mirror of
https://github.com/aaronpo97/the-biergarten-app.git
synced 2026-07-16 17:47:22 +00:00
code style cleanup
This commit is contained in:
@@ -3,12 +3,12 @@ using System.Security.Claims;
|
||||
namespace Infrastructure.Jwt;
|
||||
|
||||
/// <summary>
|
||||
/// Service for generating and validating JSON Web Tokens (JWTs) used for authentication.
|
||||
/// Service for generating and validating JSON Web Tokens (JWTs) used for authentication.
|
||||
/// </summary>
|
||||
public interface ITokenInfrastructure
|
||||
{
|
||||
/// <summary>
|
||||
/// Generates a signed JWT for the given user.
|
||||
/// Generates a signed JWT for the given user.
|
||||
/// </summary>
|
||||
/// <param name="userId">The unique identifier of the user the token is issued for.</param>
|
||||
/// <param name="username">The username of the user, included as a claim.</param>
|
||||
@@ -23,11 +23,14 @@ public interface ITokenInfrastructure
|
||||
);
|
||||
|
||||
/// <summary>
|
||||
/// Validates a JWT and returns the resulting claims principal.
|
||||
/// Validates a JWT and returns the resulting claims principal.
|
||||
/// </summary>
|
||||
/// <param name="token">The JWT string to validate.</param>
|
||||
/// <param name="secret">The symmetric secret used to verify the token's signature.</param>
|
||||
/// <returns>A <see cref="ClaimsPrincipal"/> representing the validated token's claims.</returns>
|
||||
/// <exception cref="Domain.Exceptions.UnauthorizedException">Thrown when the token is invalid, expired, or fails validation.</exception>
|
||||
/// <returns>A <see cref="ClaimsPrincipal" /> representing the validated token's claims.</returns>
|
||||
/// <exception cref="Domain.Exceptions.UnauthorizedException">
|
||||
/// Thrown when the token is invalid, expired, or fails
|
||||
/// validation.
|
||||
/// </exception>
|
||||
Task<ClaimsPrincipal> ValidateJwtAsync(string token, string secret);
|
||||
}
|
||||
@@ -1,23 +1,23 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<RootNamespace>Infrastructure.Jwt</RootNamespace>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<RootNamespace>Infrastructure.Jwt</RootNamespace>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference
|
||||
Include="Microsoft.IdentityModel.JsonWebTokens"
|
||||
Version="8.2.1"
|
||||
/>
|
||||
<PackageReference
|
||||
Include="System.IdentityModel.Tokens.Jwt"
|
||||
Version="8.2.1"
|
||||
/>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference
|
||||
Include="Microsoft.IdentityModel.JsonWebTokens"
|
||||
Version="8.2.1"
|
||||
/>
|
||||
<PackageReference
|
||||
Include="System.IdentityModel.Tokens.Jwt"
|
||||
Version="8.2.1"
|
||||
/>
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\..\Domain\Domain.Exceptions\Domain.Exceptions.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\..\Domain\Domain.Exceptions\Domain.Exceptions.csproj"/>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -1,24 +1,24 @@
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using Domain.Exceptions;
|
||||
using Microsoft.IdentityModel.JsonWebTokens;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using JwtRegisteredClaimNames = System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames;
|
||||
using Domain.Exceptions;
|
||||
|
||||
namespace Infrastructure.Jwt;
|
||||
|
||||
/// <summary>
|
||||
/// Generates and validates HMAC-SHA256 signed JWTs using <see cref="JsonWebTokenHandler"/>.
|
||||
/// Generates and validates HMAC-SHA256 signed JWTs using <see cref="JsonWebTokenHandler" />.
|
||||
/// </summary>
|
||||
public class JwtInfrastructure : ITokenInfrastructure
|
||||
{
|
||||
/// <summary>
|
||||
/// Generates a signed JWT containing the user's ID, username, issued-at time, expiry time,
|
||||
/// and a unique token identifier (JTI), signed using HMAC-SHA256 with the provided secret.
|
||||
/// Generates a signed JWT containing the user's ID, username, issued-at time, expiry time,
|
||||
/// and a unique token identifier (JTI), signed using HMAC-SHA256 with the provided secret.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Sets the following registered claims: <c>sub</c> (userId), <c>unique_name</c> (username),
|
||||
/// <c>iat</c> (current UTC time), <c>exp</c> (expiry), and <c>jti</c> (a newly generated GUID).
|
||||
/// Sets the following registered claims: <c>sub</c> (userId), <c>unique_name</c> (username),
|
||||
/// <c>iat</c> (current UTC time), <c>exp</c> (expiry), and <c>jti</c> (a newly generated GUID).
