Files
mic-check/src/api/MicCheck.Api/Authorization/TokenService.cs
2026-06-10 13:06:55 -07:00

53 lines
2.1 KiB
C#
Executable File

using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using MicCheck.Api.Users;
using Microsoft.IdentityModel.Tokens;
namespace MicCheck.Api.Authorization;
public class TokenService(IConfiguration configuration) : ITokenService
{
public TokenResponse GenerateToken(User user)
{
var secretKey = configuration["Jwt:SecretKey"]
?? throw new InvalidOperationException("Jwt:SecretKey is not configured.");
var issuer = configuration["Jwt:Issuer"]
?? throw new InvalidOperationException("Jwt:Issuer is not configured.");
var audience = configuration["Jwt:Audience"]
?? throw new InvalidOperationException("Jwt:Audience is not configured.");
var expiryMinutes = int.Parse(configuration["Jwt:ExpiryMinutes"] ?? "60");
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var expiresAt = DateTime.UtcNow.AddMinutes(expiryMinutes);
var claims = new List<Claim>
{
new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
new(JwtRegisteredClaimNames.Email, user.Email),
new(JwtRegisteredClaimNames.GivenName, user.FirstName),
new(JwtRegisteredClaimNames.FamilyName, user.LastName),
new(JwtRegisteredClaimNames.Iat,
DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(),
ClaimValueTypes.Integer64),
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
};
foreach (var org in user.Organizations)
{
claims.Add(new Claim("OrganizationId", org.OrganizationId.ToString()));
claims.Add(new Claim("OrganizationRole", org.Role.ToString()));
}
var token = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: claims,
expires: expiresAt,
signingCredentials: credentials);
return new TokenResponse(new JwtSecurityTokenHandler().WriteToken(token), expiresAt);
}
}