InteIIigeNET · alexmagikov · Nov 18, 2025 · Nov 27, 2025 · Nov 27, 2025 · Nov 27, 2025
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/AccountController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/AccountController.cs
@@ -12,6 +12,7 @@
 using HwProj.Models.Roles;
 using HwProj.SolutionsService.Client;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
 namespace HwProj.APIGateway.API.Controllers
@@ -89,6 +90,15 @@ public async Task<IActionResult> GetUserData()
             return Ok(aggregatedResult);
         }
 
+        [HttpGet("getUserSummary")]
+        [Authorize]
+        [ProducesResponseType(typeof(AccountSummaryDto), (int)HttpStatusCode.OK)]
+        public async Task<IActionResult> GetUserSummary()
+        {
+            var accountData = await AuthServiceClient.GetAccountSummary(UserId);
+            return Ok(accountData);
+        }
+
         [HttpPost("register")]
         [ProducesResponseType(typeof(Result), (int)HttpStatusCode.OK)]
         public async Task<IActionResult> Register(RegisterViewModel model)
@@ -98,20 +108,66 @@ public async Task<IActionResult> Register(RegisterViewModel model)
         }
 
         [HttpPost("login")]
-        [ProducesResponseType(typeof(Result<TokenCredentials>), (int)HttpStatusCode.OK)]
+        [ProducesResponseType((int)HttpStatusCode.OK)]
         public async Task<IActionResult> Login(LoginViewModel model)
         {
             var tokenMeta = await AuthServiceClient.Login(model).ConfigureAwait(false);
-            return Ok(tokenMeta);
+            if (!tokenMeta.Succeeded)
+            {
+                ClearTokenCookie();
+                return Unauthorized();
+            }
+
+            Response.Cookies.Append("accessToken", tokenMeta.Value.AccessToken,
+                new CookieOptions
+                {
+                    Expires = tokenMeta.Value.ExpiresIn,
+                    HttpOnly = true,
+                    Secure = false,
+                    SameSite = SameSiteMode.Strict
+                });
+
+            return Ok();
         }
 
         [Authorize]
         [HttpGet("refreshToken")]
-        [ProducesResponseType(typeof(Result<TokenCredentials>), (int)HttpStatusCode.OK)]
+        [ProducesResponseType((int)HttpStatusCode.OK)]
         public async Task<IActionResult> RefreshToken()
         {
             var tokenMeta = await AuthServiceClient.RefreshToken(UserId!);
-            return Ok(tokenMeta);
+            if (!tokenMeta.Succeeded)
+            {
+                ClearTokenCookie();
+                return Unauthorized();
+            }
+
+            Response.Cookies.Append("accessToken", tokenMeta.Value.AccessToken,
+                new CookieOptions
+                {
+                    Expires = tokenMeta.Value.ExpiresIn,
+                    HttpOnly = true,
+                    Secure = false,
+                    SameSite = SameSiteMode.Strict
+                });
+
+            return Ok();
+        }
+
+        [HttpPost("logout")]
+        [ProducesResponseType((int)HttpStatusCode.OK)]
+        public IActionResult Logout()
+        {
+            ClearTokenCookie();
+            return Ok();
+        }
+
+        private void ClearTokenCookie()
+        {
+            if (Request.Cookies.ContainsKey("accessToken"))
+            {
+                Response.Cookies.Delete("accessToken");
+            }
         }
 
         [HttpPut("edit")]

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/ExpertsController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/ExpertsController.cs
@@ -1,4 +1,5 @@
-using System.Net;
+using System.IdentityModel.Tokens.Jwt;
+using System.Net;
 using System.Threading.Tasks;
 using AutoMapper;
 using HwProj.AuthService.Client;
@@ -9,6 +10,7 @@
 using HwProj.Models.Result;
 using HwProj.Models.Roles;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
 namespace HwProj.APIGateway.API.Controllers;
@@ -68,6 +70,30 @@ public async Task<IActionResult> Register(RegisterExpertViewModel model)
     public async Task<IActionResult> Login(TokenCredentials credentials)
     {
         var result = await AuthServiceClient.LoginExpert(credentials).ConfigureAwait(false);
+
+        if (!result.Succeeded)
+        {
+            if (Request.Cookies.ContainsKey("accessToken"))
+            {
+                Response.Cookies.Delete("accessToken");
+            }
+
+            return Unauthorized(result);
+        }
+
+        var handler = new JwtSecurityTokenHandler();
+        var jwt = handler.ReadJwtToken(credentials.AccessToken);
+        var expiresIn = jwt.ValidTo;
+
+        Response.Cookies.Append("accessToken", credentials.AccessToken,
+            new CookieOptions
+            {
+                Expires = expiresIn,
+                HttpOnly = true,
+                Secure = false,
+                SameSite = SameSiteMode.Strict
+            });
+
         return Ok(result);
     }
 

