Move dotnet api into new directory

2026-06-01 01:54:00 +00:00 · 2026-04-27 15:59:17 -04:00
parent e8c5b8a80c
commit 189bce040b
132 changed files with 0 additions and 0 deletions
--- a/web/backend/API/API.Core/Authentication/JwtAuthenticationHandler.cs
+++ b/web/backend/API/API.Core/Authentication/JwtAuthenticationHandler.cs
@@ -0,0 +1,86 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Text.Json;
+using API.Core.Contracts.Common;
+using Infrastructure.Jwt;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Options;
+
+namespace API.Core.Authentication;
+
+public class JwtAuthenticationHandler(
+    IOptionsMonitor<JwtAuthenticationOptions> options,
+    ILoggerFactory logger,
+    UrlEncoder encoder,
+    ITokenInfrastructure tokenInfrastructure,
+    IConfiguration configuration
+) : AuthenticationHandler<JwtAuthenticationOptions>(options, logger, encoder)
+{
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        // Use the same access-token secret source as TokenService to avoid mismatched validation.
+        var secret = Environment.GetEnvironmentVariable("ACCESS_TOKEN_SECRET");
+        if (string.IsNullOrWhiteSpace(secret))
+        {
+            secret = configuration["Jwt:SecretKey"];
+        }
+
+        if (string.IsNullOrWhiteSpace(secret))
+        {
+            return AuthenticateResult.Fail("JWT secret is not configured");
+        }
+
+        // Check if Authorization header exists
+        if (
+            !Request.Headers.TryGetValue(
+                "Authorization",
+                out var authHeaderValue
+            )
+        )
+        {
+            return AuthenticateResult.Fail("Authorization header is missing");
+        }
+
+        var authHeader = authHeaderValue.ToString();
+        if (
+            !authHeader.StartsWith(
+                "Bearer ",
+                StringComparison.OrdinalIgnoreCase
+            )
+        )
+        {
+            return AuthenticateResult.Fail(
+                "Invalid authorization header format"
+            );
+        }
+
+        var token = authHeader.Substring("Bearer ".Length).Trim();
+
+        try
+        {
+            var claimsPrincipal = await tokenInfrastructure.ValidateJwtAsync(
+                token,
+                secret
+            );
+            var ticket = new AuthenticationTicket(claimsPrincipal, Scheme.Name);
+            return AuthenticateResult.Success(ticket);
+        }
+        catch (Exception ex)
+        {
+            return AuthenticateResult.Fail(
+                $"Token validation failed: {ex.Message}"
+            );
+        }
+    }
+
+    protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
+    {
+        Response.ContentType = "application/json";
+        Response.StatusCode = 401;
+
+        var response = new ResponseBody { Message = "Unauthorized: Invalid or missing authentication token" };
+        await Response.WriteAsJsonAsync(response);
+    }
+}
+
+public class JwtAuthenticationOptions : AuthenticationSchemeOptions { }