Prepare for next lecture

2024/React/AppSettings.cs

@@ -2,4 +2,14 @@
 
 public class AppSettings
 {
+    public required JwtSettings Jwt { get; init; }
+
+    public record JwtSettings
+    {
+        public required string Issuer { get; init; }
+
+        public required string Audience { get; init; }
+
+        public required string Key { get; init; }
+    }   
 }

2024/React/Application.csproj

@@ -36,6 +36,10 @@
     <None Include="$(SpaRoot)**" Exclude="$(SpaRoot)node_modules\**" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="Backend\Domain\" />
+  </ItemGroup>
+
 
   <Target Name="DebugEnsureNodeEnv" BeforeTargets="Build" Condition=" '$(Configuration)' == 'Debug' And !Exists('$(SpaRoot)node_modules') ">
     <!-- Ensure Node.js is installed -->

2024/React/Backend/Api/AccountController.cs

@@ -0,0 +1,52 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using Application.Backend.Api.Models;
+using Application.Backend.Authorization;
+using Application.Backend.Core;
+using Application.Backend.Database;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Application.Backend.Api;
+
+[ApiController]
+[Route("/api/account")]
+public class AccountController(DataContext dataContext, IOptions<AppSettings> appSettings) : Controller
+{
+    private readonly AppSettings _appSettings = appSettings.Value;
+
+    [HttpPost("login")]
+    public IActionResult Login(LoginRequest request)
+    {
+        var user = dataContext.Users.FirstOrDefault(user => user.Email == request.Email);
+        if (user == null)
+            return NotFound();
+
+        if (Password.Verify(request.Password, user.PasswordHash, user.PasswordSalt) == false)
+            return BadRequest();
+
+        var issuer = _appSettings.Jwt.Issuer;
+        var audience = _appSettings.Jwt.Audience;
+        var key = Encoding.ASCII.GetBytes(_appSettings.Jwt.Key);
+        var tokenDescriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(new[]
+            {
+                new Claim("Id", user.Id.ToString()),
+                new Claim(JwtRegisteredClaimNames.Email, user.Email),
+                new Claim(Policy.CanEditForecasts, (user.Role == Role.Administrator).ToString())
+            }),
+            Expires = DateTime.UtcNow.AddDays(1),
+            Issuer = issuer,
+            Audience = audience,
+            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
+        };
+        var tokenHandler = new JwtSecurityTokenHandler();
+        var token = tokenHandler.CreateToken(tokenDescriptor);
+        var jwtToken = tokenHandler.WriteToken(token);
+
+        return Ok(jwtToken);
+    }
+}

2024/React/Backend/Api/Models/LoginRequest.cs

@@ -0,0 +1,8 @@
+namespace Application.Backend.Api.Models;
+
+public record LoginRequest
+{
+    public required string Email { get; set; }
+
+    public required string Password { get; set; }
+}

2024/React/Backend/Api/WeatherForecastController.cs

@@ -1,24 +1,28 @@
-using Application.Backend.Api.Models;
+using System.Security.Claims;
+using Application.Backend.Api.Models;
+using Application.Backend.Authorization;
 using Application.Backend.Database;
 using Application.Backend.Database.Models;
 using Application.Backend.Database.Repository;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.EntityFrameworkCore;
 
 namespace Application.Backend.Api;
 
 [ApiController]
 [Route("/api/weather-forecast")]
-public class WeatherForecastController(DataContext dataContext, UsersRepository usersRepository) : ControllerBase
+[Authorize]
+public class WeatherForecastController(DataContext dataContext) : ControllerBase
 {
     [HttpGet]
     public IActionResult Get()
     {
+        var emailClaim = User.FindFirst(ClaimTypes.Email);
+
         var weatherForecasts = dataContext.WeatherForecasts.ToList();
         return Ok(weatherForecasts);
     }
 
-    // HTTP-GET /api/weather-forecasts/guid
     [HttpGet("{id:guid}")]
     public IActionResult Get(Guid id)
     {
@@ -30,6 +34,7 @@ public IActionResult Get(Guid id)
     }
 
     [HttpPost]
+    [Authorize(Policy = Policy.CanEditForecasts)]
     public IActionResult Create(WeatherForecast weatherForecast)
     {
         dataContext.Add(weatherForecast);
@@ -39,6 +44,7 @@ public IActionResult Create(WeatherForecast weatherForecast)
     }
 
     [HttpPut("{id:guid}")]
+    [Authorize(Policy = Policy.CanEditForecasts)]
     public IActionResult Update(Guid id, UpdateWeatherForecastRequest request)
     {
         var weatherForecasts = dataContext.WeatherForecasts.FirstOrDefault(forecast => forecast.Id == id);
@@ -55,6 +61,7 @@ public IActionResult Update(Guid id, UpdateWeatherForecastRequest request)
 
 
     [HttpDelete("{id:guid}")]
+    [Authorize(Policy = Policy.CanDeleteForecasts)]
     public IActionResult Delete(Guid id)
     {
         var weatherForecasts = dataContext.WeatherForecasts.FirstOrDefault(forecast => forecast.Id == id);

2024/React/Backend/Authorization/Policy.cs

@@ -0,0 +1,7 @@
+namespace Application.Backend.Authorization;
+
+public class Policy
+{
+    public const string CanEditForecasts = "CanEditForecasts";
+    public const string CanDeleteForecasts = "CanDeleteForecasts";
+}

2024/React/Backend/Authorization/Role.cs

@@ -0,0 +1,7 @@
+namespace Application.Backend.Authorization;
+
+public class Role
+{
+    public const string Administrator = "Administrator";
+    public const string User = "User";
+}

2024/React/Backend/Database/Migrations/20240309145632_AddRoleMigration.cs

@@ -0,0 +1,72 @@
+using System;
+using Application.Backend.Authorization;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Application.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddRoleMigration : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropForeignKey(
+                name: "FK_Deliveries_Users_UserId",
+                table: "Deliveries");
+
+            migrationBuilder.AddColumn<string>(
+                name: "Role",
+                table: "Users",
+                type: "nvarchar(max)",
+                nullable: false,
+                defaultValue: Role.Administrator);
+
+            migrationBuilder.AlterColumn<Guid>(
+                name: "UserId",
+                table: "Deliveries",
+                type: "uniqueidentifier",
+                nullable: true,
+                oldClrType: typeof(Guid),
+                oldType: "uniqueidentifier");
+
+            migrationBuilder.AddForeignKey(
+                name: "FK_Deliveries_Users_UserId",
+                table: "Deliveries",
+                column: "UserId",
+                principalTable: "Users",
+                principalColumn: "Id");
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropForeignKey(
+                name: "FK_Deliveries_Users_UserId",
+                table: "Deliveries");
+
+            migrationBuilder.DropColumn(
+                name: "Role",
+                table: "Users");
+
+            migrationBuilder.AlterColumn<Guid>(
+                name: "UserId",
+                table: "Deliveries",
+                type: "uniqueidentifier",
+                nullable: false,
+                defaultValue: new Guid("00000000-0000-0000-0000-000000000000"),
+                oldClrType: typeof(Guid),
+                oldType: "uniqueidentifier",
+                oldNullable: true);
+
+            migrationBuilder.AddForeignKey(
+                name: "FK_Deliveries_Users_UserId",
+                table: "Deliveries",
+                column: "UserId",
+                principalTable: "Users",
+                principalColumn: "Id",
+                onDelete: ReferentialAction.Cascade);
+        }
+    }
+}