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/SolutionsController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/SolutionsController.cs
@@ -327,7 +327,7 @@ await _coursesServiceClient.CreateCourseGroup(new CreateGroupViewModel(arrFullSt
     }
 
     [HttpPost("automated/{courseId}")]
-    [Authorize(Roles = Roles.LecturerOrExpertRole)]
+    [Authorize(Roles = Roles.LecturerOrExpertRole,  AuthenticationSchemes = "JwtCookie, JwtBearer")]
     [ProducesResponseType(typeof(void), (int)HttpStatusCode.OK)]
     public async Task<IActionResult> PostAutomatedSolution(PostAutomatedSolutionModel model, long courseId)
     {

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs
@@ -1,6 +1,8 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Text;
 using System.Text.Json.Serialization;
+using System.Threading.Tasks;
 using HwProj.APIGateway.API.Filters;
 using HwProj.AuthService.Client;
 using HwProj.ContentService.Client;
@@ -27,7 +29,7 @@ public Startup(IConfiguration configuration)
         Configuration = configuration;
     }
 
-    public IConfiguration Configuration { get; }
+    private IConfiguration Configuration { get; }
 
     public void ConfigureServices(IServiceCollection services)
     {
@@ -52,10 +54,10 @@ public void ConfigureServices(IServiceCollection services)
 
         services.AddAuthentication(options =>
             {
-                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultAuthenticateScheme = "JwtCookie";
+                options.DefaultChallengeScheme = "JwtCookie";
             })
-            .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, x =>
+            .AddJwtBearer("JwtCookie", x =>
             {
                 x.RequireHttpsMetadata = false;
                 x.TokenValidationParameters = new TokenValidationParameters
@@ -66,13 +68,42 @@ public void ConfigureServices(IServiceCollection services)
                     ValidateLifetime = true,
                     IssuerSigningKey =
                         new SymmetricSecurityKey(Encoding.ASCII.GetBytes(appSettings["SecurityKey"])),
-                    ValidateIssuerSigningKey = true
+                    ValidateIssuerSigningKey = true,
+                    ClockSkew = TimeSpan.Zero
+                };
+                x.Events = new JwtBearerEvents
+                {
+                    OnMessageReceived = context =>
+                    {
+                        context.Request.Cookies.TryGetValue("accessToken", out var accessToken);
+
+                        if (!string.IsNullOrEmpty(accessToken))
+                        {
+                            context.Token = accessToken;
+                        }
+
+                        return Task.CompletedTask;
+                    }
+                };
+            })
+            .AddJwtBearer("JwtBearer", x =>
+            {
+                x.RequireHttpsMetadata = false;
+                x.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidIssuer = "AuthService",
+                    ValidateIssuer = true,
+                    ValidateAudience = false,
+                    ValidateLifetime = true,
+                    IssuerSigningKey =
+                        new SymmetricSecurityKey(Encoding.ASCII.GetBytes(appSettings["SecurityKey"])),
+                    ValidateIssuerSigningKey = true,
+                    ClockSkew = TimeSpan.Zero
                 };
             });
 
         services.AddHttpClient();
         services.AddHttpContextAccessor();
-
         services.AddAuthServiceClient();
         services.AddCoursesServiceClient();
         services.AddSolutionServiceClient();
@@ -92,14 +123,13 @@ public void Configure(IApplicationBuilder app, IHostEnvironment env)
             app.UseHsts();
 
         app.UseRouting();
-        app.UseAuthentication();
-        app.UseAuthorization();
         app.UseCors(x => x
-            .AllowAnyMethod()
+            .WithMethods("GET")
             .AllowAnyHeader()
             .SetIsOriginAllowed(_ => true)
             .AllowCredentials());
-
+        app.UseAuthentication();
+        app.UseAuthorization();
         app.UseEndpoints(x => x.MapControllers());
     }