Backend authentication

2022-12-09 00:14:05 +01:00
parent 81b5f323eb
commit a2c90f80d5
8 changed files with 83 additions and 60 deletions
--- a/WebAPI/Controllers/AuthController.cs
+++ b/WebAPI/Controllers/AuthController.cs
@@ -1,5 +1,6 @@
 using Google.Apis.Auth;
 using Google.Apis.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos;
@@ -14,6 +15,7 @@ namespace WebAPI.Controllers
 {
    [ApiController]
    [Route("api/[controller]")]
+    // [Authorize]
    public class AuthController : Controller
    {
        private readonly AppDbContext db;
@@ -44,29 +46,27 @@ namespace WebAPI.Controllers

        private dynamic JWTGenerator(User user)
        {
-            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.ASCII.GetBytes(configuration.GetValue<string>("Secret"));

            var tokenDescriptor = new SecurityTokenDescriptor
            {
-                Subject = new ClaimsIdentity(new[] { new Claim("username", user.UserName) }),
-                Expires = DateTime.UtcNow.AddDays(7),
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
+                Subject = new ClaimsIdentity(new[]
+                {
+                new Claim("Id", Guid.NewGuid().ToString()),
+                new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
+                new Claim(JwtRegisteredClaimNames.Jti,
+                Guid.NewGuid().ToString())
+             }),
+                Expires = DateTime.UtcNow.AddMinutes(5),
+                SigningCredentials = new SigningCredentials
+                (new SymmetricSecurityKey(key),
+                SecurityAlgorithms.HmacSha512Signature)
            };
+            var tokenHandler = new JwtSecurityTokenHandler();
            var token = tokenHandler.CreateToken(tokenDescriptor);
-            var encrypterToken = tokenHandler.WriteToken(token);
-
-            HttpContext.Response.Cookies.Append("token", encrypterToken,
-                 new CookieOptions
-                 {
-                     Expires = DateTime.Now.AddDays(7),
-                     HttpOnly = true,
-                     Secure = true,
-                     IsEssential = true,
-                     SameSite = SameSiteMode.None
-                 });
-
-            return new { token = encrypterToken, username = user.UserName };
+            var jwtToken = tokenHandler.WriteToken(token);
+            var stringToken = tokenHandler.WriteToken(token);
+            return new { token = stringToken, id = user.Id };
        }
    }
 }