feat: tenant门店管理首批接口落地

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Extensions/JwtAuthenticationExtensions.cs

@@ -0,0 +1,54 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using TakeoutSaaS.Infrastructure.Identity.Options;
+
+namespace TakeoutSaaS.Infrastructure.Identity.Extensions;
+
+/// <summary>
+/// JWT 认证扩展
+/// </summary>
+public static class JwtAuthenticationExtensions
+{
+    /// <summary>
+    /// 配置 JWT Bearer 认证
+    /// </summary>
+    public static IServiceCollection AddJwtAuthentication(this IServiceCollection services, IConfiguration configuration)
+    {
+        var jwtOptions = configuration.GetSection("Identity:Jwt").Get<JwtOptions>()
+                         ?? throw new InvalidOperationException("缺少 Identity:Jwt 配置");
+
+        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+        JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
+
+        services
+            .AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+            })
+            .AddJwtBearer(options =>
+            {
+                options.RequireHttpsMetadata = false;
+                options.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidateIssuer = true,
+                    ValidIssuer = jwtOptions.Issuer,
+                    ValidateAudience = true,
+                    ValidAudience = jwtOptions.Audience,
+                    ValidateIssuerSigningKey = true,
+                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.Secret)),
+                    ValidateLifetime = true,
+                    ClockSkew = TimeSpan.FromMinutes(1),
+                    NameClaimType = ClaimTypes.NameIdentifier,
+                    RoleClaimType = ClaimTypes.Role
+                };
+            });
+
+        return services;
+    }
+}

src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Options/JwtOptions.cs

@@ -0,0 +1,40 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace TakeoutSaaS.Infrastructure.Identity.Options;
+
+/// <summary>
+/// JWT 配置选项。
+/// </summary>
+public sealed class JwtOptions
+{
+    /// <summary>
+    /// 令牌颁发者（Issuer）。
+    /// </summary>
+    [Required]
+    public string Issuer { get; set; } = string.Empty;
+
+    /// <summary>
+    /// 令牌受众（Audience）。
+    /// </summary>
+    [Required]
+    public string Audience { get; set; } = string.Empty;
+
+    /// <summary>
+    /// JWT 签名密钥（至少 32 个字符）。
+    /// </summary>
+    [Required]
+    [MinLength(32)]
+    public string Secret { get; set; } = string.Empty;
+
+    /// <summary>
+    /// 访问令牌过期时间（分钟），范围：5-1440。
+    /// </summary>
+    [Range(5, 1440)]
+    public int AccessTokenExpirationMinutes { get; set; } = 60;
+
+    /// <summary>
+    /// 刷新令牌过期时间（分钟），范围：60-20160（14天）。
+    /// </summary>
+    [Range(60, 1440 * 14)]
+    public int RefreshTokenExpirationMinutes { get; set; } = 60 * 24 * 7;
+}