Auth tweaks, Audit implementation, Webhooks
This commit is contained in:
52
src/api/MicCheck.Api/Authorization/TokenService.cs
Normal file
52
src/api/MicCheck.Api/Authorization/TokenService.cs
Normal file
@@ -0,0 +1,52 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using MicCheck.Api.Users;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace MicCheck.Api.Authorization;
|
||||
|
||||
public class TokenService(IConfiguration configuration) : ITokenService
|
||||
{
|
||||
public TokenResponse GenerateToken(User user)
|
||||
{
|
||||
var secretKey = configuration["Jwt:SecretKey"]
|
||||
?? throw new InvalidOperationException("Jwt:SecretKey is not configured.");
|
||||
var issuer = configuration["Jwt:Issuer"]
|
||||
?? throw new InvalidOperationException("Jwt:Issuer is not configured.");
|
||||
var audience = configuration["Jwt:Audience"]
|
||||
?? throw new InvalidOperationException("Jwt:Audience is not configured.");
|
||||
var expiryMinutes = int.Parse(configuration["Jwt:ExpiryMinutes"] ?? "60");
|
||||
|
||||
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
|
||||
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
|
||||
var expiresAt = DateTime.UtcNow.AddMinutes(expiryMinutes);
|
||||
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
|
||||
new(JwtRegisteredClaimNames.Email, user.Email),
|
||||
new(JwtRegisteredClaimNames.GivenName, user.FirstName),
|
||||
new(JwtRegisteredClaimNames.FamilyName, user.LastName),
|
||||
new(JwtRegisteredClaimNames.Iat,
|
||||
DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(),
|
||||
ClaimValueTypes.Integer64),
|
||||
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
||||
};
|
||||
|
||||
foreach (var org in user.Organizations)
|
||||
{
|
||||
claims.Add(new Claim("OrganizationId", org.OrganizationId.ToString()));
|
||||
claims.Add(new Claim("OrganizationRole", org.Role.ToString()));
|
||||
}
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: issuer,
|
||||
audience: audience,
|
||||
claims: claims,
|
||||
expires: expiresAt,
|
||||
signingCredentials: credentials);
|
||||
|
||||
return new TokenResponse(new JwtSecurityTokenHandler().WriteToken(token), expiresAt);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user