chore 优化authserver配置

.gitignore

@@ -264,4 +264,5 @@ src/KonSoft.Admin.Blazor.Server.Tiered/Logs/*
 # Use abp install-libs to restore.
 **/wwwroot/libs/*
 
-**/Logs/*
+**/Logs/*
+**/logs.txt

applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs

@@ -26,6 +26,7 @@ using Volo.Abp.Localization;
 using Volo.Abp.Modularity;
 using Volo.Abp.OpenIddict;
 using Volo.Abp.Security.Claims;
+using Volo.Abp.UI.Navigation.Urls;
 using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
 
 namespace KonSoft;
@@ -50,15 +51,20 @@ public class KonSoftAuthServerModule : AbpModule
         {
             builder.AddValidation(options =>
             {
-                options.AddAudiences("KonSoft");
+                options.AddAudiences(KonSoftConsts.AuthServerAudience);
                 options.UseLocalServer();
                 options.UseAspNetCore();
             });
         });
 
-        context.Services.Configure<ForwardedHeadersOptions>(options =>
+        PreConfigure<ForwardedHeadersOptions>(options =>
         {
-            options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+            options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |
+                                       ForwardedHeaders.XForwardedProto |
+                                       ForwardedHeaders.XForwardedHost;
+
+            options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:127.0.0.1"), 104));
+            options.KnownProxies.Add(IPAddress.Parse("::ffff:127.0.0.1"));
         });
 
         if (!hostingEnvironment.IsDevelopment())
@@ -105,6 +111,16 @@ public class KonSoftAuthServerModule : AbpModule
             options.ApplicationName = "AuthServer";
         });
 
+        Configure<AppUrlOptions>(options =>
+        {
+            options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"];
+            options.RedirectAllowedUrls.AddRange(configuration["App:RedirectAllowedUrls"]?.Split(',') ??
+                                                 Array.Empty<string>());
+
+            options.Applications["Angular"].RootUrl = configuration["App:ClientUrl"];
+            options.Applications["Angular"].Urls[AccountUrlNames.PasswordReset] = "account/reset-password";
+        });
+
         Configure<AbpBackgroundJobOptions>(options => { options.IsJobExecutionEnabled = false; });
 
         context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options =>
@@ -137,17 +153,16 @@ public class KonSoftAuthServerModule : AbpModule
         var app = context.GetApplicationBuilder();
         var env = context.GetEnvironment();
 
-        if (env.IsDevelopment())
+        app.UseForwardedHeaders();
+        app.Use(async (ctx, next) =>
         {
-            app.UseDeveloperExceptionPage();
+            ctx.Request.Scheme = "https";
-            app.UseForwardedHeaders();
+            await next();
-        }
+        });
-        else
+
-        {
+        app.UseDeveloperExceptionPage();
-            app.UseErrorPage();
+        app.UseAbpRequestLocalization();
-            app.UseForwardedHeaders();
+        app.UseErrorPage();
-            app.UseHsts();
-        }
 
         app.UseAbpRequestLocalization();
 

gateways/KonSoft.InternalGateway/Extensions/YarpSwaggerUIBuilderExtensions.cs

@@ -0,0 +1,50 @@
+using Microsoft.AspNetCore.Builder;
+using Yarp.ReverseProxy.Configuration;
+namespace KonSoft.InternalGateway.Extensions
+{
+    public static class YarpSwaggerUIBuilderExtensions
+    {
+        public static IApplicationBuilder UseSwaggerUIWithYarp(this IApplicationBuilder app)
+        {
+            var serviceProvider = app.ApplicationServices;
+
+            app.UseSwagger();
+            app.UseSwaggerUI(options =>
+            {
+                var configuration = serviceProvider.GetRequiredService<IConfiguration>();
+                var logger = serviceProvider.GetRequiredService<ILogger<Program>>();
+                var proxyConfigProvider = serviceProvider.GetRequiredService<IProxyConfigProvider>();
+                var yarpConfig = proxyConfigProvider.GetConfig();
+
+                var routedClusters = yarpConfig.Clusters
+                    .SelectMany(t => t.Destinations,
+                        (clusterId, destination) => new { clusterId.ClusterId, destination.Value });
+
+                var groupedClusters = routedClusters
+                    .GroupBy(q => q.Value.Address)
+                    .Select(t => t.First())
+                    .Distinct()
+                    .ToList();
+                var gatewayUrl = configuration["GatewayUrl"];
+
+                options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]);
+                options.OAuthClientSecret(configuration["AuthServer:SwaggerClientSecret"]);
+                foreach (var clusterGroup in groupedClusters)
+                {
+                    var routeConfig = yarpConfig.Routes.FirstOrDefault(q =>
+                        q.ClusterId == clusterGroup.ClusterId);
+                    if (routeConfig == null)
+                    {
+                        logger.LogWarning($"Swagger UI: Couldn't find route configuration for {clusterGroup.ClusterId}...");
+                        continue;
+                    }
+                    
+                   // options.SwaggerEndpoint($"{clusterGroup.Value.Address}/swagger/v1/swagger.json", $"{routeConfig.RouteId} API");
+                    options.SwaggerEndpoint(new Uri(new Uri(!string.IsNullOrWhiteSpace(gatewayUrl)? gatewayUrl: clusterGroup.Value.Address), $"{routeConfig.RouteId.Split("-")[0]}/swagger/v1/swagger.json").AbsoluteUri, $"{routeConfig.RouteId} API");
+                }
+            });
+
+            return app;
+        }
+    }
+}

