using Manganese.Text; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json.Linq; using NPOI.SS.Formula.Functions; using OfficeOpenXml.Packaging.Ionic.Zlib; using RestSharp; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using MimeKit; using MailKit.Net.Smtp; using System.Security.Authentication; using Flurl.Http; namespace asg_form.Controllers { public class login : ControllerBase { public class newuser_get { public string UserName { get; set; } public string Password { get; set; } public string chinaname { get; set; } public string EMail { get; set; } } public class ok_email_get { public string email { get; set; } public string token { get; set; } } private readonly RoleManager roleManager; private readonly UserManager userManager; public login( RoleManager roleManager, UserManager userManager) { this.roleManager = roleManager; this.userManager = userManager; } ///

/// 修改密码 ///

/// /// [Route("api/v1/password/sendtoken")] [HttpPost] public async Task> put_password_email([FromBody] string email) { var user = await userManager.FindByEmailAsync(email); string token = await userManager.GeneratePasswordResetTokenAsync(user); SendEmail(email, "你正在重置ASG官网账号！", $@"

你正在重置ASG官网账号。

重置密码

你正在重置ASG官网账号。

你的验证码是：{token}

如果你没有重置ASG官网账号密码，请忽略此邮件。
请不要回复此邮件。如果你需要帮助，请联系我们。
请不要与他人分享此验证码。

"); return "发送重置验证码成功"; } [Route("api/v1/password/ok")] [HttpPost] public async Task> put_password([FromBody] password_email password) { var user = await userManager.FindByEmailAsync(password.Email); var r = await userManager.ResetPasswordAsync(user, password.Token, password.New_Password); if (r.Succeeded) { return "成功"; } return BadRequest(new error_mb { code = 400, message = "验证码错误" }); } public class password_email { public string Email { get; set; } public string New_Password { get; set; } public string Token { get; set; } } public class reqdata { public bool success { get; set; } public DateTime challenge_ts { get; set; } public string hostname { get; set; } public object[] errorcodes { get; set; } public string action { get; set; } public string cdata { get; set; } } ///

/// 注册 ///

/// 用户信息 /// 谷歌人机验证token /// [Route("api/v1/enroll")] [HttpPost] public async Task> Post([FromBody] Adduserreq newuser) { object data = new { secret = "0x4AAAAAAAfgltBDBjchl9cMupUutwOFf8s", response = newuser.token }; var a = await "https://challenges.cloudflare.com/turnstile/v0/siteverify".PostJsonAsync(data); var ok= await a.GetJsonAsync(); if (ok.success) { User? user = await this.userManager.FindByNameAsync(newuser.userName); if (user == null) { user = new User { UserName = newuser.userName, chinaname = newuser.chinaname, EmailConfirmed = true }; var r = await userManager.CreateAsync(user, newuser.password); if (!r.Succeeded) { return BadRequest(r.Errors); } return Ok("注册成功！"); } else { return BadRequest(new error_mb { code = 400, message = "邮箱已被注册" }); } } else { return BadRequest(new error_mb { code = 400, message = $"未通过人机验证" }); } } public record Adduserreq( string userName ,string password ,string chinaname,string token); [Route("api/v1/setimg")] [HttpPost] [Authorize] public async Task setimg([FromBody] string base64) { string id = this.User.FindFirst(ClaimTypes.NameIdentifier)!.Value; var ouser = userManager.FindByIdAsync(id).Result; ouser.UserBase64 = base64; await userManager.UpdateAsync(ouser); return "ok"; } ///

/// 确认邮件验证码 ///

/// 邮箱 /// [Route("api/v1/okemail")] [HttpPost] public async Task> okemail([FromBody] ok_email_get EMail) { User user = await userManager.FindByEmailAsync(EMail.email); var a = await userManager.ConfirmEmailAsync(user, EMail.token); if (a.Succeeded) { return Ok(); } else { return BadRequest(new error_mb { code = 400, message = "验证码错误" }); } } ///

/// 获取我自己的信息 ///

/// [Authorize] [Route("api/v1/user/")] [HttpGet] public async Task> getuser() { string id = this.User.FindFirst(ClaimTypes.NameIdentifier)!.Value; var user = await userManager.FindByIdAsync(id); var isadmin = await userManager.IsInRoleAsync(user, "admin"); List roles = (List)await userManager.GetRolesAsync(user); return new post_user { id = id.ToInt64(), Base64 = user.UserBase64, name = user.UserName, chinaname = user.chinaname, email = user.Email, isadmin = isadmin, Roles = roles, officium = user.officium }; } public class post_user { public long id { get; set; } public string? Base64 { get; set; } public string name { get; set; } public string? chinaname { get; set; } public string? email { get; set; } public bool isadmin { get; set; } public string? officium { get; set; } public List? Roles { get; set; } } ///

/// 修改中文名称 ///

/// 新的中文名称 /// [Route("api/v1/user/name")] [Authorize] [HttpPost] public async Task> setusername(string newchinaname) { /* string id = this.User.FindFirst(ClaimTypes.NameIdentifier)!.Value; var user = await userManager.FindByIdAsync(id); user.chinaname = newchinaname; var r = await userManager.UpdateAsync(user); return user; */ string id = this.User.FindFirst(ClaimTypes.NameIdentifier)!.Value; var user = await userManager.FindByIdAsync(id); user.chinaname = newchinaname; var r = await userManager.UpdateAsync(user); return Ok("修改成功"); } ///

