Alper-Soy · Alper-Soy · Aug 20, 2024 · Aug 20, 2024 · Aug 20, 2024
diff --git a/API/API.csproj b/API/API.csproj
@@ -11,10 +11,16 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.7">
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8"/>
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.8">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
+        <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.0.1"/>
+    </ItemGroup>
+
+    <ItemGroup>
+        <Folder Include="Contracts\User\"/>
     </ItemGroup>
 
 </Project>
diff --git a/API/Contracts/Auth/AuthUserDto.cs b/API/Contracts/Auth/AuthUserDto.cs
@@ -0,0 +1,9 @@
+namespace API.Contracts.User;
+
+public class AuthUserDto
+{
+    public string DisplayName { get; set; }
+    public string Token { get; set; }
+    public string Image { get; set; }
+    public string Username { get; set; }
+}
diff --git a/API/Contracts/Auth/LoginDto.cs b/API/Contracts/Auth/LoginDto.cs
@@ -0,0 +1,7 @@
+namespace API.Contracts.Auth;
+
+public class LoginDto
+{
+    public string Email { get; set; }
+    public string Password { get; set; }
+}
diff --git a/API/Contracts/Auth/RegisterDto.cs b/API/Contracts/Auth/RegisterDto.cs
@@ -0,0 +1,16 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace API.Contracts.Auth;
+
+public class RegisterDto
+{
+    [Required] [EmailAddress] public string Email { get; set; }
+
+    [Required]
+    [RegularExpression("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$", ErrorMessage = "Password must be complex")]
+    public string Password { get; set; }
+
+    [Required] public string DisplayName { get; set; }
+
+    [Required] public string Username { get; set; }
+}
diff --git a/API/Controllers/AccountController.cs b/API/Controllers/AccountController.cs
@@ -0,0 +1,83 @@
+using System.Security.Claims;
+using API.Contracts.Auth;
+using API.Contracts.User;
+using API.Services.Auth;
+using Domain.Entities;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace API.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+public class AccountController(UserManager<User> userManager, TokenService tokenService) : ControllerBase
+{
+    [AllowAnonymous]
+    [HttpPost("login")]
+    public async Task<ActionResult<AuthUserDto>> Login(LoginDto loginDto)
+    {
+        var user = await userManager.FindByEmailAsync(loginDto.Email);
+
+        if (user == null) return Unauthorized();
+
+        var result = await userManager.CheckPasswordAsync(user, loginDto.Password);
+
+        if (result) return CreateUserObject(user);
+
+        return Unauthorized();
+    }
+
+    [AllowAnonymous]
+    [HttpPost("register")]
+    public async Task<ActionResult<AuthUserDto>> Register(RegisterDto registerDto)
+    {
+        if (await userManager.Users.AnyAsync(x => x.UserName == registerDto.Username))
+        {
+            ModelState.AddModelError("username", "Username taken");
+            return ValidationProblem();
+        }
+
+
+        if (await userManager.Users.AnyAsync(x => x.Email == registerDto.Email))
+        {
+            ModelState.AddModelError("email", "Email taken");
+            return ValidationProblem();
+        }
+
+
+        var user = new User
+        {
+            DisplayName = registerDto.DisplayName,
+            Email = registerDto.Email,
+            UserName = registerDto.Username
+        };
+
+        var result = await userManager.CreateAsync(user, registerDto.Password);
+
+        if (result.Succeeded) return CreateUserObject(user);
+
+        return BadRequest(result.Errors);
+    }
+
+    [Authorize]
+    [HttpGet]
+    public async Task<ActionResult<AuthUserDto>> GetCurrentUser()
+    {
+        var user = await userManager.FindByEmailAsync(User.FindFirstValue(ClaimTypes.Email));
+
+        return CreateUserObject(user);
+    }
+
+    private AuthUserDto CreateUserObject(User user)
+    {
+        return new AuthUserDto
+        {
+            DisplayName = user.DisplayName,
+            Image = null,
+            Token = tokenService.CreateToken(user),
+            Username = user.UserName
+        };
+    }
+}
diff --git a/API/Controllers/BuggyController.cs b/API/Controllers/BuggyController.cs
@@ -1,32 +1,30 @@
-using System;
 using Microsoft.AspNetCore.Mvc;
 
-namespace API.Controllers
+namespace API.Controllers;
+
+public class BuggyController : BaseApiController
 {
-    public class BuggyController : BaseApiController
+    [HttpGet("not-found")]
+    public ActionResult GetNotFound()
     {
-        [HttpGet("not-found")]
-        public ActionResult GetNotFound()
-        {
-            return NotFound();
-        }
+        return NotFound();
+    }
 
-        [HttpGet("bad-request")]
-        public ActionResult GetBadRequest()
-        {
-            return BadRequest("This is a bad request");
-        }
+    [HttpGet("bad-request")]
+    public ActionResult GetBadRequest()
+    {
+        return BadRequest("This is a bad request");
+    }
 
-        [HttpGet("server-error")]
-        public ActionResult GetServerError()
-        {
-            throw new Exception("This is a server error");
-        }
+    [HttpGet("server-error")]
+    public ActionResult GetServerError()
+    {
+        throw new Exception("This is a server error");
+    }
 
