feat: 实现“Token过期时间”、“RefreshToken过期时间”参数控制

Admin.NET/Admin.NET.Application/Configuration/JWT.json

@@ -9,11 +9,7 @@
         "ValidateAudience": true, // 是否验证签收方，bool 类型，默认true
         "ValidAudience": "Admin.NET", // 签收方，string 类型
         "ValidateLifetime": true, // 是否验证过期时间，bool 类型，默认true，建议true
-        "ExpiredTime": 10080, // 过期时间，long 类型，单位分钟，默认20分钟
         "ClockSkew": 5, // 过期时间容错值，long 类型，单位秒，默认5秒
         "Algorithm": "HS256" // 加密算法，string 类型，默认 HS256
-    },
-    "RefreshToken": {
-        "ExpiredTime": 20160 // 过期时间单位分钟（一般 refresh_token 的有效时间 > 2 * access_token 的有效时间）
     }
 }

Admin.NET/Admin.NET.Core/Const/CommonConst.cs

@@ -42,6 +42,11 @@ public class CommonConst
     public const string SysTokenExpire = "sys_token_expire";
 
     /// <summary>
+    /// RefreshToken过期时间
+    /// </summary>
+    public const string SysRefreshTokenExpire = "sys_refresh_token_expire";
+
+    /// <summary>
     /// 单用户登录
     /// </summary>
     public const string SysSingleLogin = "sys_single_login";

Admin.NET/Admin.NET.Core/Option/RefreshTokenOptions.cs

@@ -1,12 +0,0 @@
-namespace Admin.NET.Core;
-
-/// <summary>
-/// 刷新Token配置选项
-/// </summary>
-public sealed class RefreshTokenOptions : IConfigurableOptions
-{
-    /// <summary>
-    /// 令牌过期时间(分钟) 默认2天
-    /// </summary>
-    public int ExpiredTime { get; set; }
-}

Admin.NET/Admin.NET.Core/SeedData/SysConfigSeedData.cs

@@ -22,6 +22,7 @@ public class SysConfigSeedData : ISqlSugarEntitySeedData<SysConfig>
             new SysConfig{ Id=1300000000106, Name="登录二次验证", Code="sys_second_ver", Value="True", SysFlag=YesNoEnum.Y, Remark="登录二次验证", OrderNo=6, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
             new SysConfig{ Id=1300000000107, Name="开启图形验证码", Code="sys_captcha", Value="False", SysFlag=YesNoEnum.Y, Remark="开启图形验证码", OrderNo=7, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
             new SysConfig{ Id=1300000000108, Name="开启水印", Code="sys_watermark", Value="True", SysFlag=YesNoEnum.Y, Remark="开启水印", OrderNo=8, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
+            new SysConfig{ Id=1300000000109, Name="RefreshToken过期时间", Code="sys_refresh_token_expire", Value="20160", SysFlag=YesNoEnum.Y, Remark="RefreshToken过期时间，单位分钟（一般 refresh_token 的有效时间 > 2 * access_token 的有效时间）", OrderNo=3, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
         };
     }
 }

Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs

@@ -12,7 +12,6 @@ public class SysAuthService : IDynamicApiController, ITransient
 {
     private readonly UserManager _userManager;
     private readonly SqlSugarRepository<SysUser> _sysUserRep;
-    private readonly RefreshTokenOptions _refreshTokenOptions;
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly SysMenuService _sysMenuService;
     private readonly SysOnlineUserService _sysOnlineUserService;
@@ -22,7 +21,6 @@ public class SysAuthService : IDynamicApiController, ITransient
 
     public SysAuthService(UserManager userManager,
         SqlSugarRepository<SysUser> sysUserRep,
-        IOptions<RefreshTokenOptions> refreshTokenOptions,
         IHttpContextAccessor httpContextAccessor,
         SysMenuService sysMenuService,
         SysOnlineUserService sysOnlineUserService,
@@ -33,7 +31,6 @@ public class SysAuthService : IDynamicApiController, ITransient
         _userManager = userManager;
         _sysUserRep = sysUserRep;
         _httpContextAccessor = httpContextAccessor;
-        _refreshTokenOptions = refreshTokenOptions.Value;
         _sysMenuService = sysMenuService;
         _sysOnlineUserService = sysOnlineUserService;
         _sysConfigService = sysConfigService;
@@ -90,6 +87,9 @@ public class SysAuthService : IDynamicApiController, ITransient
         // 单用户登录
         await _sysOnlineUserService.SignleLogin(user.Id);
 
