chore: 同步当前开发内容

2025-11-23 01:25:20 +08:00
parent ddf584f212
commit 1169e1f220
58 changed files with 1886 additions and 82 deletions
--- a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Services/JwtTokenService.cs
+++ b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Services/JwtTokenService.cs
@@ -0,0 +1,93 @@
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Infrastructure.Identity.Options;
+
+namespace TakeoutSaaS.Infrastructure.Identity.Services;
+
+/// <summary>
+/// JWT 令牌生成器。
+/// </summary>
+public sealed class JwtTokenService : IJwtTokenService
+{
+    private readonly JwtSecurityTokenHandler _tokenHandler = new();
+    private readonly IRefreshTokenStore _refreshTokenStore;
+    private readonly JwtOptions _options;
+
+    public JwtTokenService(IRefreshTokenStore refreshTokenStore, IOptions<JwtOptions> options)
+    {
+        _refreshTokenStore = refreshTokenStore;
+        _options = options.Value;
+    }
+
+    public async Task<TokenResponse> CreateTokensAsync(CurrentUserProfile profile, bool isNewUser = false, CancellationToken cancellationToken = default)
+    {
+        var now = DateTime.UtcNow;
+        var accessExpires = now.AddMinutes(_options.AccessTokenExpirationMinutes);
+        var refreshExpires = now.AddMinutes(_options.RefreshTokenExpirationMinutes);
+
+        var claims = BuildClaims(profile);
+        var signingCredentials = new SigningCredentials(
+            new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Secret)),
+            SecurityAlgorithms.HmacSha256);
+
+        var jwt = new JwtSecurityToken(
+            issuer: _options.Issuer,
+            audience: _options.Audience,
+            claims: claims,
+            notBefore: now,
+            expires: accessExpires,
+            signingCredentials: signingCredentials);
+
+        var accessToken = _tokenHandler.WriteToken(jwt);
+        var refreshDescriptor = await _refreshTokenStore.IssueAsync(profile.UserId, refreshExpires, cancellationToken);
+
+        return new TokenResponse
+        {
+            AccessToken = accessToken,
+            AccessTokenExpiresAt = accessExpires,
+            RefreshToken = refreshDescriptor.Token,
+            RefreshTokenExpiresAt = refreshDescriptor.ExpiresAt,
+            User = profile,
+            IsNewUser = isNewUser
+        };
+    }
+
+    private static IEnumerable<Claim> BuildClaims(CurrentUserProfile profile)
+    {
+        var userId = profile.UserId.ToString();
+        var claims = new List<Claim>
+        {
+            new(JwtRegisteredClaimNames.Sub, userId),
+            new(ClaimTypes.NameIdentifier, userId),
+            new(JwtRegisteredClaimNames.UniqueName, profile.Account),
+            new("tenant_id", profile.TenantId.ToString()),
+            new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
+        };
+
+        if (profile.MerchantId.HasValue)
+        {
+            claims.Add(new Claim("merchant_id", profile.MerchantId.Value.ToString()));
+        }
+
+        foreach (var role in profile.Roles)
+        {
+            claims.Add(new Claim(ClaimTypes.Role, role));
+        }
+
+        foreach (var permission in profile.Permissions)
+        {
+            claims.Add(new Claim("permission", permission));
+        }
+
+        return claims;
+    }
+}