using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

namespace AI.Api.WebCore
{
    public static class AuthenticationServiceExtensions
    {
        /// <summary>
        /// 添加认证和授权
        /// </summary>
        /// <param name="services">服务集合</param> 
        /// <returns></returns>
        public static IServiceCollection AddAuth(this IServiceCollection services, string issuer, string audience, string secretKey)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = true, //是否验证Issuer
                    ValidIssuer = issuer, //发行人Issuer
                    ValidateAudience = true, //是否验证Audience
                    ValidAudience = audience, //订阅人Audience
                    ValidateIssuerSigningKey = true, //是否验证SecurityKey
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)), //SecurityKey
                    ValidateLifetime = true, //是否验证失效时间
                    ClockSkew = TimeSpan.FromSeconds(30), //过期时间容错值，解决服务器端时间不同步问题（秒）
                    RequireExpirationTime = true,
                };

            });


            return services;
            //services.AddAuthorization(options =>
            //{
            //    options.AddPolicy(Constant.Policy.FreePolicyName,
            //        policy => policy.RequireClaim(Constant.Auth.PermissionsKey, Constant.Auth.FreeClaimValue, Constant.Auth.VipClaimValue));
            //    options.AddPolicy(Constant.Policy.VipPolicyName,
            //        policy => policy.RequireClaim(Constant.Auth.PermissionsKey, Constant.Auth.VipClaimValue));
            //});
        }
    }
}