Feature/add auth

README.md

@@ -64,6 +64,10 @@ docker-compose -d up postgres
 ```
 dotnet ef migrations add <Migration-name> --project DeUrgenta.Domain --startup-project DeUrgenta.Api
 ```
+### Adding EF Core migration to User.Api
+```
+DeUrgenta.User.Api> dotnet ef migrations add Identity_initial_create --startup-project ..\DeUrgenta.Api\ -o Domain\Migrations --context UserDbContext
+```
 
 ## Feedback
 

Src/DeUrgenta.Admin.Api/Controller/BlogController.cs

@@ -1,8 +1,6 @@
 using System;
-using System.Collections.Immutable;
 using System.Threading.Tasks;
 using DeUrgenta.Admin.Api.Models;
-using DeUrgenta.Admin.Api.Swagger;
 using DeUrgenta.Admin.Api.Swagger.Blog;
 using DeUrgenta.Common.Models;
 using DeUrgenta.Common.Swagger;

Src/DeUrgenta.Admin.Api/Controller/EventsController.cs

@@ -1,5 +1,4 @@
 using System;
-using System.Collections.Immutable;
 using System.Threading.Tasks;
 using DeUrgenta.Admin.Api.Models;
 using DeUrgenta.Admin.Api.Swagger.Events;

Src/DeUrgenta.Api/DeUrgenta.Api.csproj

@@ -13,9 +13,7 @@
 
 	<ItemGroup>
 		<PackageReference Include="Hellang.Middleware.ProblemDetails" Version="5.3.0" />
-		<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
 		<PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="9.0.0" />
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.4" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="5.0.4">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

Src/DeUrgenta.Api/Extensions/AuthorizeCheckOperationFilter.cs

@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.SwaggerGen;
+
+namespace DeUrgenta.Api.Extensions
+{
+    public class AuthorizeCheckOperationFilter : IOperationFilter
+    {
+        public void Apply(OpenApiOperation operation, OperationFilterContext context)
+        {
+            var attributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
+                .Union(context.MethodInfo.GetCustomAttributes(true));
+
+            if (attributes.OfType<IAllowAnonymous>().Any())
+            {
+                return;
+            }
+
+            var authAttributes = attributes.OfType<IAuthorizeData>();
+
+            if (authAttributes.Any())
+            {
+                operation.Responses["401"] = new OpenApiResponse { Description = "Unauthorized" };
+
+                if (authAttributes.Any(att => !String.IsNullOrWhiteSpace(att.Roles) || !String.IsNullOrWhiteSpace(att.Policy)))
+                {
+                    operation.Responses["403"] = new OpenApiResponse { Description = "Forbidden" };
+                }
+
+                operation.Security = new List<OpenApiSecurityRequirement>
+                {
+                    new OpenApiSecurityRequirement
+                    {
+                        {
+                            new OpenApiSecurityScheme
+                            {
+                                Reference = new OpenApiReference
+                                {
+                                    Id = "BearerAuth",
+                                    Type = ReferenceType.SecurityScheme
+                                }
+                            },
+                            Array.Empty<string>()
+                        }
+                    }
+                };
+            }
+        }
+
+    }
+}

Src/DeUrgenta.Api/Extensions/SwaggerExtensions.cs

@@ -1,43 +1,31 @@
 using System;
-using System.Collections.Generic;
 using System.IO;
 using System.Reflection;
-using DeUrgenta.Infra.Extensions;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using Swashbuckle.AspNetCore.Filters;
+using Swashbuckle.AspNetCore.SwaggerUI;
 
