Backend authentication

Frontend/src/app/app.module.ts

@@ -10,6 +10,7 @@ import { LoginPageComponent } from './components/login-page/login-page.component
 import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
 import { ServiceWorkerModule } from '@angular/service-worker';
 import { LoaderInterceptor } from './interceptors/loader.interceptor';
+import { AuthInterceptor } from './interceptors/auth.interceptor';
 
 
 @NgModule({
@@ -37,6 +38,11 @@ import { LoaderInterceptor } from './interceptors/loader.interceptor';
       useClass: LoaderInterceptor,
       multi: true
     },
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: AuthInterceptor,
+      multi: true
+    },
   ],
   bootstrap: [AppComponent]
 })

Frontend/src/app/auth/auth.service.ts

@@ -15,10 +15,9 @@ export class AuthService {
     private http$: HttpClient
   ) { }
 
-  loadDbUser() {
+  ping() {
     return new Promise((resolve, reject) => {
       const headers = new HttpHeaders({
-        // 'Content-Type': 'application/json',
         'Authorization': `Bearer ${this.apiToken}`
       })
       this.http$.get<any>(`${environment.api.url}/ping/ping`, {
@@ -43,7 +42,7 @@ export class AuthService {
       const header = new HttpHeaders().set('Content-type', 'application/json');
       this.http$.post<any>(`${environment.api.url}/auth/apiToken`,  JSON.stringify(credentials), { headers: header }).subscribe({
         next: (data) => {
-          console.log('apiToken', data);
+          if (this.user) { this.user.id = data.id }
           this.apiToken = data.token;
           resolve(data);
         },

Frontend/src/app/components/login-page/login-page.component.ts

@@ -43,7 +43,6 @@ export class LoginPageComponent implements OnInit {
 
   async handleCredentialResponse(response: any) { 
     try {
-      console.log("Google Response", response);
       const responsePayload: any = jwt_decode(response.credential);
       this.data$.currentUser = new User({
         googleCredentials: response.credential,
@@ -51,10 +50,8 @@ export class LoginPageComponent implements OnInit {
         email: responsePayload.email,
         avatar: responsePayload.picture
       });
-      // this.auth$.loadDbUser();
-      console.log("USer", this.data$.currentUser);
       await this.auth$.getAPIToken(response.credential);
-      // this.auth$.loadDbUser();
+      this.auth$.ping();
       this.ngZone$.run(() => { 
         this.router$.navigate(['/app']);
       });

Frontend/src/app/interceptors/auth.interceptor.ts

@@ -0,0 +1,26 @@
+import { Injectable } from '@angular/core';
+import {
+  HttpRequest,
+  HttpHandler,
+  HttpEvent,
+  HttpInterceptor
+} from '@angular/common/http';
+import { AuthService } from '../auth/auth.service';
+import { Observable } from 'rxjs';
+
+@Injectable()
+export class AuthInterceptor implements HttpInterceptor {
+  constructor(
+    private auth$: AuthService
+  ) { }
+
+  intercept(request: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
+    if (!request.url.includes('/auth/apiToken')) {
+      return next.handle(request.clone({ 
+        headers: request.headers.set('Authorization', `Bearer ${this.auth$.apiToken}`),
+      }));
+    } else {
+      return next.handle(request);
+    }
+  }
+}

Frontend/src/environments/environment.ts

@@ -5,8 +5,8 @@
 export const environment = {
   production: false,
   api: {
-    //url: "http://localhost:5183/api"
+    url: "http://localhost:5400/api"
-    url: "https://diuna.bim-it.pl/api"
+    //url: "https://diuna.bim-it.pl/api"
   },
   google: {
     clientId: "107631825312-bkfe438ehr9k9ecb2h76g802tj6advma.apps.googleusercontent.com"

