AaronPo/the-biergarten-app
1
0
Fork 0
mirror of https://github.com/aaronpo97/the-biergarten-app.git synced 2026-04-05 18:09:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Format API directory

Browse Source
This commit is contained in:
Aaron Po
2026-03-02 22:35:18 -05:00
parent 769c717405
commit f6dc64b88b
11 changed files with 324 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.csharpierrc.json
View File

@@ -1,9 +1,19 @@
{
"$schema": "https://json.schemastore.org/csharpier.json",
"printWidth": 80,
"useTabs": false,
"tabWidth": 4,
"endOfLine": "auto",
"indentStyle": "space",
"lineEndings": "auto",
"wrapLineLength": 80
"indentSize": 4,
"endOfLine": "lf",
"overrides": [
{
"files": "*.xml",
"indentSize": 2
},
{
"files": "*.csx",
"printWidth": 80
}
]
}

19
src/Core/API/API.Core/API.Core.csproj
View File

@@ -8,9 +8,15 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.11" />
<PackageReference
Include="Microsoft.AspNetCore.OpenApi"
Version="9.0.11"
/>
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
<PackageReference Include="FluentValidation.AspNetCore" Version="11.3.0" />
<PackageReference
Include="FluentValidation.AspNetCore"
Version="11.3.0"
/>
</ItemGroup>
<ItemGroup>
@@ -20,12 +26,9 @@
<ItemGroup>
<ProjectReference Include="..\..\Domain\Domain.Entities\Domain.Entities.csproj" />
<ProjectReference Include="..\..\Domain\Domain.Exceptions\Domain.Exceptions.csproj" />
<ProjectReference
Include="..\..\Infrastructure\Infrastructure.Email\Infrastructure.Email.csproj" />
<ProjectReference
Include="..\..\Infrastructure\Infrastructure.Email.Templates\Infrastructure.Email.Templates.csproj" />
<ProjectReference
Include="..\..\Infrastructure\Infrastructure.Repository\Infrastructure.Repository.csproj" />
<ProjectReference Include="..\..\Infrastructure\Infrastructure.Email\Infrastructure.Email.csproj" />
<ProjectReference Include="..\..\Infrastructure\Infrastructure.Email.Templates\Infrastructure.Email.Templates.csproj" />
<ProjectReference Include="..\..\Infrastructure\Infrastructure.Repository\Infrastructure.Repository.csproj" />
<ProjectReference Include="..\..\Infrastructure\Infrastructure.Jwt\Infrastructure.Jwt.csproj" />
<ProjectReference Include="..\..\Service\Service.Auth\Service.Auth.csproj" />
<ProjectReference Include="..\..\Service\Service.UserManagement\Service.UserManagement.csproj" />

38
src/Core/API/API.Core/Authentication/JwtAuthenticationHandler.cs
View File

@@ -17,36 +17,54 @@ public class JwtAuthenticationHandler(
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
// Get the JWT secret from configuration
var secret = configuration["Jwt:SecretKey"]
?? throw new InvalidOperationException("JWT SecretKey is not configured");
var secret =
configuration["Jwt:SecretKey"]
?? throw new InvalidOperationException(
"JWT SecretKey is not configured"
);
// Check if Authorization header exists
if (!Request.Headers.TryGetValue("Authorization", out var authHeaderValue))
if (
!Request.Headers.TryGetValue(
"Authorization",
out var authHeaderValue
)
)
{
return AuthenticateResult.Fail("Authorization header is missing");
}
var authHeader = authHeaderValue.ToString();
if (!authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
if (
!authHeader.StartsWith(
"Bearer ",
StringComparison.OrdinalIgnoreCase
)
)
{
return AuthenticateResult.Fail("Invalid authorization header format");
return AuthenticateResult.Fail(
"Invalid authorization header format"
);
}
var token = authHeader.Substring("Bearer ".Length).Trim();
try
{
var claimsPrincipal = await tokenInfrastructure.ValidateJwtAsync(token, secret);
var claimsPrincipal = await tokenInfrastructure.ValidateJwtAsync(
token,
secret
);
var ticket = new AuthenticationTicket(claimsPrincipal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
catch (Exception ex)
{
return AuthenticateResult.Fail($"Token validation failed: {ex.Message}");
return AuthenticateResult.Fail(
$"Token validation failed: {ex.Message}"
);
}
}
}
public class JwtAuthenticationOptions : AuthenticationSchemeOptions
{
}
public class JwtAuthenticationOptions : AuthenticationSchemeOptions { }

4
src/Core/API/API.Core/Contracts/Auth/AuthDTO.cs
View File

@@ -18,6 +18,4 @@ public record RegistrationPayload(
bool ConfirmationEmailSent
);
public record ConfirmationPayload(
Guid UserAccountId,
DateTime ConfirmedDate);
public record ConfirmationPayload(Guid UserAccountId, DateTime ConfirmedDate);

