, dto.Password); if (verifyResult == PasswordVerificationResult.Failed) { var lockoutOptions = _identityOptionsAccessor.Value.Lockout; account.AccessFailedCount += 1; if (account.LockoutEnabled && account.AccessFailedCount >= lockoutOptions.MaxFailedAccessAttempts) account.LockoutEnd = DateTime.Now.Add(lockoutOptions.DefaultLockoutTimeSpan); await _accountRepository.UpdateAsync(account, cancellationToken); throw new UserFriendlyException($"用户名或密码错误！{System.Text.Json.JsonSerializer.Serialize(dto)}", "用户名或密码错误！"); } //限制系统类型账户频繁获取token的行为 //todo if (account.LockoutEnd.HasValue || account.AccessFailedCount > 0) { account.LockoutEnd = null; account.AccessFailedCount = 0; await _accountRepository.UpdateAsync(account, cancellationToken); } var user = await _userRepository.Queryable() .Includes(d => d.Organization) .FirstAsync(d => d.Id == account.Id); if (user == null) throw UserFriendlyException.SameMessage("未查询到用户数据"); //平均派单 var averageSendOrder = bool.Parse(_systemSettingCacheManager.GetSetting(SettingConstants.AverageSendOrder).SettingValue[0]); if (averageSendOrder) { await AverageOrderScheduling(account.Id, cancellationToken); } var jwtOptions = _identityOptionsAccessor.Value.Jwt; var claims = new List { //new(JwtClaimTypes.Id, account.Id), new(JwtClaimTypes.Subject, account.Id), new(JwtClaimTypes.PhoneNumber, account.PhoneNo ?? string.Empty), new(AppClaimTypes.UserDisplayName, account.Name), new(JwtClaimTypes.Scope, jwtOptions.Scope), new(AppClaimTypes.UserPasswordChanged, account.PasswordChanged.ToString()), new(AppClaimTypes.StaffNo, user.StaffNo ?? string.Empty), }; if (!string.IsNullOrEmpty(user.OrgId) && user.Organization is not null) { claims.AddRange( new List { new(AppClaimTypes.DepartmentId, user.OrgId ?? string.Empty), new(AppClaimTypes.DepartmentIsCenter, user.Organization?.IsCenter.ToString()), new(AppClaimTypes.DepartmentName, user.Organization?.Name ?? string.Empty), new(AppClaimTypes.DepartmentAreaCode, user.Organization?.AreaCode ?? string.Empty), new(AppClaimTypes.DepartmentAreaName, user.Organization?.AreaName ?? string.Empty), new(AppClaimTypes.DepartmentLevel, user.Organization?.Level.ToString() ?? string.Empty), new(AppClaimTypes.AreaId, user.OrgId?.GetHigherOrgId() ?? string.Empty), } ); } claims.AddRange(account.Roles.Select(d => new Claim(JwtClaimTypes.Role, d.Name))); var audience = new AudienceTicket(account.Id); var expiredSeconds = jwtOptions.Expired <= 0 ? 3600 : jwtOptions.Expired; await _cacheAudience.SetAsync(audience.Id, audience, TimeSpan.FromSeconds(expiredSeconds), cancellationToken); var token = _jwtSecurity.EncodeJwtToken(claims, audience.Ticket); return token; } public async Task AverageOrderScheduling(string id, CancellationToken cancellationToken) { try { DateTime time = DateTime.Parse(DateTime.Now.ToString("yyyy-MM-dd")); //&& x.AtWork!.Value != true //根据当前时间获取排班信息 var scheduling = await _schedulingRepository.Queryable() .Includes(x => x.SchedulingUser) .Where(x => x.SchedulingTime == time && //(x.AtWork == true || x.AtWork == null) && x.SchedulingUser.UserId == id) .OrderBy(x => x.SendOrderNum).FirstAsync(cancellationToken); if (scheduling != null && (!scheduling.AtWork.HasValue || scheduling.AtWork == false)) { scheduling.AtWork = true; //执行登录平均派单 await _orderDomainService.LogAverageOrder(id, scheduling, cancellationToken); } } catch { // ignored } } ///

/// 获取三方令牌 ///

/// /// /// public async Task GetThredTokenAsync(ThirdTokenInDto dto) { var thirdDto = dto.Adapt(); if (dto.ThirdType == EThirdType.WeChat) { thirdDto.AppId = _systemSettingCacheManager.WxOpenAppId; thirdDto.Secret = _systemSettingCacheManager.WxOpenAppSecret; } var thirdToken = await _thirdIdentiyService.GetTokenAsync(thirdDto); var phone = await _thirdIdentiyService.GetPhoneNumberAsync(thirdDto); var thirdAccount = await _thirdAccountRepository.GetByOpenIdAsync(thirdToken.OpenId); // 新用户注册 if (thirdAccount is null) { thirdAccount = thirdToken.Adapt(); thirdAccount.CitizenType = EReadPackUserType.Citizen; thirdAccount.PhoneNumber = phone.PhoneNumber; var guider = await _guiderInfoRepository.GetByPhoneNumberAsync(phone.PhoneNumber); if (guider != null) { thirdAccount.CitizenType = EReadPackUserType.Guider; thirdAccount.UserId = guider.Id; } else { var citizen = await _citizenRepository.Queryable().Where(m => m.PhoneNumber == phone.PhoneNumber).FirstAsync(); thirdAccount.UserId = citizen?.Id; } thirdAccount.Id = await _thirdAccountRepository.AddAsync(thirdAccount); } return await GetJwtToken(thirdAccount); } public async Task RefreshTokenAsync(string openId) { var thirdAccount = await _thirdAccountRepository.GetByOpenIdAsync(openId) ?? throw UserFriendlyException.SameMessage("未找到用户信息"); return await GetJwtToken(thirdAccount); } private async Task GetJwtToken(ThirdAccount thirdAccount) { var jwtOptions = _identityOptionsAccessor.Value.Jwt; var claims = new List { new(JwtClaimTypes.Subject, thirdAccount.Id), new(JwtClaimTypes.PhoneNumber, thirdAccount.PhoneNumber ?? string.Empty), new(JwtClaimTypes.Scope, jwtOptions.Scope), new(AppClaimTypes.OpenId, thirdAccount.OpenId), }; var audience = new AudienceTicket(thirdAccount.Id); var expiredSeconds = jwtOptions.Expired <= 0 ? 3600 : jwtOptions.Expired; await _cacheAudience.SetAsync(audience.Id, audience, TimeSpan.FromSeconds(expiredSeconds)); var token = _jwtSecurity.EncodeJwtToken(claims, audience.Ticket); var isVolunteer = await _volunteerRepository.IsVolunteerAsync(thirdAccount.PhoneNumber); return new TokenOutDto() { UserType = thirdAccount.CitizenType, Token = token, IsVolunteer = isVolunteer, OpenId = thirdAccount.OpenId, PhoneNumber = thirdAccount.PhoneNumber, InvitationCode = thirdAccount.InvitationCode, UserName = thirdAccount.UserName }; } }