+        var tokenExpire = await _sysConfigService.GetTokenExpire();
+        var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire();
+
         // 生成Token令牌
         var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
         {
@@ -100,10 +100,10 @@ public class SysAuthService : IDynamicApiController, ITransient
             { ClaimConst.AccountType, user.AccountType },
             { ClaimConst.OrgId, user.OrgId },
             { ClaimConst.OrgName, user.SysOrg?.Name },
-        });
+        }, tokenExpire);
 
         // 生成刷新Token令牌
-        var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, _refreshTokenOptions.ExpiredTime);
+        var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
 
         // 设置响应报文头
         _httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken);
@@ -158,7 +158,8 @@ public class SysAuthService : IDynamicApiController, ITransient
     [DisplayName("获取刷新Token")]
     public string GetRefreshToken(string accessToken)
     {
-        return JWTEncryption.GenerateRefreshToken(accessToken, _refreshTokenOptions.ExpiredTime);
+        var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult();
+        return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
     }
 
     /// <summary>

Admin.NET/Admin.NET.Core/Service/Config/SysConfigService.cs

@@ -133,4 +133,36 @@ public class SysConfigService : IDynamicApiController, ITransient
     {
         return await _sysConfigRep.AsQueryable().GroupBy(u => u.GroupCode).Select(u => u.GroupCode).ToListAsync();
     }
+
+    /// <summary>
+    /// 获取 Token 过期时间
+    /// </summary>
+    /// <returns></returns>
+    [ApiDescriptionSettings(false)]
+    public async Task<int> GetTokenExpire()
+    {
+        var tokenExpireStr = await GetConfigValue<string>(CommonConst.SysTokenExpire);
+
+        int.TryParse(tokenExpireStr, out var tokenExpire);
+        // 参数不存在或转换失败，设置默认值
+        tokenExpire = tokenExpire == 0 ? 20 : tokenExpire;
+
+        return tokenExpire;
+    }
+
+    /// <summary>
+    /// 获取 RefreshToken 过期时间
+    /// </summary>
+    /// <returns></returns>
+    [ApiDescriptionSettings(false)]
+    public async Task<int> GetRefreshTokenExpire()
+    {
+        var refreshTokenExpireStr = await GetConfigValue<string>(CommonConst.SysRefreshTokenExpire);
+
+        int.TryParse(refreshTokenExpireStr, out var refreshTokenExpire);
+        // 参数不存在或转换失败，设置默认值
+        refreshTokenExpire = refreshTokenExpire == 0 ? 40 : refreshTokenExpire;
+
+        return refreshTokenExpire;
+    }
 }

Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs

@@ -6,6 +6,7 @@ using Furion.DataEncryption;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using System.Threading.Tasks;
+using Microsoft.Extensions.DependencyInjection;
 
 namespace Admin.NET.Web.Core
 {
@@ -18,9 +19,13 @@ namespace Admin.NET.Web.Core
         /// <returns></returns>
         public override async Task HandleAsync(AuthorizationHandlerContext context)
         {
-            if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext(),
-                App.GetOptions<JWTSettingsOptions>().ExpiredTime,
-                App.GetOptions<RefreshTokenOptions>().ExpiredTime))
+            // 读取参数
+            var serviceProvider = context.GetCurrentHttpContext().RequestServices;
+            var sysConfigService = serviceProvider.GetService<SysConfigService>();
+            var tokenExpire = await sysConfigService.GetTokenExpire();
+            var refreshTokenExpire = await sysConfigService.GetRefreshTokenExpire();
+
+            if (JWTEncryption.AutoRefreshToken(context, context.GetCurrentHttpContext(), tokenExpire, refreshTokenExpire))
             {
                 await AuthorizeHandleAsync(context);
             }

Admin.NET/Admin.NET.Web.Core/ProjectOptions.cs

@@ -15,7 +15,6 @@ public static class ProjectOptions
     public static IServiceCollection AddProjectOptions(this IServiceCollection services)
     {
         services.AddConfigurableOptions<DbConnectionOptions>();
-        services.AddConfigurableOptions<RefreshTokenOptions>();
         services.AddConfigurableOptions<SnowIdOptions>();
         services.AddConfigurableOptions<CacheOptions>();
         services.AddConfigurableOptions<OSSProviderOptions>();