96 lines
4.2 KiB
C#
96 lines
4.2 KiB
C#
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using TimetableDesigner.Backend.Services.Authentication.Database;
|
|
using TimetableDesigner.Backend.Services.Authentication.Database.Model;
|
|
using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
|
|
|
|
namespace TimetableDesigner.Backend.Services.Authentication.Core.Helpers;
|
|
|
|
public class TokenHelper : ITokenHelper
|
|
{
|
|
private readonly IConfiguration _configuration;
|
|
|
|
public TokenHelper(IConfiguration configuration)
|
|
{
|
|
_configuration = configuration;
|
|
}
|
|
|
|
public string GenerateAccessToken(long accountId)
|
|
{
|
|
IConfigurationSection accessTokenSettings = _configuration.GetSection("Tokens")
|
|
.GetSection("AccessToken");
|
|
|
|
int lifetime = accessTokenSettings.GetSection("Lifetime")
|
|
.GetValue<int>("Normal");
|
|
DateTimeOffset expirationDate = DateTimeOffset.UtcNow.AddMinutes(lifetime);
|
|
|
|
string stringKey = accessTokenSettings.GetValue<string>("Key")!;
|
|
byte[] encodedKey = Encoding.UTF8.GetBytes(stringKey);
|
|
SymmetricSecurityKey key = new SymmetricSecurityKey(encodedKey);
|
|
|
|
string algorithm = accessTokenSettings.GetValue<string>("Algorithm")!;
|
|
|
|
SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor
|
|
{
|
|
Subject = new ClaimsIdentity(
|
|
[
|
|
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
|
new Claim(JwtRegisteredClaimNames.Sub, accountId.ToString()),
|
|
new Claim(JwtRegisteredClaimNames.Exp, expirationDate.UtcTicks.ToString())
|
|
]),
|
|
Issuer = accessTokenSettings.GetValue<string>("Issuer"),
|
|
Audience = accessTokenSettings.GetValue<string>("Audience"),
|
|
SigningCredentials = new SigningCredentials(key, algorithm),
|
|
Expires = expirationDate.UtcDateTime,
|
|
};
|
|
|
|
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
|
|
handler.InboundClaimTypeMap.Clear();
|
|
SecurityToken token = handler.CreateToken(descriptor);
|
|
|
|
return handler.WriteToken(token);
|
|
}
|
|
|
|
public bool ValidateExpiredAccessToken(string accessToken)
|
|
{
|
|
IConfigurationSection accessTokenSettings = _configuration.GetSection("Tokens")
|
|
.GetSection("AccessToken");
|
|
|
|
string stringKey = accessTokenSettings.GetValue<string>("Key")!;
|
|
byte[] encodedKey = Encoding.UTF8.GetBytes(stringKey);
|
|
SymmetricSecurityKey key = new SymmetricSecurityKey(encodedKey);
|
|
|
|
string algorithm = accessTokenSettings.GetValue<string>("Algorithm")!;
|
|
|
|
TokenValidationParameters tokenValidation = new TokenValidationParameters
|
|
{
|
|
ValidateIssuerSigningKey = true,
|
|
ValidateAudience = true,
|
|
ValidateIssuer = true,
|
|
ValidateLifetime = false,
|
|
ValidIssuer = accessTokenSettings.GetValue<string>("Issuer"),
|
|
ValidAudience = accessTokenSettings.GetValue<string>("Audience"),
|
|
IssuerSigningKey = key,
|
|
ClockSkew = TimeSpan.FromMinutes(1),
|
|
};
|
|
|
|
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
|
tokenHandler.ValidateToken(accessToken, tokenValidation, out SecurityToken validatedToken);
|
|
JwtSecurityToken? jwtSecurityToken = validatedToken as JwtSecurityToken;
|
|
|
|
return jwtSecurityToken is not null && jwtSecurityToken.Header.Alg.Equals(algorithm, StringComparison.InvariantCultureIgnoreCase);
|
|
}
|
|
|
|
public DateTimeOffset CalculateRefreshTokenExpirationDate(bool isExtendable = true)
|
|
{
|
|
string lifetimeSection = isExtendable ? "Extended" : "Normal";
|
|
int lifetime = _configuration.GetSection("Tokens")
|
|
.GetSection("RefreshToken")
|
|
.GetSection("Lifetime")
|
|
.GetValue<int>(lifetimeSection);
|
|
return DateTimeOffset.UtcNow.AddMinutes(lifetime);
|
|
}
|
|
} |