 namespace DeUrgenta.Api.Extensions
 {
     public static class SwaggerExtensions
     {
         public static IServiceCollection AddSwaggerFor(this IServiceCollection services, Assembly[] assemblies, IConfiguration config)
         {
-            var authorizeEndpoint = $"{config.GetValue<string>("IdentityServerUrl")}/connect/authorize";
             // Register the Swagger generator, defining 1 or more Swagger documents
             services.AddSwaggerGen(c =>
             {
                 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
                 {
-                    Flows = new OpenApiOAuthFlows
-                    {
-                        Implicit = new OpenApiOAuthFlow
-                        {
-                            AuthorizationUrl = new Uri(authorizeEndpoint),
-                            Scopes = new Dictionary<string, string>
-                            {
-                                { "usersApi", "Access read operations" },
-                                { "backpackApi", "Access write operations" }
-                            }
-                        }
-                    },
-                    Description =
-                       "JWT Authorization header using the Bearer scheme",
-                    Name = "Authorization",
+                    Type = SecuritySchemeType.Http,
+                    Scheme = JwtBearerDefaults.AuthenticationScheme.ToLowerInvariant(),
                     In = ParameterLocation.Header,
-                    Type = SecuritySchemeType.OAuth2,
-                    Scheme = "Bearer"
+                    Name = "Authorization",
+                    BearerFormat = "JWT",
+                    Description = "JWT Authorization header using the Bearer scheme."
                 });
 
                 c.OperationFilter<AuthorizeCheckOperationFilter>();
@@ -72,9 +60,26 @@ public static IServiceCollection AddSwaggerFor(this IServiceCollection services,
                 c.ExampleFilters();
             });
 
-
             services.AddSwaggerExamplesFromAssemblies(assemblies);
             return services;
         }
+
+        public static IApplicationBuilder UseConfigureSwagger(this IApplicationBuilder app)
+        {
+            app.UseSwagger();
+            app.UseSwaggerUI(c =>
+            {
+                c.ConfigObject = new ConfigObject
+                {
+                    Urls = new[]
+                    {
+                        new UrlDescriptor{Name = "api", Url = "/swagger/v1/swagger.json"}
+                    }
+                };
+
+            });
+
+            return app;
+        }
     }
 }

Src/DeUrgenta.Api/Startup.cs

@@ -1,23 +1,21 @@
-using System.Collections.Generic;
 using System.Reflection;
 using DeUrgenta.Admin.Api.Controller;
 using DeUrgenta.Backpack.Api.Controllers;
 using DeUrgenta.Certifications.Api.Controller;
 using DeUrgenta.Api.Extensions;
 using DeUrgenta.Common.Swagger;
+using DeUrgenta.Domain;
 using DeUrgenta.Group.Api.Controllers;
 using Hellang.Middleware.ProblemDetails;
 using DeUrgenta.Infra.Extensions;
 using DeUrgenta.User.Api.Controller;
 using MediatR;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Hosting;
+using DeUrgenta.User.Api.Extensions;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Hosting;
-using Swashbuckle.AspNetCore.SwaggerUI;
 
 namespace DeUrgenta.Api
 {
@@ -27,48 +25,26 @@ public Startup(IConfiguration configuration, IWebHostEnvironment environment)
         {
             Configuration = configuration;
             WebHostEnvironment = environment;
-            _swaggerClientName = configuration.GetValue<string>("SwaggerOidcClientName");
         }
 
         public IConfiguration Configuration { get; }
         public IWebHostEnvironment WebHostEnvironment { get; }
-        public List<ApiAuthenticationScheme> AuthSchemes { get; set; }
-
-        private string _swaggerClientName;
-        private string _corsPolicyName;
+        private const string CorsPolicyName = "MyPolicy";
 
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddControllers();
-
-            var identityUrl = Configuration.GetValue<string>("IdentityServerUrl");
-            var apiSchemes = new List<ApiAuthenticationScheme>();
-
-            Configuration.GetSection("ApiConfiguration").Bind(apiSchemes);
-            var serviceBuilder = services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme);
-            foreach (var authScheme in apiSchemes)
-            {
-                serviceBuilder = serviceBuilder.AddIdentityServerAuthentication(authScheme.SchemeName, options =>
-                {
-                    options.Authority = identityUrl;
-                    options.ApiName = authScheme.ApiName;
-                    options.ApiSecret = authScheme.ApiSecret;
-                    options.RequireHttpsMetadata = !WebHostEnvironment.IsDevelopment();
-                });
-            }
-
-            services.AddDatabase(Configuration.GetConnectionString("DbConnectionString"));
+            services.AddDatabase<DeUrgentaContext>(Configuration.GetConnectionString("DbConnectionString"));
             services.AddExceptionHandling(WebHostEnvironment);
-
+            services.AddBearerAuth(Configuration);
 
