add Jwt authorization support for for API

2022-03-28 21:51:55 -04:00
parent c8129607e8
commit a97af42e4b
16 changed files with 282 additions and 40 deletions
--- a/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
+++ b/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
@ -0,0 +1,57 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Oqtane.Extensions;
+using Oqtane.Repository;
+using Oqtane.Security;
+using Oqtane.Shared;
+
+namespace Oqtane.Infrastructure
+{
+    internal class JwtMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        public JwtMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        public async Task Invoke(HttpContext context)
+        {
+            if (context.Request.Headers.ContainsKey("Authorization"))
+            {
+                var alias = context.GetAlias();
+                if (alias != null)
+                {
+                    var secret = context.GetSiteSettings().GetValue("JwtOptions:Secret", "");
+                    if (!string.IsNullOrEmpty(secret))
+                    {
+                        var logger = context.RequestServices.GetService(typeof(ILogManager)) as ILogManager;
+                        var jwtManager = context.RequestServices.GetService(typeof(IJwtManager)) as IJwtManager;
+
+                        var token = context.Request.Headers["Authorization"].First().Split(" ").Last();
+                        var user = jwtManager.ValidateToken(token, secret);
+                        if (user != null)
+                        {
+                            // populate principal
+                            var _userRoles = context.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository;
+                            var principal = (ClaimsIdentity)context.User.Identity;
+                            UserSecurity.ResetClaimsIdentity(principal);
+                            var identity = UserSecurity.CreateClaimsIdentity(alias, user, _userRoles.GetUserRoles(user.UserId, alias.SiteId).ToList());
+                            principal.AddClaims(identity.Claims);
+                            logger.Log(alias.SiteId, LogLevel.Information, "TokenValidation", Enums.LogFunction.Security, "Token Validated For User {Username}", user.Username);
+                        }
+                        else
+                        {
+                            logger.Log(alias.SiteId, LogLevel.Error, "TokenValidation", Enums.LogFunction.Security, "Token Validation Error");
+                        }
+                    }
+                }
+            }
+
+            await _next(context);
+        }
+    }
+}