-        [HttpGet("unauthorised")]
-        public ActionResult GetUnauthorised()
-        {
-            return Unauthorized();
-        }
+    [HttpGet("unauthorised")]
+    public ActionResult GetUnauthorised()
+    {
+        return Unauthorized();
     }
 }
diff --git a/API/Extensions/IdentityServiceExtensions.cs b/API/Extensions/IdentityServiceExtensions.cs
@@ -0,0 +1,38 @@
+using System.Text;
+using API.Services.Auth;
+using Domain.Entities;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using Persistence;
+
+namespace API.Extensions;
+
+public static class IdentityServiceExtensions
+{
+    public static IServiceCollection AddIdentityServices(this IServiceCollection services, IConfiguration config)
+    {
+        services.AddIdentityCore<User>(opt =>
+            {
+                opt.Password.RequireNonAlphanumeric = false;
+                opt.User.RequireUniqueEmail = true;
+            })
+            .AddEntityFrameworkStores<DataContext>();
+
+
+        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"]));
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
+        {
+            options.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKey = key,
+                ValidateIssuer = false,
+                ValidateAudience = false
+            };
+        });
+
+        services.AddScoped<TokenService>();
+
+        return services;
+    }
+}
diff --git a/API/Middleware/ExceptionMiddleware.cs b/API/Middleware/ExceptionMiddleware.cs
@@ -29,7 +29,7 @@ public async Task InvokeAsync(HttpContext context)
             var response = env.IsDevelopment()
                 ? new AppException(context.Response.StatusCode, ex.Message, ex.StackTrace)
                 : new AppException(context.Response.StatusCode, "Internal Server Error");
-            
+
 
             var json = JsonSerializer.Serialize(response, JsonOptions);
 

diff --git a/API/Program.cs b/API/Program.cs
@@ -1,14 +1,23 @@
 using API.Extensions;
 using API.Middleware;
+using Domain.Entities;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.EntityFrameworkCore;
 using Persistence;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
 
-builder.Services.AddControllers();
+builder.Services.AddControllers(opt =>
+{
+    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+    opt.Filters.Add(new AuthorizeFilter(policy));
+});
 builder.Services.AddApplicationServices(builder.Configuration);
+builder.Services.AddIdentityServices(builder.Configuration);
 
 var app = builder.Build();
 
@@ -17,6 +26,7 @@
 
 app.UseCors("CorsPolicy");
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();
@@ -27,8 +37,9 @@
 try
 {
     var context = services.GetRequiredService<DataContext>();
+    var userManager = services.GetRequiredService<UserManager<User>>();
     await context.Database.MigrateAsync();
-    await Seed.SeedData(context);
+    await Seed.SeedData(context, userManager);
 }
 catch (Exception e)
 {

diff --git a/API/Services/Auth/TokenService.cs b/API/Services/Auth/TokenService.cs
@@ -0,0 +1,36 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using Domain.Entities;
+using Microsoft.IdentityModel.Tokens;
+
+namespace API.Services.Auth;
+
+public class TokenService(IConfiguration config)
+{
+    public string CreateToken(User user)
+    {
+        var claims = new List<Claim>
+        {
+            new(ClaimTypes.Name, user.UserName),
+            new(ClaimTypes.NameIdentifier, user.Id),
+            new(ClaimTypes.Email, user.Email)
+        };
+
+        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"]));
+        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
+
+        var tokenDescriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(claims),
+            Expires = DateTime.UtcNow.AddDays(7),
+            SigningCredentials = creds
+        };
+
+        var tokenHandler = new JwtSecurityTokenHandler();
+
+        var token = tokenHandler.CreateToken(tokenDescriptor);
+
+        return tokenHandler.WriteToken(token);
+    }
+}
diff --git a/API/activity-hub.db b/API/activity-hub.db
diff --git a/API/activity-hub.db-shm b/API/activity-hub.db-shm
diff --git a/API/activity-hub.db-wal b/API/activity-hub.db-wal
diff --git a/API/appsettings.Development.json b/API/appsettings.Development.json
@@ -7,5 +7,6 @@
   },
   "ConnectionStrings": {
     "DefaultConnection": "Data Source=activity-hub.db"
-  }
+  },
+  "TokenKey": "887aa8d55236124da3ae8da02e0809d2140470eb9aa6583686fafed91b9586eb"
 }
diff --git a/Application/Core/Result.cs b/Application/Core/Result.cs
@@ -8,11 +8,11 @@ public class Result<T>
 
     public static Result<T> Success(T value)
     {
-        return new Result<T>() { IsSuccess = true, Value = value };
+        return new Result<T> { IsSuccess = true, Value = value };
     }
 
     public static Result<T> Failure(string error)
     {
-        return new Result<T>() { IsSuccess = false, Error = error };
+        return new Result<T> { IsSuccess = false, Error = error };
     }
 }
diff --git a/Domain/Domain.csproj b/Domain/Domain.csproj
@@ -6,4 +6,8 @@
         <Nullable>disable</Nullable>
     </PropertyGroup>
 
+    <ItemGroup>
+        <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.8"/>
+    </ItemGroup>
+
 </Project>
diff --git a/Domain/Entities/User.cs b/Domain/Entities/User.cs
@@ -0,0 +1,9 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace Domain.Entities;
+
+public class User : IdentityUser
+{
+    public string DisplayName { get; set; }
+    public string Bio { get; set; }
+}
diff --git a/Persistence/DataContext.cs b/Persistence/DataContext.cs
@@ -1,9 +1,10 @@
 using Domain.Entities;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 
 namespace Persistence;
 
-public class DataContext(DbContextOptions options) : DbContext(options)
+public class DataContext(DbContextOptions options) : IdentityDbContext<User>(options)
 {
     public DbSet<Activity> Activities { get; set; }
 }