Merge pull request #28 from Team-Kaleidoscope/devHEAD v0.2 main heroku/main

Second stage: Complete
author: Kamen Mladenov <kamen.d.mladenov@protonmail.com> 2021-04-09 19:51:35 +0300
committer: GitHub <noreply@github.com> 2021-04-09 19:51:35 +0300
commit: 233f38915ba0079079233eff55434ef349c05c45 (patch)
tree: 6c5f69017865bcab87355e910c87339453da1406 /src/Common/DevHive.Common/Jwt
parent: f4a70c6430db923af9fa9958a11c2d6612cb52cc (diff)
parent: a992357efcf1bc1ece81b95ecee5e05a0b73bfdc (diff)
download: DevHive-233f38915ba0079079233eff55434ef349c05c45.tar
DevHive-233f38915ba0079079233eff55434ef349c05c45.tar.gz
DevHive-233f38915ba0079079233eff55434ef349c05c45.zip
2 files changed, 114 insertions, 0 deletions
diff --git a/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs
new file mode 100644
index 0000000..352a7d5
--- /dev/null
+++ b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs
@@ -0,0 +1,28 @@
+using System;
+using System.Collections.Generic;
+
+namespace DevHive.Common.Jwt.Interfaces
+{
+	public interface IJwtService
+	{
+		/// <summary>
+		/// The generation of a JWT, when a new user registers or log ins
+		/// Tokens have an expiration time of 7 days.
+		/// </summary>
+		/// <param name="userId">User's Guid</param>
+		/// <param name="username">Users's username</param>
+		/// <param name="roleNames">List of user's roles</param>
+		/// <returns>Return a new JWT, containing the user id, username and roles.</returns>
+		string GenerateJwtToken(Guid userId, string username, List<string> roleNames);
+
+		/// <summary>
+		/// Checks whether the given user, gotten by the "id" property,
+		/// is the same user as the one in the token (unless the user in the token has the admin role)
+		/// and the roles in the token are the same as those in the user, gotten by the id in the token
+		/// </summary>
+		/// <param name="userId">Guid of the user being validated</param>
+		/// <param name="rawToken">The raw token coming from the request</param>
+		/// <returns>Bool result of is the user authenticated to do an action</returns>
+		bool ValidateToken(Guid userId, string rawToken);
+	}
+}
diff --git a/src/Common/DevHive.Common/Jwt/JwtService.cs b/src/Common/DevHive.Common/Jwt/JwtService.cs
new file mode 100644
index 0000000..9f316da
--- /dev/null
+++ b/src/Common/DevHive.Common/Jwt/JwtService.cs
@@ -0,0 +1,86 @@
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Principal;
+using DevHive.Common.Jwt.Interfaces;
+using Microsoft.IdentityModel.Tokens;
+
+namespace DevHive.Common.Jwt
+{
+	public class JwtService : IJwtService
+	{
+		private readonly string _validationIssuer;
+		private readonly string _audience;
+		private readonly byte[] _signingKey;
+
+		public JwtService(byte[] signingKey, string validationIssuer, string audience)
+		{
+			this._signingKey = signingKey;
+			this._validationIssuer = validationIssuer;
+			this._audience = audience;
+		}
+
+		public string GenerateJwtToken(Guid userId, string username, List<string> roleNames)
+		{
+			var securityKey = new SymmetricSecurityKey(this._signingKey);
+			var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
+
+			HashSet<Claim> claims = new()
+			{
+				new Claim("ID", $"{userId}"),
+				new Claim("Username", username)
+			};
+
+			foreach (var roleName in roleNames)
+				claims.Add(new Claim(ClaimTypes.Role, roleName));
+
+			SecurityTokenDescriptor securityTokenDescriptor = new()
+			{
+				Issuer = this._validationIssuer,
+				Audience = this._audience,
+				Subject = new ClaimsIdentity(claims),
+				Expires = DateTime.Today.AddDays(7),
+				SigningCredentials = credentials,
+			};
+
+			JwtSecurityTokenHandler tokenHandler = new();
+			SecurityToken token = tokenHandler.CreateToken(securityTokenDescriptor);
+
+			return tokenHandler.WriteToken(token);
+		}
+
+		public bool ValidateToken(Guid userId, string rawToken)
+		{
+			var tokenHandler = new JwtSecurityTokenHandler();
+			var validationParameters = GetValidationParameters();
+			string actualToken = rawToken.Remove(0, 7);
+
+			IPrincipal principal = tokenHandler.ValidateToken(actualToken, validationParameters, out SecurityToken validatedToken);
+			JwtSecurityToken jwtToken = tokenHandler.ReadJwtToken(actualToken);
+
+			if (!principal.Identity.IsAuthenticated)
+				return false;
+			else if (principal.IsInRole("Admin"))
+				return true;
+			else if (jwtToken.Claims.FirstOrDefault(x => x.Type == "ID").Value != userId.ToString())
+				return false;
+			else
+				return true;
+		}
+
+		private TokenValidationParameters GetValidationParameters()
+		{
+			return new TokenValidationParameters()
+			{
+				ValidateLifetime = true,
+				ValidateAudience = true,
+				ValidateIssuer = true,
+				ValidIssuer = this._validationIssuer,
+				ValidAudience = this._audience,
+				IssuerSigningKey = new SymmetricSecurityKey(this._signingKey)
+			};
+		}
+	}
+}
author	Kamen Mladenov <kamen.d.mladenov@protonmail.com>	2021-04-09 19:51:35 +0300
committer	GitHub <noreply@github.com>	2021-04-09 19:51:35 +0300
commit	233f38915ba0079079233eff55434ef349c05c45 (patch)
tree	6c5f69017865bcab87355e910c87339453da1406 /src/Common/DevHive.Common/Jwt
parent	f4a70c6430db923af9fa9958a11c2d6612cb52cc (diff)
parent	a992357efcf1bc1ece81b95ecee5e05a0b73bfdc (diff)
download	DevHive-233f38915ba0079079233eff55434ef349c05c45.tar DevHive-233f38915ba0079079233eff55434ef349c05c45.tar.gz DevHive-233f38915ba0079079233eff55434ef349c05c45.zip