sheptikhinv/survey-webapp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

massive work on user auth

Browse source
This commit is contained in:
Вячеслав 2025-04-08 19:08:17 +05:00
parent 35331a87f1
commit c2bcaf0832
17 changed files with 186 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
SurveyBackend/SurveyBackend.API/Controllers/AuthController.cs
View file

@ -8,7 +8,7 @@ namespace SurveyBackend.Controllers;
public class AuthController : ControllerBase public class AuthController : ControllerBase
{ {
[HttpPost("login")] [HttpPost("login")]
public async Task<IActionResult> GetToken([FromBody] UserLoginDTO loginData) public async Task<IActionResult> GetToken([FromBody] UserLoginDto loginData)
{ {
return Ok(); return Ok();
} }

2
SurveyBackend/SurveyBackend.API/DTOs/UserLoginDTO.cs → SurveyBackend/SurveyBackend.API/DTOs/UserLoginDto.cs
View file

@ -1,6 +1,6 @@
namespace SurveyBackend.DTOs; namespace SurveyBackend.DTOs;
public record UserLoginDTO public record UserLoginDto
{ {
public required string Email { get; set; } public required string Email { get; set; }
public required string Password { get; set; } public required string Password { get; set; }

2
SurveyBackend/SurveyBackend.API/DTOs/UserRegistrationDTO.cs → SurveyBackend/SurveyBackend.API/DTOs/UserRegistrationDto.cs
View file

@ -1,6 +1,6 @@
namespace SurveyBackend.DTOs; namespace SurveyBackend.DTOs;
public record UserRegistrationDTO public record UserRegistrationDto
{ {
public string Email { get; set; } public string Email { get; set; }
public string Username { get; set; } public string Username { get; set; }

31
SurveyBackend/SurveyBackend.API/Program.cs
View file

@ -1,6 +1,8 @@
using Microsoft.AspNetCore.Identity; using System.Text;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using SurveyBackend.Core.Models; using Microsoft.IdentityModel.Tokens;
using SurveyBackend.Infrastructure;
using SurveyBackend.Infrastructure.Data; using SurveyBackend.Infrastructure.Data;
namespace SurveyBackend; namespace SurveyBackend;
@ -11,33 +13,44 @@ public class Program
{ {
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
// Add services to the container. AuthOptions.MakeOptions(builder.Configuration, Environment.GetEnvironmentVariable("JWT_SECRET_KEY"));
builder.Services.AddAuthorization(); builder.Services.AddAuthorization();
builder.Services.AddDbContext<DataContext>(options => builder.Services.AddDbContext<ApplicationDbContext>(options =>
{ {
options.UseSqlite(builder.Configuration.GetConnectionString("DefaultConnection")); options.UseSqlite(builder.Configuration.GetConnectionString("DefaultConnection"));
}); });
builder.Services.AddIdentity<User, IdentityRole<int>>(options => { }) builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddEntityFrameworkStores<DataContext>() .AddJwtBearer(options =>
.AddDefaultTokenProviders(); {
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = AuthOptions.Issuer,
ValidAudience = AuthOptions.Audience,
IssuerSigningKey = AuthOptions.SymmetricSecurityKey
};
});
builder.Services.AddControllers(); builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(); builder.Services.AddSwaggerGen();
var app = builder.Build(); var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment()) if (app.Environment.IsDevelopment())
{ {
app.UseSwagger(); app.UseSwagger();
app.UseSwaggerUI(); app.UseSwaggerUI();
} }
app.UseAuthentication();
app.UseAuthorization(); app.UseAuthorization();
app.MapControllers(); app.MapControllers();

1
SurveyBackend/SurveyBackend.API/SurveyBackend.API.csproj
View file

@ -8,6 +8,7 @@
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.14" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.2"/> <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.2"/>
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.3" /> <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.3" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0"/> <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0"/>

