Backend authentication
This commit is contained in:
@@ -10,6 +10,7 @@ import { LoginPageComponent } from './components/login-page/login-page.component
|
||||
import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
|
||||
import { ServiceWorkerModule } from '@angular/service-worker';
|
||||
import { LoaderInterceptor } from './interceptors/loader.interceptor';
|
||||
import { AuthInterceptor } from './interceptors/auth.interceptor';
|
||||
|
||||
|
||||
@NgModule({
|
||||
@@ -37,6 +38,11 @@ import { LoaderInterceptor } from './interceptors/loader.interceptor';
|
||||
useClass: LoaderInterceptor,
|
||||
multi: true
|
||||
},
|
||||
{
|
||||
provide: HTTP_INTERCEPTORS,
|
||||
useClass: AuthInterceptor,
|
||||
multi: true
|
||||
},
|
||||
],
|
||||
bootstrap: [AppComponent]
|
||||
})
|
||||
|
||||
@@ -15,10 +15,9 @@ export class AuthService {
|
||||
private http$: HttpClient
|
||||
) { }
|
||||
|
||||
loadDbUser() {
|
||||
ping() {
|
||||
return new Promise((resolve, reject) => {
|
||||
const headers = new HttpHeaders({
|
||||
// 'Content-Type': 'application/json',
|
||||
'Authorization': `Bearer ${this.apiToken}`
|
||||
})
|
||||
this.http$.get<any>(`${environment.api.url}/ping/ping`, {
|
||||
@@ -43,7 +42,7 @@ export class AuthService {
|
||||
const header = new HttpHeaders().set('Content-type', 'application/json');
|
||||
this.http$.post<any>(`${environment.api.url}/auth/apiToken`, JSON.stringify(credentials), { headers: header }).subscribe({
|
||||
next: (data) => {
|
||||
console.log('apiToken', data);
|
||||
if (this.user) { this.user.id = data.id }
|
||||
this.apiToken = data.token;
|
||||
resolve(data);
|
||||
},
|
||||
|
||||
@@ -43,7 +43,6 @@ export class LoginPageComponent implements OnInit {
|
||||
|
||||
async handleCredentialResponse(response: any) {
|
||||
try {
|
||||
console.log("Google Response", response);
|
||||
const responsePayload: any = jwt_decode(response.credential);
|
||||
this.data$.currentUser = new User({
|
||||
googleCredentials: response.credential,
|
||||
@@ -51,10 +50,8 @@ export class LoginPageComponent implements OnInit {
|
||||
email: responsePayload.email,
|
||||
avatar: responsePayload.picture
|
||||
});
|
||||
// this.auth$.loadDbUser();
|
||||
console.log("USer", this.data$.currentUser);
|
||||
await this.auth$.getAPIToken(response.credential);
|
||||
// this.auth$.loadDbUser();
|
||||
this.auth$.ping();
|
||||
this.ngZone$.run(() => {
|
||||
this.router$.navigate(['/app']);
|
||||
});
|
||||
|
||||
26
Frontend/src/app/interceptors/auth.interceptor.ts
Normal file
26
Frontend/src/app/interceptors/auth.interceptor.ts
Normal file
@@ -0,0 +1,26 @@
|
||||
import { Injectable } from '@angular/core';
|
||||
import {
|
||||
HttpRequest,
|
||||
HttpHandler,
|
||||
HttpEvent,
|
||||
HttpInterceptor
|
||||
} from '@angular/common/http';
|
||||
import { AuthService } from '../auth/auth.service';
|
||||
import { Observable } from 'rxjs';
|
||||
|
||||
@Injectable()
|
||||
export class AuthInterceptor implements HttpInterceptor {
|
||||
constructor(
|
||||
private auth$: AuthService
|
||||
) { }
|
||||
|
||||
intercept(request: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
|
||||
if (!request.url.includes('/auth/apiToken')) {
|
||||
return next.handle(request.clone({
|
||||
headers: request.headers.set('Authorization', `Bearer ${this.auth$.apiToken}`),
|
||||
}));
|
||||
} else {
|
||||
return next.handle(request);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -5,8 +5,8 @@
|
||||
export const environment = {
|
||||
production: false,
|
||||
api: {
|
||||
//url: "http://localhost:5183/api"
|
||||
url: "https://diuna.bim-it.pl/api"
|
||||
url: "http://localhost:5400/api"
|
||||
//url: "https://diuna.bim-it.pl/api"
|
||||
},
|
||||
google: {
|
||||
clientId: "107631825312-bkfe438ehr9k9ecb2h76g802tj6advma.apps.googleusercontent.com"
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using Google.Apis.Auth;
|
||||
using Google.Apis.Http;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos;
|
||||
@@ -14,6 +15,7 @@ namespace WebAPI.Controllers
|
||||
{
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
// [Authorize]
|
||||
public class AuthController : Controller
|
||||
{
|
||||
private readonly AppDbContext db;
|
