From 44560e70576e5d62e7ded4c725889594ef978cb1 Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Tue, 25 Mar 2025 13:19:29 +0100 Subject: [PATCH] =?UTF-8?q?feat(Programm):=20Konfiguriert=20f=C3=BCr=20Aut?= =?UTF-8?q?h.API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Models/AuthTokenKeys.cs | 12 +++ DigitalData.UserManager.API/Program.cs | 81 +++++++++++++++++++ DigitalData.UserManager.API/appsettings.json | 13 ++- 3 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 DigitalData.UserManager.API/Models/AuthTokenKeys.cs diff --git a/DigitalData.UserManager.API/Models/AuthTokenKeys.cs b/DigitalData.UserManager.API/Models/AuthTokenKeys.cs new file mode 100644 index 0000000..e0b6b70 --- /dev/null +++ b/DigitalData.UserManager.API/Models/AuthTokenKeys.cs @@ -0,0 +1,12 @@ +namespace DigitalData.UserManager.API.Models; + +public class AuthTokenKeys +{ + public string Cookie { get; init; } = "AuthToken"; + + public string QueryString { get; init; } = "AuthToken"; + + public string Issuer { get; init; } = "auth.digitaldata.works"; + + public string Audience { get; init; } = "work-flow.digitaldata.works"; +} diff --git a/DigitalData.UserManager.API/Program.cs b/DigitalData.UserManager.API/Program.cs index 3b5d0a4..05b29f4 100644 --- a/DigitalData.UserManager.API/Program.cs +++ b/DigitalData.UserManager.API/Program.cs @@ -13,6 +13,12 @@ using Newtonsoft.Json; using Microsoft.IdentityModel.Tokens; using DigitalData.UserManager.Application.DTOs.User; using DigitalData.UserManager.API.Models; +using DigitalData.Auth.Client; +using DigitalData.UserManager.API; +using Microsoft.AspNetCore.Authentication.JwtBearer; +using Microsoft.Extensions.Options; +using DigitalData.Core.Abstractions.Security.Extensions; +using Microsoft.OpenApi.Models; var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger(); logger.Debug("init main"); @@ -92,10 +98,85 @@ try { Claims = user.ToClaimList().ToDictionary(claim => claim.Type, claim => claim.Value as object) }); + var lazyProvider = new LazyServiceProvider(); + + builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams")); + + var authTokenKeys = config.GetSection(nameof(AuthTokenKeys)).Get() ?? new(); + + builder.Services + .AddAuthentication(options => + { + options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; + }) + .AddJwtBearer(opt => + { + opt.TokenValidationParameters = new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) => + { + var clientParams = lazyProvider.GetRequiredService>()?.Value; + var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience); + return new List() { publicKey.SecurityKey }; + }, + ValidateIssuer = true, + ValidIssuer = authTokenKeys.Issuer, + ValidateAudience = true, + ValidAudience = authTokenKeys.Audience, + }; + + opt.Events = new JwtBearerEvents + { + OnMessageReceived = context => + { + // if there is no token read related cookie or query string + if (context.Token is null) // if there is no token + { + if (context.Request.Cookies.TryGetValue(authTokenKeys.Cookie, out var cookieToken) && cookieToken is not null) + context.Token = cookieToken; + else if (context.Request.Query.TryGetValue(authTokenKeys.QueryString, out var queryStrToken)) + context.Token = queryStrToken; + } + return Task.CompletedTask; + } + }; + }); + + builder.Services.AddSwaggerGen(setupAct => + { + setupAct.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme + { + Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"", + Name = "Authorization", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + Scheme = "Bearer" + }); + + setupAct.AddSecurityRequirement(new OpenApiSecurityRequirement + { + { + new OpenApiSecurityScheme + { + Reference = new OpenApiReference + { + Type = ReferenceType.SecurityScheme, + Id = "Bearer" + } + }, + Array.Empty() + } + }); + }); + builder.Services.AddCookieBasedLocalizer(); var app = builder.Build(); + lazyProvider.Factory = () => app.Services; + cnn_str = new(() => { var encryptor = app.Services.GetRequiredService(); diff --git a/DigitalData.UserManager.API/appsettings.json b/DigitalData.UserManager.API/appsettings.json index 77ff15f..2bc328a 100644 --- a/DigitalData.UserManager.API/appsettings.json +++ b/DigitalData.UserManager.API/appsettings.json @@ -75,5 +75,16 @@ "DateTimeZoneHandling": "Local", // Delete below in production "UseEncryptor": true, - "UseSwagger": true + "UseSwagger": true, + "AuthClientParams": { + "Url": "http://172.24.11.75:8088/auth-hub", + "PublicKeys": [ + { + "Issuer": "auth.digitaldata.works", + "Audience": "user-manager.digitaldata.works", + "Content": "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QCd7dH/xOUITFZbitMa/xnh8a0LyL6ZBvSRAwkI9ceplTRSHJXoM1oB+xtjWE1kOuHVLe941Tm03szS4+/rHIm0Ejva/KKlv7sPFAHE/pWuoPS303vOHgI4HAFcuwywA8CghUWzaaK5LU/Hl8srWwxBHv5hKIUjJFJygeAIENvFOZ1gFbB3MPEC99PiPOwAmfl4tMQUmSsFyspl/RWVi7bTv26ZE+m3KPcWppmvmYjXlSitxRaySxnfFvpca/qWfd/uUUg2KWKtpAwWVkqr0qD9v3TyKSgHoGDsrFpwSx8qufUJSinmZ1u/0iKl6TXeHubYS4C4SUSVjOWXymI2ZQIDAQAB-----END PUBLIC KEY-----" + } + ], + "RetryDelay": "00:00:05" + } } \ No newline at end of file