Fengwo
/
hotline


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							using System.Security.Claims;
using Hotline.Identity.Accounts;
using Hotline.Settings;
using Hotline.Share.Dtos.Identity;
using Hotline.Share.Enums.Identity;
using Hotline.Users;
using IdentityModel;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using XF.Domain.Authentications;
using XF.Domain.Dependency;
using XF.Domain.Exceptions;
using XF.Domain.Options;
using XF.Domain.Repository;

namespace Hotline.Application.Identity;

public class IdentityAppService : IIdentityAppService, IScopeDependency
{
    private readonly IAccountRepository _accountRepository;
    private readonly IAccountDomainService _accountDomainService;
    private readonly IRepository<User> _userRepository;
    private readonly IJwtSecurity _jwtSecurity;
    private readonly IOptionsSnapshot<IdentityConfiguration> _identityOptionsAccessor;

    public IdentityAppService(
        IAccountRepository accountRepository,
        IAccountDomainService accountDomainService,
        IRepository<User> userRepository,
        IJwtSecurity jwtSecurity,
        IOptionsSnapshot<IdentityConfiguration> identityOptionsAccessor)
    {
        _accountRepository = accountRepository;
        _accountDomainService = accountDomainService;
        _userRepository = userRepository;
        _jwtSecurity = jwtSecurity;
        _identityOptionsAccessor = identityOptionsAccessor;
    }

    public async Task<string> LoginAsync(LoginDto dto, CancellationToken cancellationToken)
    {
        var account = await _accountRepository.GetExtAsync(
            d => d.UserName == dto.Username,
            d => d.Includes(x => x.Roles));
        if (account == null)
            throw UserFriendlyException.SameMessage("用户名或密码错误！");

        if (account.Status != EAccountStatus.Normal)
            throw UserFriendlyException.SameMessage("用户名或密码错误！");

        if (account.LockoutEnabled && account.LockoutEnd >= DateTime.Now)
            throw UserFriendlyException.SameMessage("账号被锁定！");

        var verifyResult = _accountDomainService.VerifyPassword(account, dto.Password);
        if (verifyResult == PasswordVerificationResult.Failed)
        {
            var lockoutOptions = _identityOptionsAccessor.Value.Lockout;
            account.AccessFailedCount += 1;
            if (account.LockoutEnabled && account.AccessFailedCount >= lockoutOptions.MaxFailedAccessAttempts)
                account.LockoutEnd = DateTime.Now.Add(lockoutOptions.DefaultLockoutTimeSpan);
            await _accountRepository.UpdateAsync(account, cancellationToken);
            throw UserFriendlyException.SameMessage("账号名或密码错误！");
        }

        if (account.LockoutEnd.HasValue || account.AccessFailedCount > 0)
        {
            account.LockoutEnd = null;
            account.AccessFailedCount = 0;
            await _accountRepository.UpdateAsync(account, cancellationToken);
        }

        var user = await _userRepository.Queryable()
            .Includes(d => d.Organization)
            .FirstAsync(d => d.Id == account.Id);
        if (user == null)
            throw UserFriendlyException.SameMessage("未查询到用户数据");

        var jwtOptions = _identityOptionsAccessor.Value.Jwt;
        var claims = new List<Claim>
        {
            //new(JwtClaimTypes.Id, account.Id),
            new(JwtClaimTypes.Subject, account.Id),
            new(JwtClaimTypes.PhoneNumber, account.PhoneNo ?? string.Empty),
            new(AppClaimTypes.UserDisplayName, account.Name),
            new(JwtClaimTypes.Scope, jwtOptions.Scope),
            new(AppClaimTypes.UserPasswordChanged, account.PasswordChanged.ToString()),
            new(AppClaimTypes.StaffNo, user.StaffNo ?? string.Empty),
        };
        if (!string.IsNullOrEmpty(user.OrgId) && user.Organization is not null)
        {
            claims.AddRange(
                new List<Claim>
                {
                    new(AppClaimTypes.DepartmentId, user.OrgId ?? string.Empty),
                    new(AppClaimTypes.DepartmentIsCenter, user.Organization?.IsCenter.ToString()),
                    new(AppClaimTypes.DepartmentName, user.Organization?.Name ?? string.Empty),
                    new(AppClaimTypes.DepartmentAreaCode, user.Organization?.AreaCode ?? string.Empty),
                    new(AppClaimTypes.DepartmentAreaName, user.Organization?.AreaName ?? string.Empty),
                    new(AppClaimTypes.DepartmentLevel, user.Organization?.Level.ToString() ?? string.Empty),
                    new(AppClaimTypes.AreaId, user.OrgId?.GetHigherOrgCode() ?? string.Empty),
                }
            );
        }
        claims.AddRange(account.Roles.Select(d => new Claim(JwtClaimTypes.Role, d.Name)));
        var token = _jwtSecurity.EncodeJwtToken(claims);
        return token;
    }
}