||||
@@ -44,29 +46,27 @@ namespace WebAPI.Controllers
|
||||
|
||||
private dynamic JWTGenerator(User user)
|
||||
{
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var key = Encoding.ASCII.GetBytes(configuration.GetValue<string>("Secret"));
|
||||
|
||||
var tokenDescriptor = new SecurityTokenDescriptor
|
||||
{
|
||||
Subject = new ClaimsIdentity(new[] { new Claim("username", user.UserName) }),
|
||||
Expires = DateTime.UtcNow.AddDays(7),
|
||||
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
|
||||
Subject = new ClaimsIdentity(new[]
|
||||
{
|
||||
new Claim("Id", Guid.NewGuid().ToString()),
|
||||
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
|
||||
new Claim(JwtRegisteredClaimNames.Jti,
|
||||
Guid.NewGuid().ToString())
|
||||
}),
|
||||
Expires = DateTime.UtcNow.AddMinutes(5),
|
||||
SigningCredentials = new SigningCredentials
|
||||
(new SymmetricSecurityKey(key),
|
||||
SecurityAlgorithms.HmacSha512Signature)
|
||||
};
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var token = tokenHandler.CreateToken(tokenDescriptor);
|
||||
var encrypterToken = tokenHandler.WriteToken(token);
|
||||
|
||||
HttpContext.Response.Cookies.Append("token", encrypterToken,
|
||||
new CookieOptions
|
||||
{
|
||||
Expires = DateTime.Now.AddDays(7),
|
||||
HttpOnly = true,
|
||||
Secure = true,
|
||||
IsEssential = true,
|
||||
SameSite = SameSiteMode.None
|
||||
});
|
||||
|
||||
return new { token = encrypterToken, username = user.UserName };
|
||||
var jwtToken = tokenHandler.WriteToken(token);
|
||||
var stringToken = tokenHandler.WriteToken(token);
|
||||
return new { token = stringToken, id = user.Id };
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -25,44 +25,39 @@ builder.Services.AddCors(options =>
|
||||
});
|
||||
});
|
||||
|
||||
builder.Services.AddAuthentication(x =>
|
||||
{
|
||||
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
}).AddCookie(x =>
|
||||
{
|
||||
x.Cookie.Name = "token";
|
||||
|
||||
}).AddJwtBearer(x =>
|
||||
{
|
||||
x.RequireHttpsMetadata = false;
|
||||
x.SaveToken = true;
|
||||
x.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateIssuerSigningKey = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetValue<string>("Secret"))),
|
||||
ValidateIssuer = false,
|
||||
ValidateAudience = false
|
||||
};
|
||||
x.Events = new JwtBearerEvents
|
||||
{
|
||||
OnMessageReceived = context =>
|
||||
{
|
||||
//context.Token = context.Request.Cookies["token"];
|
||||
context.Token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik1pY2hhbCBaaWVsaW5za2kiLCJuYmYiOjE2NzAyODk3NTAsImV4cCI6MTY3MDg5NDU1MCwiaWF0IjoxNjcwMjg5NzUwfQ.XZ1lE_Jio9N5aetvY8qX8rS2xoIcPw3GJWGSatPh1VokQkrILOowvvibdGViQOOi39qGBOFKa8JC61XcaL-1qw";
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
};
|
||||
|
||||
});
|
||||
|
||||
builder.Services.AddControllers();
|
||||
|
||||
builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
}).AddJwtBearer(options =>
|
||||
{
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateIssuer = false,
|
||||
ValidateAudience = false,
|
||||
ValidateLifetime = true,
|
||||
ValidateIssuerSigningKey = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Secret"]))
|
||||
};
|
||||
});
|
||||
builder.Services.AddAuthorization();
|
||||
|
||||
|
||||
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddSwaggerGen();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
app.Use(async (context, next) =>
|
||||
{
|
||||
context.Request.Headers.TryGetValue("Authorization", out var auth);
|
||||
await next(context);
|
||||
});
|
||||
|
||||
// Configure the HTTP request pipeline.
|
||||
if (app.Environment.IsDevelopment())
|
||||
{
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net6.0</TargetFramework>
|
||||
<TargetFramework>net7.0</TargetFramework>
|
||||
<Nullable>enable</Nullable>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Google.Apis.Auth" Version="1.58.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.11" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.0" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.0" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.0" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="7.0.0">
|
||||
|
||||
Reference in New Issue
Block a user