/// 发送邮件 ///

/// 收件人邮箱 /// 标题 /// 发送内容 /// public static bool SendEmail(string email1, string title, string content) { var message = new MimeMessage(); message.From.Add(new MailboxAddress("ASG管理员", "admin@idvasg.cn")); message.To.Add(new MailboxAddress("用户", email1)); message.Subject = title; message.Body = new TextPart("html") { Text = content }; var client = new SmtpClient(); try { client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12; client.Connect("smtp.zeptomail.com.cn", 587, false); client.Authenticate("emailapikey", "eiwqDPhYvz0JfAQUxXs1c7O73eRiDb3M8/Gf5RApUPFGGubJSXsdBgtmpwu3IVEtfn3yErFsaKxyy8T14VUn85QSbSlYs6Cq+CaF7ISNMHtAL/6LeVmGwh9Qhwk1b6IDW6AK/kk2B53nNw=="); client.Send(message); client.Disconnect(true); } catch (Exception e) { Console.Write(e.Message); } return true; } [Route("api/v1/sendemail")] [HttpPost] public async Task> chongfa(string username, string captoken) { //验证谷歌人机验证 var client = new RestClient($"https://www.recaptcha.net/recaptcha/api/siteverify?secret=6LcdXUEmAAAAAJLICuxBgtMsDiMSCm5XpB0z-fzK&response={captoken}"); var request = new RestRequest(Method.POST); IRestResponse response = client.Execute(request); string a = response.Content; JObject b = a.ToJObject(); string ok = b["success"].ToString(); if (ok == "True") { User user = await this.userManager.FindByNameAsync(username); if (user != null) { string email_token = await userManager.GenerateEmailConfirmationTokenAsync(user); SendEmail(user.Email, "欢迎注册ASG官网账号！", $@"

{user.chinaname} 正在注册一个新的ASG官网账号。

你的验证码是：{email_token}

如果你没有注册ASG官网账号，请忽略此邮件。
请不要回复此邮件。如果你需要帮助，请联系我们。
请不要与他人分享此验证码。

"); return "ok!"; } return NotFound(new error_mb { code = 404, message = "未找到用户" }); } else { return BadRequest(new error_mb { code = 400, message = "人机验证未通过" }); } } ///

/// 根据职位获取用户 ///

/// 用户信息 /// /// [Route("api/v1/getuserbyop")] [HttpGet] public async Task> getuserbyop(string opname) { var opuser = userManager.Users.Where(x => x.officium == opname).ToList(); List user = new List(); foreach (var auser in opuser) { bool isadmin = await userManager.IsInRoleAsync(auser, "admin"); var roles = await userManager.GetRolesAsync(auser); user.Add(new post_user { id = auser.Id, chinaname = auser.chinaname, name = auser.UserName, isadmin = isadmin, email = auser.Email, Roles = (List)roles }); } return user; } ///

/// 登陆 ///

/// 用户信息 /// /// [Route("api/v1/login")] [HttpPost] public async Task> login1([FromBody] LoginRequest req, [FromServices] IOptions jwtOptions) { string userName = req.UserName; string password = req.Password; var user = await userManager.FindByNameAsync(userName); if (user == null) { return NotFound(new error_mb { code = 404, message = "用户未找到" }); } var success = await userManager.CheckPasswordAsync(user, password); if (!success) { await userManager.AccessFailedAsync(user); return BadRequest(new error_mb { code = 400, message = "密码错误" }); } if (await userManager.IsLockedOutAsync(user)) { return BadRequest(new error_mb { code = 400, message = "账号被锁定" }); } var claims = new List(); claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); claims.Add(new Claim(ClaimTypes.Name, user.UserName)); var roles = await userManager.GetRolesAsync(user); foreach (string role in roles) { claims.Add(new Claim(ClaimTypes.Role, role)); } string jwtToken = BuildToken(claims, jwtOptions.Value); return Ok(jwtToken); } ///

/// 登陆 ///

/// 用户信息 /// /// [Route("api/v1/email_login")] [HttpPost] public async Task> login2([FromBody] LoginRequest_2 req, [FromServices] IOptions jwtOptions) { string userEmail = req.UserEmail; string password = req.Password; var user = await userManager.FindByEmailAsync(userEmail); if (user == null) { return NotFound(new error_mb { code = 404, message = "用户未找到" }); } var success = await userManager.CheckPasswordAsync(user, password); if (!success) { await userManager.AccessFailedAsync(user); return BadRequest(new error_mb { code = 400, message = "密码错误!" }); } if (await userManager.IsLockedOutAsync(user)) { return BadRequest(new error_mb { code = 400, message = "账号被锁定" }); } var claims = new List(); claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); claims.Add(new Claim(ClaimTypes.Name, user.UserName)); var roles = await userManager.GetRolesAsync(user); foreach (string role in roles) { claims.Add(new Claim(ClaimTypes.Role, role)); } string jwtToken = BuildToken(claims, jwtOptions.Value); return Ok(jwtToken); } private static string BuildToken(IEnumerable claims, JWTOptions options) { DateTime expires = DateTime.Now.AddSeconds(options.ExpireSeconds); byte[] keyBytes = Encoding.UTF8.GetBytes(options.SigningKey); var secKey = new SymmetricSecurityKey(keyBytes); var credentials = new SigningCredentials(secKey, SecurityAlgorithms.HmacSha256Signature); var tokenDescriptor = new JwtSecurityToken(expires: expires, signingCredentials: credentials, claims: claims); return new JwtSecurityTokenHandler().WriteToken(tokenDescriptor); } } }