INIT

TomatenMusic/Auth/Helpers/AppSettings.cs

@@ -0,0 +1,6 @@
+namespace TomatenMusic_Api.Auth.Helpers;
+
+public class AppSettings
+{
+    public string Secret { get; set; }
+}

TomatenMusic/Auth/Helpers/AuthorizeAttribute.cs

@@ -0,0 +1,19 @@
+namespace TomatenMusic_Api.Auth.Helpers;
+
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using TomatenMusic_Api.Auth.Entities;
+
+[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
+public class AuthorizeAttribute : Attribute, IAuthorizationFilter
+{
+    public void OnAuthorization(AuthorizationFilterContext context)
+    {
+        var user = (User)context.HttpContext.Items["User"];
+        if (user == null)
+        {
+            // not logged in
+            context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
+        }
+    }
+}

TomatenMusic/Auth/Helpers/JwtMiddleware.cs

@@ -0,0 +1,58 @@
+namespace TomatenMusic_Api.Auth.Helpers;
+
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Text;
+using TomatenMusic_Api.Auth.Services;
+
+public class JwtMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly AppSettings _appSettings;
+
+    public JwtMiddleware(RequestDelegate next, IOptions<AppSettings> appSettings)
+    {
+        _next = next;
+        _appSettings = appSettings.Value;
+    }
+
+    public async Task Invoke(HttpContext context, IUserService userService)
+    {
+        var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
+
+        if (token != null)
+            attachUserToContext(context, userService, token);
+
+        await _next(context);
+    }
+
+    private void attachUserToContext(HttpContext context, IUserService userService, string token)
+    {
+        try
+        {
+            var tokenHandler = new JwtSecurityTokenHandler();
+            var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
+            tokenHandler.ValidateToken(token, new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKey = new SymmetricSecurityKey(key),
+                ValidateIssuer = false,
+                ValidateAudience = false,
+                // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
+                ClockSkew = TimeSpan.Zero
+            }, out SecurityToken validatedToken);
+
+            var jwtToken = (JwtSecurityToken)validatedToken;
+            var userId = int.Parse(jwtToken.Claims.First(x => x.Type == "id").Value);
+
+            // attach user to context on successful jwt validation
+            context.Items["User"] = userService.GetById(userId);
+        }
+        catch
+        {
+            // do nothing if jwt validation fails
+            // user is not attached to context so request won't have access to secure routes
+        }
+    }
+}