mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-10-30 18:22:29 -04:00
89 lines
3.5 KiB
C#
89 lines
3.5 KiB
C#
using System;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using API.Constants;
|
|
using API.Data;
|
|
using API.Entities;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace API.Extensions;
|
|
#nullable enable
|
|
|
|
public static class IdentityServiceExtensions
|
|
{
|
|
public static IServiceCollection AddIdentityServices(this IServiceCollection services, IConfiguration config)
|
|
{
|
|
services.Configure<IdentityOptions>(options =>
|
|
{
|
|
options.User.AllowedUserNameCharacters =
|
|
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+/";
|
|
});
|
|
|
|
services.AddIdentityCore<AppUser>(opt =>
|
|
{
|
|
opt.Password.RequireNonAlphanumeric = false;
|
|
opt.Password.RequireDigit = false;
|
|
opt.Password.RequireDigit = false;
|
|
opt.Password.RequireLowercase = false;
|
|
opt.Password.RequireUppercase = false;
|
|
opt.Password.RequireNonAlphanumeric = false;
|
|
opt.Password.RequiredLength = 6;
|
|
|
|
opt.SignIn.RequireConfirmedEmail = false;
|
|
|
|
opt.Lockout.AllowedForNewUsers = true;
|
|
opt.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(10);
|
|
opt.Lockout.MaxFailedAccessAttempts = 5;
|
|
|
|
})
|
|
.AddTokenProvider<DataProtectorTokenProvider<AppUser>>(TokenOptions.DefaultProvider)
|
|
.AddRoles<AppRole>()
|
|
.AddRoleManager<RoleManager<AppRole>>()
|
|
.AddSignInManager<SignInManager<AppUser>>()
|
|
.AddRoleValidator<RoleValidator<AppRole>>()
|
|
.AddEntityFrameworkStores<DataContext>();
|
|
|
|
|
|
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.TokenValidationParameters = new TokenValidationParameters()
|
|
{
|
|
ValidateIssuerSigningKey = true,
|
|
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"]!)),
|
|
ValidateIssuer = false,
|
|
ValidateAudience = false,
|
|
ValidIssuer = "Kavita"
|
|
};
|
|
|
|
options.Events = new JwtBearerEvents()
|
|
{
|
|
OnMessageReceived = context =>
|
|
{
|
|
var accessToken = context.Request.Query["access_token"];
|
|
var path = context.HttpContext.Request.Path;
|
|
// Only use query string based token on SignalR hubs
|
|
if (!string.IsNullOrEmpty(accessToken) && path.StartsWithSegments("/hubs"))
|
|
{
|
|
context.Token = accessToken;
|
|
}
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
});
|
|
services.AddAuthorization(opt =>
|
|
{
|
|
opt.AddPolicy("RequireAdminRole", policy => policy.RequireRole(PolicyConstants.AdminRole));
|
|
opt.AddPolicy("RequireDownloadRole", policy => policy.RequireRole(PolicyConstants.DownloadRole, PolicyConstants.AdminRole));
|
|
opt.AddPolicy("RequireChangePasswordRole", policy => policy.RequireRole(PolicyConstants.ChangePasswordRole, PolicyConstants.AdminRole));
|
|
});
|
|
|
|
return services;
|
|
}
|
|
}
|