WebAPI/Controllers/AuthController.cs

@@ -1,5 +1,6 @@
 using Google.Apis.Auth;
 using Google.Apis.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos;
@@ -14,6 +15,7 @@ namespace WebAPI.Controllers
 {
     [ApiController]
     [Route("api/[controller]")]
+    // [Authorize]
     public class AuthController : Controller
     {
         private readonly AppDbContext db;
@@ -44,29 +46,27 @@ namespace WebAPI.Controllers
 
         private dynamic JWTGenerator(User user)
         {
-            var tokenHandler = new JwtSecurityTokenHandler();
             var key = Encoding.ASCII.GetBytes(configuration.GetValue<string>("Secret"));
 
             var tokenDescriptor = new SecurityTokenDescriptor
             {
-                Subject = new ClaimsIdentity(new[] { new Claim("username", user.UserName) }),
+                Subject = new ClaimsIdentity(new[]
-                Expires = DateTime.UtcNow.AddDays(7),
+                {
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
+                new Claim("Id", Guid.NewGuid().ToString()),
+                new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
+                new Claim(JwtRegisteredClaimNames.Jti,
+                Guid.NewGuid().ToString())
+             }),
+                Expires = DateTime.UtcNow.AddMinutes(5),
+                SigningCredentials = new SigningCredentials
+                (new SymmetricSecurityKey(key),
+                SecurityAlgorithms.HmacSha512Signature)
             };
+            var tokenHandler = new JwtSecurityTokenHandler();
             var token = tokenHandler.CreateToken(tokenDescriptor);
-            var encrypterToken = tokenHandler.WriteToken(token);
+            var jwtToken = tokenHandler.WriteToken(token);
-
+            var stringToken = tokenHandler.WriteToken(token);
-            HttpContext.Response.Cookies.Append("token", encrypterToken,
+            return new { token = stringToken, id = user.Id };
-                 new CookieOptions
-                 {
-                     Expires = DateTime.Now.AddDays(7),
-                     HttpOnly = true,
-                     Secure = true,
-                     IsEssential = true,
-                     SameSite = SameSiteMode.None
-                 });
-
-            return new { token = encrypterToken, username = user.UserName };
         }
     }
 }

WebAPI/Program.cs

@@ -25,44 +25,39 @@ builder.Services.AddCors(options =>
     });
 });
 
-builder.Services.AddAuthentication(x =>
-{
-    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-}).AddCookie(x =>
-{
-    x.Cookie.Name = "token";
-
-}).AddJwtBearer(x =>
-{
-    x.RequireHttpsMetadata = false;
-    x.SaveToken = true;
-    x.TokenValidationParameters = new TokenValidationParameters
-    {
-        ValidateIssuerSigningKey = true,
-        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetValue<string>("Secret"))),
-        ValidateIssuer = false,
-        ValidateAudience = false
-    };
-    x.Events = new JwtBearerEvents
-    {
-        OnMessageReceived = context =>
-        {
-            //context.Token = context.Request.Cookies["token"];
-            context.Token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik1pY2hhbCBaaWVsaW5za2kiLCJuYmYiOjE2NzAyODk3NTAsImV4cCI6MTY3MDg5NDU1MCwiaWF0IjoxNjcwMjg5NzUwfQ.XZ1lE_Jio9N5aetvY8qX8rS2xoIcPw3GJWGSatPh1VokQkrILOowvvibdGViQOOi39qGBOFKa8JC61XcaL-1qw";
-            return Task.CompletedTask;
-        }
-    };
-
-});
-
 builder.Services.AddControllers();
+
+builder.Services.AddAuthentication(options =>
+{
+    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(options =>
+{
+    options.TokenValidationParameters = new TokenValidationParameters
+    {
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ValidateLifetime = true,
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Secret"]))
+    };
+});
+builder.Services.AddAuthorization();
+
+
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
 var app = builder.Build();
 
+app.Use(async (context, next) =>
+{
+    context.Request.Headers.TryGetValue("Authorization", out var auth);
+    await next(context);
+});
+
 // Configure the HTTP request pipeline.
 if (app.Environment.IsDevelopment())
 {

WebAPI/WebAPI.csproj

@@ -1,14 +1,14 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net7.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Google.Apis.Auth" Version="1.58.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.11" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="7.0.0">