6
SurveyBackend/SurveyBackend.API/appsettings.Development.json
View file

@ -7,5 +7,11 @@
}, },
"ConnectionStrings": { "ConnectionStrings": {
"DefaultConnection": "Data Source=Application.db" "DefaultConnection": "Data Source=Application.db"
},
"JwtSettings": {
"SecretKey": "sigma_super_secret_key_for_jwt_tokens_yo",
"Issuer": "SurveyBackend",
"Audience": "SurveyClient",
"ExpiresInMinutes": 600
} }
} }

6
SurveyBackend/SurveyBackend.API/appsettings.json
View file

@ -8,5 +8,11 @@
"AllowedHosts": "*", "AllowedHosts": "*",
"ConnectionStrings": { "ConnectionStrings": {
"DefaultConnection": "Data Source=Application.db" "DefaultConnection": "Data Source=Application.db"
},
"JwtSettings": {
"SecretKey": "sigma_super_secret_key_for_jwt_tokens_yo_that_should_be_stored_in_ENV",
"Issuer": "SurveyBackend",
"Audience": "SurveyClient",
"ExpiresInMinutes": 600
} }
} }

6
SurveyBackend/SurveyBackend.Core/Models/User.cs
View file

@ -2,10 +2,14 @@ using Microsoft.AspNetCore.Identity;
namespace SurveyBackend.Core.Models; namespace SurveyBackend.Core.Models;
public class User : IdentityUser<int> public class User
{ {
public string Id { get; set; }
public string Email { get; set; }
public string FirstName { get; set; } public string FirstName { get; set; }
public string LastName { get; set; } public string LastName { get; set; }
public string Password { get; set; }
public ICollection<Group> Groups { get; set; } public ICollection<Group> Groups { get; set; }
} }

6
SurveyBackend/SurveyBackend.Core/Services/IUserService.cs Normal file
View file

@ -0,0 +1,6 @@
namespace SurveyBackend.Core.Services;
public interface IUserService
{
}

1
SurveyBackend/SurveyBackend.Core/SurveyBackend.Core.csproj
View file

@ -7,7 +7,6 @@
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.3.1" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.14" /> <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.14" />
</ItemGroup> </ItemGroup>

32
SurveyBackend/SurveyBackend.Infrastructure/AuthOptions.cs Normal file
View file

@ -0,0 +1,32 @@
using System.Text;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
namespace SurveyBackend.Infrastructure;
public static class AuthOptions
{
public static string Issuer;
public static string Audience;
public static TimeSpan TokenLifetime;
private static string? SecurityKey { get; set; }
public static SymmetricSecurityKey SymmetricSecurityKey
{
get
{
ArgumentNullException.ThrowIfNull(SecurityKey);
return new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SecurityKey));
}
}
public static void MakeOptions(IConfigurationManager configurationManager, string? securityKey = null)
{
var jwtSettings = configurationManager.GetSection("JwtSettings");
Issuer = jwtSettings["Issuer"] ?? "DefaultIssuer";
Audience = jwtSettings["Audience"] ?? "DefaultAudience";
TokenLifetime = TimeSpan.FromMinutes(int.Parse(jwtSettings["TokenLifetime"] ?? "60"));
SecurityKey = securityKey ?? jwtSettings["SecretKey"];
}
}

6
SurveyBackend/SurveyBackend.Infrastructure/Data/DataContext.cs → SurveyBackend/SurveyBackend.Infrastructure/Data/ApplicationDbContext.cs
View file

@ -5,12 +5,12 @@ using SurveyBackend.Core.Models;
namespace SurveyBackend.Infrastructure.Data; namespace SurveyBackend.Infrastructure.Data;
public class DataContext : IdentityDbContext<User, IdentityRole<int>, int> public class ApplicationDbContext : DbContext
{ {
public DbSet<User> Users { get; set; }
public DbSet<Group> Groups { get; set; } public DbSet<Group> Groups { get; set; }
public DataContext(DbContextOptions<DataContext> options) : base(options) public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
{ {
Database.EnsureCreated();
} }
} }