gateways/KonSoft.InternalGateway/Program.cs

@@ -1,5 +1,9 @@
 using KonSoft.InternalGateway;
+using KonSoft.InternalGateway.Extensions;
 using KonSoft.Shared.Hosting.AspNetCore;
+using Microsoft.AspNetCore.Rewrite;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.OpenApi.Models;
 using Serilog;
 
 var assemblyName = typeof(Program).Assembly.GetName().Name!;
@@ -17,11 +21,26 @@ try
         .AddAppSettingsSecretsJson()
         .UseAutofac()
         .UseSerilog();
+
+    builder.Services.AddAbpSwaggerGenWithOidc(builder.Configuration["AuthServer:Authority"]!, setupAction: options =>
+    {
+        options.SwaggerDoc("v1", new OpenApiInfo
+        {
+            Title = "Gateway",
+            Version = "v1"
+        });
+        options.DocInclusionPredicate((docName, description) => true);
+        options.CustomSchemaIds(type => type.FullName);
+    });
+
+
     builder.Services.AddReverseProxy()
         .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
+    builder.Services.AddControllers();
     await builder.AddApplicationAsync<InternalGatewayModule>();
     var app = builder.Build();
     await app.InitializeApplicationAsync();
+    app.UseSwaggerUIWithYarp();
     app.MapReverseProxy();
     app.MapGet("/heath", () => "Online");
     await app.RunAsync();

gateways/KonSoft.InternalGateway/appsettings.json

@@ -4,5 +4,10 @@
     "name": "KonSoft.InternalGateway",
     "nodes": "https://config.konsoft.top/",
     "secret": "DBE31703-14F9-4B01-893D-900B8380CE04"
+  },
+  "AuthServer": {
+    "Authority": "https://devauth.konsoft.top",
+    "RequireHttpsMetadata": true,
+    "SwaggerClientId": "Gateway_Swagger"
   }
 }

microservices/KonSoft.Admin.HttpApi.Host/AdminHttpApiHostModule.cs

@@ -26,7 +26,7 @@ public class AdminHttpApiHostModule : AbpModule
         SwaggerConfigurationHelper.ConfigureWithOidc(
             context,
             configuration["AuthServer:Authority"]!,
-            ["AdministrationService"],
+            ["Admin", "Dispatch", "Payment", "Report", "TenantManagement"],
             discoveryEndpoint: configuration["AuthServer:MetadataAddress"],
             apiTitle: "Administration Service API"
         );

microservices/KonSoft.Admin.HttpApi.Host/Properties/launchSettings.json

@@ -6,18 +6,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:44354"
+      "applicationUrl": "http://localhost:44354"
-    },
-    "Container (Dockerfile)": {
-      "commandName": "Docker",
-      "launchBrowser": true,
-      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
-      "environmentVariables": {
-        "ASPNETCORE_HTTPS_PORTS": "8081",
-        "ASPNETCORE_HTTP_PORTS": "8080"
-      },
-      "publishAllPorts": true,
-      "useSSL": true
     }
   },
   "$schema": "http://json.schemastore.org/launchsettings.json"

microservices/KonSoft.Admin.HttpApi.Host/appsettings.json

@@ -6,8 +6,9 @@
     "secret": "DBE31703-14F9-4B01-893D-900B8380CE04"
   },
   "AuthServer": {
-    "Authority": "https://localhost:44322",
+    "Authority": "https://devauth.konsoft.top",
-    "RequireHttpsMetadata": true,
+    "RequireHttpsMetadata": false,
-    "SwaggerClientId": "Admin_Swagger"
+    "SwaggerClientId": "Dev_Admin_Swagger",
+    "MetadataAddress": "https://devauth.konsoft.top"
   }
 }