using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using MicCheck.Api.Users; using Microsoft.IdentityModel.Tokens; namespace MicCheck.Api.Authorization; public class TokenService(IConfiguration configuration) : ITokenService { public TokenResponse GenerateToken(User user) { var secretKey = configuration["Jwt:SecretKey"] ?? throw new InvalidOperationException("Jwt:SecretKey is not configured."); var issuer = configuration["Jwt:Issuer"] ?? throw new InvalidOperationException("Jwt:Issuer is not configured."); var audience = configuration["Jwt:Audience"] ?? throw new InvalidOperationException("Jwt:Audience is not configured."); var expiryMinutes = int.Parse(configuration["Jwt:ExpiryMinutes"] ?? "60"); var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var expiresAt = DateTime.UtcNow.AddMinutes(expiryMinutes); var claims = new List { new(JwtRegisteredClaimNames.Sub, user.Id.ToString()), new(JwtRegisteredClaimNames.Email, user.Email), new(JwtRegisteredClaimNames.GivenName, user.FirstName), new(JwtRegisteredClaimNames.FamilyName, user.LastName), new(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), }; foreach (var org in user.Organizations) { claims.Add(new Claim("OrganizationId", org.OrganizationId.ToString())); claims.Add(new Claim("OrganizationRole", org.Role.ToString())); } var token = new JwtSecurityToken( issuer: issuer, audience: audience, claims: claims, expires: expiresAt, signingCredentials: credentials); return new TokenResponse(new JwtSecurityTokenHandler().WriteToken(token), expiresAt); } }