|
||||
/// </remarks>
|
||||
/// <param name="userId">The unique identifier of the user the token is issued for.</param>
|
||||
/// <param name="username">The username of the user, included as a claim.</param>
|
||||
@@ -32,31 +32,31 @@ public class JwtInfrastructure : ITokenInfrastructure
|
||||
string secret
|
||||
)
|
||||
{
|
||||
var handler = new JsonWebTokenHandler();
|
||||
var key = Encoding.UTF8.GetBytes(secret);
|
||||
var claims = new List<Claim>
|
||||
JsonWebTokenHandler handler = new();
|
||||
byte[] key = Encoding.UTF8.GetBytes(secret);
|
||||
List<Claim> claims = new()
|
||||
{
|
||||
new(JwtRegisteredClaimNames.Sub, userId.ToString()),
|
||||
new(JwtRegisteredClaimNames.UniqueName, username),
|
||||
new(
|
||||
new Claim(JwtRegisteredClaimNames.Sub, userId.ToString()),
|
||||
new Claim(JwtRegisteredClaimNames.UniqueName, username),
|
||||
new Claim(
|
||||
JwtRegisteredClaimNames.Iat,
|
||||
DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString()
|
||||
),
|
||||
new(
|
||||
new Claim(
|
||||
JwtRegisteredClaimNames.Exp,
|
||||
new DateTimeOffset(expiry).ToUnixTimeSeconds().ToString()
|
||||
),
|
||||
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
||||
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
|
||||
};
|
||||
|
||||
var tokenDescriptor = new SecurityTokenDescriptor
|
||||
SecurityTokenDescriptor tokenDescriptor = new()
|
||||
{
|
||||
Subject = new ClaimsIdentity(claims),
|
||||
Expires = expiry,
|
||||
SigningCredentials = new SigningCredentials(
|
||||
new SymmetricSecurityKey(key),
|
||||
SecurityAlgorithms.HmacSha256
|
||||
),
|
||||
)
|
||||
};
|
||||
|
||||
return handler.CreateToken(tokenDescriptor);
|
||||
@@ -64,39 +64,39 @@ public class JwtInfrastructure : ITokenInfrastructure
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Validates a JWT's signature and lifetime (issuer and audience validation are disabled),
|
||||
/// using the provided secret as the HMAC-SHA256 symmetric signing key.
|
||||
/// Validates a JWT's signature and lifetime (issuer and audience validation are disabled),
|
||||
/// using the provided secret as the HMAC-SHA256 symmetric signing key.
|
||||
/// </summary>
|
||||
/// <param name="token">The JWT string to validate.</param>
|
||||
/// <param name="secret">The symmetric secret used to verify the token's signature (encoded as UTF-8 bytes).</param>
|
||||
/// <returns>A <see cref="ClaimsPrincipal"/> wrapping the validated token's claims identity.</returns>
|
||||
/// <returns>A <see cref="ClaimsPrincipal" /> wrapping the validated token's claims identity.</returns>
|
||||
/// <exception cref="UnauthorizedException">
|
||||
/// Thrown when the token is invalid, has no claims identity, is expired, or otherwise fails validation
|
||||
/// (including when validation itself throws, e.g. due to a malformed token or signature mismatch).
|
||||
/// Thrown when the token is invalid, has no claims identity, is expired, or otherwise fails validation
|
||||
/// (including when validation itself throws, e.g. due to a malformed token or signature mismatch).
|
||||
/// </exception>
|
||||
public async Task<ClaimsPrincipal> ValidateJwtAsync(
|
||||
string token,
|
||||
string secret
|
||||
)
|
||||
{
|
||||
var handler = new JsonWebTokenHandler();
|
||||
var keyBytes = Encoding.UTF8.GetBytes(
|
||||
JsonWebTokenHandler handler = new();
|
||||
byte[] keyBytes = Encoding.UTF8.GetBytes(
|
||||
secret
|
||||
);
|
||||
var parameters = new TokenValidationParameters
|
||||
TokenValidationParameters parameters = new()
|
||||
{
|
||||
ValidateIssuer = false,
|
||||
ValidateAudience = false,
|
||||
ValidateLifetime = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
|
||||
IssuerSigningKey = new SymmetricSecurityKey(keyBytes)
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
var result = await handler.ValidateTokenAsync(token, parameters);
|
||||
TokenValidationResult? result = await handler.ValidateTokenAsync(token, parameters);
|
||||
if (!result.IsValid || result.ClaimsIdentity == null)
|
||||
throw new UnauthorizedAccessException();
|
||||
|
||||
|
||||
return new ClaimsPrincipal(result.ClaimsIdentity);
|
||||
}
|
||||
catch (Exception e)
|
||||
|
||||
Reference in New Issue
Block a user