             var applicationAssemblies = GetAssemblies();
 
             services.AddSwaggerFor(applicationAssemblies, Configuration);
             services.AddMediatR(applicationAssemblies);
 
-            _corsPolicyName = "MyPolicy";
-            services.AddCors(o => o.AddPolicy(_corsPolicyName, builder =>
+            services.AddCors(o => o.AddPolicy(CorsPolicyName, builder =>
             {
                 builder.AllowAnyOrigin()
                     .AllowAnyMethod()
@@ -78,38 +54,24 @@ public void ConfigureServices(IServiceCollection services)
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
-        public void Configure(IApplicationBuilder app, Domain.DeUrgentaContext dbContext)
+        public void Configure(IApplicationBuilder app)
         {
-            dbContext.Database.Migrate();
-            app.UseCors(_corsPolicyName);
-
             if (WebHostEnvironment.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
             }
 
             app.UseProblemDetails();
-            app.UseSwagger();
-            app.UseSwaggerUI(c =>
-            {
-                c.OAuthClientId(_swaggerClientName);
-                c.OAuthAppName("Swagger UI");
-                c.ConfigObject = new ConfigObject
-                {
-                    Urls = new[]
-                    {
-                        new UrlDescriptor{Name = "api", Url = "/swagger/v1/swagger.json"}
-                    }
-                };
-
-            });
+            app.UseConfigureSwagger();
 
             app.UseHttpsRedirection();
 
             app.UseRouting();
-
+            app.UseAuthentication();
             app.UseAuthorization();
 
+            app.UseCors(CorsPolicyName);
+
             app.UseEndpoints(endpoints => endpoints.MapControllers());
 
         }

Src/DeUrgenta.Api/appsettings.json

@@ -1,32 +1,18 @@
 {
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft": "Warning",
-      "Microsoft.Hosting.Lifetime": "Information"
-    }
-  },
-  "AllowedHosts": "*",
-  "ConnectionStrings": {
-    "DbConnectionString": "Server=localhost;Port=5432;Database=de-urgenta-db;User Id=docker;Password=docker;"
-  },
-  "SwaggerOidcClientName": "swaggerClientLocalhost",
-  "ApiConfiguration": [
-    {
-      "SchemeName": "backpackApiAuthenticationScheme",
-      "ApiName": "backpackApi",
-      "ApiSecret": "svpqYnJSR8xzn8Rl"
+    "Logging": {
+        "LogLevel": {
+            "Default": "Information",
+            "Microsoft": "Warning",
+            "Microsoft.Hosting.Lifetime": "Information"
+        }
     },
-    {
-      "SchemeName": "usersApiAuthenticationScheme",
-      "ApiName": "usersApi",
-      "ApiSecret": "st4k!b7s$af201cv"
+    "AllowedHosts": "*",
+    "ConnectionStrings": {
+        "DbConnectionString": "Server=localhost;Port=5432;Database=de-urgenta-db;User Id=docker;Password=docker;",
+        "IdentityDbConnectionString": "Server=localhost;Port=5432;Database=de-urgenta-db;User Id=docker;Password=docker;"
     },
-    {
-      "SchemeName": "certificationsApiAuthenticationScheme",
-      "ApiName": "certificationsApi",
-      "ApiSecret": "Mfrf5DIry96z851k"
+    "JwtConfig": {
+        "Secret": "llvudfvkwvepwkdnsnwmuulyvtrawppf",
+        "TokenExpirationInSeconds": 3600
     }
-  ],
-  "IdentityServerUrl": "https://localhost:5001"
 }