Code refactoring + tests
This commit is contained in:
@@ -9,22 +9,32 @@ using System.Linq;
|
||||
using System.Text;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using BasicDotnetTemplate.MainProject.Models.Settings;
|
||||
using BasicDotnetTemplate.MainProject.Services;
|
||||
using DatabaseSqlServer = BasicDotnetTemplate.MainProject.Models.Database.SqlServer;
|
||||
|
||||
|
||||
namespace BasicDotnetTemplate.MainProject.Core.Attributes
|
||||
{
|
||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
|
||||
public class JwtAuthorizationAttribute : Attribute, IAuthorizationFilter
|
||||
{
|
||||
private readonly string? _policyName;
|
||||
private readonly IJwtService _jwtService;
|
||||
|
||||
public JwtAuthorizationAttribute() { }
|
||||
public JwtAuthorizationAttribute(string policyName)
|
||||
public JwtAuthorizationAttribute(
|
||||
IJwtService jwtService
|
||||
)
|
||||
{
|
||||
_policyName = policyName;
|
||||
_jwtService = jwtService;
|
||||
}
|
||||
|
||||
public static void Unauthorized(AuthorizationFilterContext context)
|
||||
{
|
||||
context.Result = new UnauthorizedResult();
|
||||
}
|
||||
|
||||
public void OnAuthorization(AuthorizationFilterContext context)
|
||||
{
|
||||
DatabaseSqlServer.User? user = null;
|
||||
// If [AllowAnonymous], skip
|
||||
if (context.ActionDescriptor.EndpointMetadata.Any(em => em is AllowAnonymousAttribute))
|
||||
{
|
||||
@@ -34,61 +44,19 @@ namespace BasicDotnetTemplate.MainProject.Core.Attributes
|
||||
var configuration = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
|
||||
var appSettings = new AppSettings();
|
||||
configuration.GetSection("AppSettings").Bind(appSettings);
|
||||
var jwtKey = appSettings.JwtSettings?.Secret ?? String.Empty;
|
||||
var jwtIssuer = appSettings.JwtSettings?.ValidIssuer ?? String.Empty;
|
||||
var jwtAudience = appSettings.JwtSettings?.ValidAudience ?? String.Empty;
|
||||
string? token = null;
|
||||
|
||||
if (string.IsNullOrEmpty(jwtKey) || string.IsNullOrEmpty(jwtIssuer) || string.IsNullOrEmpty(jwtAudience))
|
||||
string? headerAuthorization = context.HttpContext.Request.Headers.Authorization.FirstOrDefault();
|
||||
|
||||
if(!String.IsNullOrEmpty(headerAuthorization))
|
||||
{
|
||||
context.Result = new UnauthorizedResult();
|
||||
return;
|
||||
}
|
||||
|
||||
string[]? authorizations = context.HttpContext.Request.Headers.Authorization.FirstOrDefault()?.Split(" ");
|
||||
if (authorizations != null && authorizations.Length == 2)
|
||||
{
|
||||
token = authorizations[1];
|
||||
}
|
||||
|
||||
if (token == null)
|
||||
{
|
||||
context.Result = new UnauthorizedResult();
|
||||
return;
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var key = Encoding.ASCII.GetBytes(jwtKey);
|
||||
tokenHandler.ValidateToken(token, new TokenValidationParameters
|
||||
user = _jwtService.ValidateToken(headerAuthorization!);
|
||||
if(user == null)
|
||||
{
|
||||
ValidateIssuerSigningKey = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(key),
|
||||
ValidateIssuer = true,
|
||||
ValidIssuer = jwtIssuer,
|
||||
ValidateAudience = true,
|
||||
ValidAudience = jwtAudience,
|
||||
ValidateLifetime = true,
|
||||
ClockSkew = TimeSpan.Zero
|
||||
}, out SecurityToken validatedToken);
|
||||
|
||||
var jwtToken = (JwtSecurityToken)validatedToken;
|
||||
|
||||
if (_policyName != null)
|
||||
{
|
||||
var claim = jwtToken.Claims.FirstOrDefault(c => c.Type == _policyName);
|
||||
if (claim == null)
|
||||
{
|
||||
context.Result = new ForbidResult();
|
||||
return;
|
||||
}
|
||||
Unauthorized(context);
|
||||
}
|
||||
|
||||
}
|
||||
catch
|
||||
else
|
||||
{
|
||||
context.Result = new UnauthorizedResult();
|
||||
Unauthorized(context);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user