4
src/Core/API/API.Core/Controllers/AuthController.cs
View File

@@ -87,9 +87,7 @@ namespace API.Core.Controllers
[FromBody] RefreshTokenRequest req
)
{
var rtn = await tokenService.RefreshTokenAsync(
req.RefreshToken
);
var rtn = await tokenService.RefreshTokenAsync(req.RefreshToken);
return Ok(
new ResponseBody<LoginPayload>

8
src/Core/API/API.Core/Controllers/ProtectedController.cs
View File

@@ -1,7 +1,7 @@
using System.Security.Claims;
using API.Core.Contracts.Common;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
namespace API.Core.Controllers;
@@ -20,11 +20,7 @@ public class ProtectedController : ControllerBase
new ResponseBody<object>
{
Message = "Protected endpoint accessed successfully",
Payload = new
{
userId,
username
}
Payload = new { userId, username },
}
);
}

8
src/Core/API/API.Core/Program.cs
View File

@@ -72,8 +72,12 @@ builder.Services.AddScoped<IConfirmationService, ConfirmationService>();
builder.Services.AddScoped<GlobalExceptionFilter>();
// Configure JWT Authentication
builder.Services.AddAuthentication("JWT")
.AddScheme<JwtAuthenticationOptions, JwtAuthenticationHandler>("JWT", options => { });
builder
.Services.AddAuthentication("JWT")
.AddScheme<JwtAuthenticationOptions, JwtAuthenticationHandler>(
"JWT",
options => { }
);
builder.Services.AddAuthorization();

10
src/Core/API/API.Specs/Steps/ApiGeneralSteps.cs
View File

@@ -196,8 +196,14 @@ public class ApiGeneralSteps(ScenarioContext scenario)
field
);
var actualValue = value.GetString();
actualValue.Should().Contain(expectedSubstring,
actualValue
.Should()
.Contain(
expectedSubstring,
"Expected field '{0}' to contain '{1}' but was '{2}'",
field, expectedSubstring, actualValue);
field,
expectedSubstring,
actualValue
);
}
}

