Symmetric keys with jwt has been implemented

This commit is contained in:
Kun Deng
2022-09-04 20:34:33 -04:00
parent 00ef8d0242
commit d5944c470b
4 changed files with 83 additions and 26 deletions
+49 -6
View File
@@ -4,10 +4,14 @@ using System.Linq;
using System.Security.Claims; using System.Security.Claims;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using JWT; using JWT;
using JWT.Serializers; using JWT.Serializers;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json; using Newtonsoft.Json;
using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Crypto.Parameters;
@@ -113,6 +117,40 @@ namespace Icarus.Controllers.Managers
}; };
} }
public LoginResult LoginSymmetric(User user)
{
var tokenResult = new TokenTierOne();
tokenResult.TokenType = "Jwt";
var payload = Payload();
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["JWT:Secret"]));
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_config["JWT:Issuer"],
_config["JWT:Audience"],
payload,
expires: DateTime.UtcNow.AddMinutes(30),
signingCredentials: signIn);
tokenResult.AccessToken = new JwtSecurityTokenHandler().WriteToken(token);
var expClaim = payload.FirstOrDefault(cl =>
{
return cl.Type.Equals("exp");
});
var expiredDate = DateTime.Parse(expClaim.Value);
var exp = Math.Floor((expiredDate - DateTime.UnixEpoch).TotalSeconds);
tokenResult.Expiration = Convert.ToInt32(exp);
return new LoginResult
{
UserID = user.UserID, Username = user.Username, Token = tokenResult.AccessToken,
TokenType = tokenResult.TokenType, Expiration = tokenResult.Expiration,
Message = "Successfully retrieved token"
};
}
public bool IsTokenValid(string scope, string accessToken) public bool IsTokenValid(string scope, string accessToken)
{ {
var result = false; var result = false;
@@ -201,23 +239,28 @@ namespace Icarus.Controllers.Managers
private List<Claim> Payload() private List<Claim> Payload()
{ {
const int expLimit = 24; var expLimit = 30;
var currentDate = DateTime.Now; var currentDate = DateTime.Now;
var expiredDate = currentDate.AddHours(expLimit); var expiredDate = currentDate.AddMinutes(expLimit);
var issued = Math.Floor((currentDate - DateTime.UnixEpoch).TotalSeconds); var issued = Math.Floor((currentDate - DateTime.UnixEpoch).TotalSeconds);
var expires = Math.Floor((expiredDate - DateTime.UnixEpoch).TotalSeconds); var expires = Math.Floor((expiredDate - DateTime.UnixEpoch).TotalSeconds);
var issuer = "https://soaricarus.auth0.com"; var issuer = "https://soaricarus.auth0.com";
issuer = "http://localhost:5002"; issuer = "http://localhost:5002";
var audience = "https://icarus/api"; var audience = "https://icarus/api";
audience = "http://localhost:5002"; audience = "http://localhost:5002";
var subject = _config["JWT:Subject"];
var claim = new List<System.Security.Claims.Claim>() var claim = new List<System.Security.Claims.Claim>()
{ {
new System.Security.Claims.Claim("scope", AllScopes(), "string"), new System.Security.Claims.Claim("scope", AllScopes(), "string"),
new System.Security.Claims.Claim("exp", $"{expires}", "integer"), // new System.Security.Claims.Claim("exp", $"{expires}", "integer"),
new System.Security.Claims.Claim("aud", $"{audience}", "string"), new System.Security.Claims.Claim(JwtRegisteredClaimNames.Exp, expiredDate.ToString()),
new System.Security.Claims.Claim("iss", $"{issuer}", "string"), // new System.Security.Claims.Claim("aud", $"{audience}", "string"),
new System.Security.Claims.Claim("iat", $"{issued}", "integer") new System.Security.Claims.Claim(JwtRegisteredClaimNames.Aud, audience),
// new System.Security.Claims.Claim("iss", $"{issuer}", "string"),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Iss, issuer),
new Claim(JwtRegisteredClaimNames.Sub, subject),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Iat, currentDate.ToString())
}; };
return claim; return claim;
+12 -1
View File
@@ -55,6 +55,8 @@ namespace Icarus.Controllers.V1
Username = user.Username Username = user.Username
}; };
try
{
if (context.Users.FirstOrDefault(usr => usr.Username.Equals(user.Username)) != null) if (context.Users.FirstOrDefault(usr => usr.Username.Equals(user.Username)) != null)
{ {
user = context.Users.FirstOrDefault(usr => usr.Username.Equals(user.Username)); user = context.Users.FirstOrDefault(usr => usr.Username.Equals(user.Username));
@@ -73,7 +75,8 @@ namespace Icarus.Controllers.V1
TokenManager tk = new TokenManager(_config); TokenManager tk = new TokenManager(_config);
loginRes = tk.LogIn(user); // loginRes = tk.LogIn(user);
loginRes = tk.LoginSymmetric(user);
return Ok(loginRes); return Ok(loginRes);
} }
@@ -84,6 +87,14 @@ namespace Icarus.Controllers.V1
return NotFound(loginRes); return NotFound(loginRes);
} }
} }
catch (Exception ex)
{
_logger.LogError("An error occurred: {0}", ex.Message);
_logger.LogError("Inner Exception: {0}", ex.InnerException.Message);
}
return NotFound(loginRes);
}
#endregion #endregion
} }
} }
+3
View File
@@ -20,6 +20,7 @@ namespace Icarus.Controllers.V1
{ {
[Route("api/v1/song/stream")] [Route("api/v1/song/stream")]
[ApiController] [ApiController]
[Authorize]
public class SongStreamController : BaseController public class SongStreamController : BaseController
{ {
#region Fields #region Fields
@@ -46,10 +47,12 @@ namespace Icarus.Controllers.V1
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<IActionResult> Get(int id) public async Task<IActionResult> Get(int id)
{ {
/**
if (!IsTokenValid("stream:songs")) if (!IsTokenValid("stream:songs"))
{ {
return StatusCode(401, "Not allowed"); return StatusCode(401, "Not allowed");
} }
*/
var context = new SongContext(_config.GetConnectionString("DefaultConnection")); var context = new SongContext(_config.GetConnectionString("DefaultConnection"));
+1 -1
View File
@@ -95,7 +95,7 @@ namespace Icarus
services.AddDbContext<GenreContext>(options => options.UseMySQL(connString)); services.AddDbContext<GenreContext>(options => options.UseMySQL(connString));
services.AddDbContext<CoverArtContext>(options => options.UseMySQL(connString)); services.AddDbContext<CoverArtContext>(options => options.UseMySQL(connString));
services.AddAsymmetricAuthentication(Configuration); // services.AddAsymmetricAuthentication(Configuration);
/** /**
services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration)); services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration));