3 files changed, 9 insertions, 11 deletions

diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs
index eda4a5a..8618c1b 100644
--- a/API/Controllers/UserController.cs
+++ b/API/Controllers/UserController.cs
@@ -40,7 +40,7 @@ namespace API.Controllers
 
 		//Read
 		[HttpGet]
-		[Authorize(Roles = UserRoles.Admin)]
+		[Authorize(Roles = UserRoles.Admin)] // Functionality, only for testing purposes
 		public async Task<IActionResult> GetById(int id)
 		{
 			return await this._service.GetUserById(id);
diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs
index 4ace934..8e1ba38 100644
--- a/API/Service/UserService.cs
+++ b/API/Service/UserService.cs
@@ -34,18 +34,22 @@ namespace API.Service
 			if (user == null)
 				return new NotFoundObjectResult("User does not exist!");
 
+			// Get key from appsettings.json
 			var key = Encoding.ASCII.GetBytes(_appSettings.GetSection("Secret").Value);  
 
+			// Create Jwt Token configuration
 			var tokenHandler = new JwtSecurityTokenHandler();
             var tokenDescriptor = new SecurityTokenDescriptor
             {
                 Subject = new ClaimsIdentity(new Claim[]
                 {
-                    new Claim(ClaimTypes.Role, user.Role)
+                    new Claim(ClaimTypes.Role, user.Role) // Authorize user by role
                 }),
                 Expires = DateTime.UtcNow.AddDays(7),
                 SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
             };
+
+			// Create Jwt Token
             var token = tokenHandler.CreateToken(tokenDescriptor);
             var tokenString = tokenHandler.WriteToken(token);
 
diff --git a/API/Startup.cs b/API/Startup.cs
index a113736..46d9fc6 100644
--- a/API/Startup.cs
+++ b/API/Startup.cs
@@ -45,8 +45,9 @@ namespace API
 				options.Password.RequiredLength = 5;

 			});

 

-			// configure jwt authentication

+			// Get key from appsettings.json

             var key = Encoding.ASCII.GetBytes(Configuration.GetSection("AppSettings").GetSection("Secret").Value);

+			// Setup Jwt Authentication

             services.AddAuthentication(x =>

             {

                 x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

@@ -58,14 +59,7 @@ namespace API
                 {

                     OnTokenValidated = context =>

                     {

-                        // var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();

-                        // var userId = int.Parse(context.Principal.Identity.Name);

-                        // var user = userService.GetById(userId);

-                        // if (user == null)

-                        // {

-                        //     // return unauthorized if user no longer exists

-                        //     context.Fail("Unauthorized");

-                        // }

+                        // TODO: add more authentication

                         return Task.CompletedTask;

                     }

                 };