190
src/Core/API/API.Specs/Steps/AuthSteps.cs
View File

@@ -300,9 +300,16 @@ public class AuthSteps(ScenarioContext scenario)
};
var body = JsonSerializer.Serialize(registrationData);
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/register")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/register"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -318,9 +325,16 @@ public class AuthSteps(ScenarioContext scenario)
var loginData = new { username = "test.user", password = "password" };
var body = JsonSerializer.Serialize(loginData);
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/login")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/login"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -330,13 +344,17 @@ public class AuthSteps(ScenarioContext scenario)
var root = doc.RootElement;
if (root.TryGetProperty("payload", out var payloadElem))
{
if (payloadElem.TryGetProperty("accessToken", out var tokenElem) ||
payloadElem.TryGetProperty("AccessToken", out tokenElem))
if (
payloadElem.TryGetProperty("accessToken", out var tokenElem)
|| payloadElem.TryGetProperty("AccessToken", out tokenElem)
)
{
scenario["accessToken"] = tokenElem.GetString();
}
if (payloadElem.TryGetProperty("refreshToken", out var refreshElem) ||
payloadElem.TryGetProperty("RefreshToken", out refreshElem))
if (
payloadElem.TryGetProperty("refreshToken", out var refreshElem)
|| payloadElem.TryGetProperty("RefreshToken", out refreshElem)
)
{
scenario["refreshToken"] = refreshElem.GetString();
}
@@ -363,13 +381,20 @@ public class AuthSteps(ScenarioContext scenario)
scenario["confirmationToken"] = "valid-confirmation-token";
}
[When("I submit a request to a protected endpoint with a valid access token")]
[When(
"I submit a request to a protected endpoint with a valid access token"
)]
public async Task WhenISubmitARequestToAProtectedEndpointWithAValidAccessToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("accessToken", out var t) ? t : "invalid-token";
var token = scenario.TryGetValue<string>("accessToken", out var t)
? t
: "invalid-token";
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", $"Bearer {token}" } },
};
@@ -378,11 +403,16 @@ public class AuthSteps(ScenarioContext scenario)
scenario[ResponseKey] = response;
}
[When("I submit a request to a protected endpoint with an invalid access token")]
[When(
"I submit a request to a protected endpoint with an invalid access token"
)]
public async Task WhenISubmitARequestToAProtectedEndpointWithAnInvalidAccessToken()
{
var client = GetClient();
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", "Bearer invalid-token-format" } },
};
@@ -395,12 +425,21 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitAConfirmationRequestWithTheValidToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("confirmationToken", out var t) ? t : "valid-token";
var token = scenario.TryGetValue<string>("confirmationToken", out var t)
? t
: "valid-token";
var body = JsonSerializer.Serialize(new { token });
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/confirm")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/confirm"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -413,11 +452,20 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitAConfirmationRequestWithAMalformedToken()
{
var client = GetClient();
var body = JsonSerializer.Serialize(new { token = "malformed-token-not-jwt" });
var body = JsonSerializer.Serialize(
new { token = "malformed-token-not-jwt" }
);
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/confirm")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/confirm"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -430,12 +478,21 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitARefreshTokenRequestWithTheValidRefreshToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("refreshToken", out var t) ? t : "valid-refresh-token";
var token = scenario.TryGetValue<string>("refreshToken", out var t)
? t
: "valid-refresh-token";
var body = JsonSerializer.Serialize(new { refreshToken = token });
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/refresh")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/refresh"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -449,11 +506,20 @@ public class AuthSteps(ScenarioContext scenario)
{
var client = GetClient();
// Use an expired token
var body = JsonSerializer.Serialize(new { refreshToken = "expired-refresh-token" });
var body = JsonSerializer.Serialize(
new { refreshToken = "expired-refresh-token" }
);
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/refresh")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/refresh"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -468,9 +534,16 @@ public class AuthSteps(ScenarioContext scenario)
var client = GetClient();
var body = JsonSerializer.Serialize(new { });
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/auth/refresh")
var requestMessage = new HttpRequestMessage(
HttpMethod.Post,
"/api/auth/refresh"
)
{
Content = new StringContent(body, System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
body,
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -483,9 +556,16 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitARefreshTokenRequestUsingAGETRequest()
{
var client = GetClient();
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/auth/refresh")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/auth/refresh"
)
{
Content = new StringContent("{}", System.Text.Encoding.UTF8, "application/json"),
Content = new StringContent(
"{}",
System.Text.Encoding.UTF8,
"application/json"
),
};
var response = await client.SendAsync(requestMessage);
@@ -497,7 +577,10 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitARequestToAProtectedEndpointWithoutAnAccessToken()
{
var client = GetClient();
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected");
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
);
var response = await client.SendAsync(requestMessage);
scenario[ResponseKey] = response;
@@ -514,16 +597,22 @@ public class AuthSteps(ScenarioContext scenario)
public void GivenIHaveAnAccessTokenSignedWithTheWrongSecret()
{
// Create a token with a different secret
scenario["accessToken"] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
scenario["accessToken"] =
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
}
[When("I submit a request to a protected endpoint with the expired token")]
public async Task WhenISubmitARequestToAProtectedEndpointWithTheExpiredToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("accessToken", out var t) ? t : "expired-token";
var token = scenario.TryGetValue<string>("accessToken", out var t)
? t
: "expired-token";
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", $"Bearer {token}" } },
};
@@ -536,9 +625,14 @@ public class AuthSteps(ScenarioContext scenario)
public async Task WhenISubmitARequestToAProtectedEndpointWithTheTamperedToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("accessToken", out var t) ? t : "tampered-token";
var token = scenario.TryGetValue<string>("accessToken", out var t)
? t
: "tampered-token";
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", $"Bearer {token}" } },
};
@@ -547,13 +641,20 @@ public class AuthSteps(ScenarioContext scenario)
scenario[ResponseKey] = response;
}
[When("I submit a request to a protected endpoint with my refresh token instead of access token")]
[When(
"I submit a request to a protected endpoint with my refresh token instead of access token"
)]
public async Task WhenISubmitARequestToAProtectedEndpointWithMyRefreshTokenInsteadOfAccessToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("refreshToken", out var t) ? t : "refresh-token";
var token = scenario.TryGetValue<string>("refreshToken", out var t)
? t
: "refresh-token";
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", $"Bearer {token}" } },
};
@@ -568,13 +669,20 @@ public class AuthSteps(ScenarioContext scenario)
scenario["confirmationToken"] = "valid-confirmation-token";
}
[When("I submit a request to a protected endpoint with my confirmation token instead of access token")]
[When(
"I submit a request to a protected endpoint with my confirmation token instead of access token"
)]
public async Task WhenISubmitARequestToAProtectedEndpointWithMyConfirmationTokenInsteadOfAccessToken()
{
var client = GetClient();
var token = scenario.TryGetValue<string>("confirmationToken", out var t) ? t : "confirmation-token";
var token = scenario.TryGetValue<string>("confirmationToken", out var t)
? t
: "confirmation-token";
var requestMessage = new HttpRequestMessage(HttpMethod.Get, "/api/protected")
var requestMessage = new HttpRequestMessage(
HttpMethod.Get,
"/api/protected"
)
{
Headers = { { "Authorization", $"Bearer {token}" } },
};