Feature: Add token validation, basic confirmation workflow (#164)

src/Core/Infrastructure/Infrastructure.Jwt/ITokenInfrastructure.cs

@@ -1,6 +1,15 @@
+using System.Security.Claims;
+
 namespace Infrastructure.Jwt;
 
 public interface ITokenInfrastructure
 {
-    string GenerateJwt(Guid userId, string username, DateTime expiry);
-}
+    string GenerateJwt(
+        Guid userId,
+        string username,
+        DateTime expiry,
+        string secret
+    );
+
+    Task<ClaimsPrincipal> ValidateJwtAsync(string token, string secret);
+}

src/Core/Infrastructure/Infrastructure.Jwt/Infrastructure.Jwt.csproj

@@ -16,4 +16,8 @@
       Version="8.2.1"
     />
   </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Domain\Domain.Exceptions\Domain.Exceptions.csproj" />
+  </ItemGroup>
 </Project>

src/Core/Infrastructure/Infrastructure.Jwt/JwtInfrastructure.cs

@@ -3,28 +3,33 @@ using System.Text;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
 using JwtRegisteredClaimNames = System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames;
+using Domain.Exceptions;
 
 namespace Infrastructure.Jwt;
 
 public class JwtInfrastructure : ITokenInfrastructure
 {
-    private readonly string? _secret = Environment.GetEnvironmentVariable(
-        "JWT_SECRET"
-    );
-
-    public string GenerateJwt(Guid userId, string username, DateTime expiry)
+    public string GenerateJwt(
+        Guid userId,
+        string username,
+        DateTime expiry,
+        string secret
+    )
     {
         var handler = new JsonWebTokenHandler();
-
-        var key = Encoding.UTF8.GetBytes(
-            _secret ?? throw new InvalidOperationException("secret not set")
-        );
-
-        // Base claims (always present)
+        var key = Encoding.UTF8.GetBytes(secret);
         var claims = new List<Claim>
         {
             new(JwtRegisteredClaimNames.Sub, userId.ToString()),
             new(JwtRegisteredClaimNames.UniqueName, username),
+            new(
+                JwtRegisteredClaimNames.Iat,
+                DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString()
+            ),
+            new(
+                JwtRegisteredClaimNames.Exp,
+                new DateTimeOffset(expiry).ToUnixTimeSeconds().ToString()
+            ),
             new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
         };
 
@@ -40,4 +45,36 @@ public class JwtInfrastructure : ITokenInfrastructure
 
         return handler.CreateToken(tokenDescriptor);
     }
-}
+
+
+    public async Task<ClaimsPrincipal> ValidateJwtAsync(
+        string token,
+        string secret
+    )
+    {
+        var handler = new JsonWebTokenHandler();
+        var keyBytes = Encoding.UTF8.GetBytes(
+            secret
+        );
+        var parameters = new TokenValidationParameters
+        {
+            ValidateIssuer = false,
+            ValidateAudience = false,
+            ValidateLifetime = true,
+            IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
+        };
+
+        try
+        {
+            var result = await handler.ValidateTokenAsync(token, parameters);
+            if (!result.IsValid || result.ClaimsIdentity == null)
+                throw new UnauthorizedAccessException();
+            
+            return new ClaimsPrincipal(result.ClaimsIdentity);
+        }
+        catch (Exception e)
+        {
+            throw new UnauthorizedException("Invalid token");
+        }
+    }
+}