31
SurveyBackend/SurveyBackend.Infrastructure/Helpers/TokenHelper.cs Normal file
View file

@ -0,0 +1,31 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Microsoft.IdentityModel.Tokens;
using SurveyBackend.Core.Models;
namespace SurveyBackend.Infrastructure.Helpers;
public class TokenHelper
{
public static string GetAuthToken(User user)
{
var userId = user.Id.ToString();
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, userId)
};
var jwt = new JwtSecurityToken(
claims: claims,
issuer: AuthOptions.Issuer,
audience: AuthOptions.Audience,
expires: DateTime.UtcNow + AuthOptions.TokenLifetime,
signingCredentials: new SigningCredentials(AuthOptions.SymmetricSecurityKey, SecurityAlgorithms.HmacSha256)
);
var token = new JwtSecurityTokenHandler().WriteToken(jwt);
return token;
}
}

4
SurveyBackend/SurveyBackend.Infrastructure/Repositories/UserRepository.cs
View file

@ -7,9 +7,9 @@ namespace SurveyBackend.Infrastructure.Repositories;
public class UserRepository : IUserRepository public class UserRepository : IUserRepository
{ {
private readonly DataContext _context; private readonly ApplicationDbContext _context;
public UserRepository(DataContext context) public UserRepository(ApplicationDbContext context)
{ {
_context = context; _context = context;
} }

7
SurveyBackend/SurveyBackend.Infrastructure/Services/IPasswordHasher.cs Normal file
View file

@ -0,0 +1,7 @@
namespace SurveyBackend.Infrastructure.Services;
public interface IPasswordHasher
{
public string HashPassword(string password);
public bool Verify(string password, string hashedPassword);
}

61
SurveyBackend/SurveyBackend.Infrastructure/Services/Sha256PasswordHasher.cs Normal file
View file

@ -0,0 +1,61 @@
using System.Security.Cryptography;
namespace SurveyBackend.Infrastructure.Services;
public class Sha256PasswordHasher : IPasswordHasher
{
private const int RehashCount = 10000;
private const int HashSizeBytes = 16;
private const int SaltSizeBytes = 16;
public string HashPassword(string password)
{
var saltBytes = RandomNumberGenerator.GetBytes(SaltSizeBytes);
using var deriveBytes = GetDeriveBytes(password, saltBytes);
var hashBytes = deriveBytes.GetBytes(HashSizeBytes);
var fullHashBytes = new byte[SaltSizeBytes + HashSizeBytes];
Array.Copy(saltBytes, 0, fullHashBytes, 0, SaltSizeBytes);
Array.Copy(hashBytes, 0, fullHashBytes, SaltSizeBytes, HashSizeBytes);
var hashedPassword = Convert.ToBase64String(fullHashBytes);
return hashedPassword;
}
public bool Verify(string password, string hashedPassword)
{
var fullHashBytes = Convert.FromBase64String(hashedPassword);
var saltBytes = new byte[SaltSizeBytes];
Array.Copy(fullHashBytes, 0, saltBytes, 0, SaltSizeBytes);
using var deriveBytes = GetDeriveBytes(password, saltBytes);
var hashBytes = deriveBytes.GetBytes(HashSizeBytes);
var isMatch = CompareHashes(hashBytes, fullHashBytes);
return isMatch;
}
private static bool CompareHashes(byte[] hashBytes, byte[] fullHashBytes)
{
for (var i = 0; i < HashSizeBytes; i++)
if (hashBytes[i] != fullHashBytes[i + SaltSizeBytes])
return false;
return true;
}
private static Rfc2898DeriveBytes GetDeriveBytes(string password, byte[] saltBytes)
{
return new Rfc2898DeriveBytes(password, saltBytes, RehashCount, HashAlgorithmName.SHA256);
}
}

1
SurveyBackend/SurveyBackend.Infrastructure/SurveyBackend.Infrastructure.csproj
View file

@ -8,6 +8,7 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.3" /> <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.3" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.1.2" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>