From 101631a0041f22570d7c2d9378cbfd0cec5ca14b Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Thu, 7 Feb 2019 00:39:51 +0800
Subject: Add authorization.

---
 Timeline/Services/JwtService.cs  | 64 ++++++++++++++++++++++++++++++++++++++++
 Timeline/Services/UserService.cs |  4 +--
 2 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 Timeline/Services/JwtService.cs

(limited to 'Timeline/Services')

diff --git a/Timeline/Services/JwtService.cs b/Timeline/Services/JwtService.cs
new file mode 100644
index 00000000..1b465dd9
--- /dev/null
+++ b/Timeline/Services/JwtService.cs
@@ -0,0 +1,64 @@
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using Timeline.Configs;
+using Timeline.Entities;
+
+namespace Timeline.Services
+{
+    public interface IJwtService
+    {
+        /// <summary>
+        /// Create a JWT token for a given user.
+        /// Return null if <paramref name="user"/> is null.
+        /// </summary>
+        /// <param name="user">The user to generate token.</param>
+        /// <returns>The generated token or null if <paramref name="user"/> is null.</returns>
+        string GenerateJwtToken(User user);
+    }
+
+    public class JwtService : IJwtService
+    {
+        private readonly IOptionsMonitor<JwtConfig> _jwtConfig;
+        private readonly JwtSecurityTokenHandler _tokenHandler = new JwtSecurityTokenHandler();
+
+        public JwtService(IOptionsMonitor<JwtConfig> jwtConfig)
+        {
+            _jwtConfig = jwtConfig;
+        }
+
+        public string GenerateJwtToken(User user)
+        {
+            if (user == null)
+                return null;
+
+            var jwtConfig = _jwtConfig.CurrentValue;
+
+            var identity = new ClaimsIdentity();
+            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
+            identity.AddClaims(user.Roles.Select(role => new Claim(identity.RoleClaimType, role)));
+
+            var tokenDescriptor = new SecurityTokenDescriptor()
+            {
+                Subject = identity,
+                Issuer = jwtConfig.Issuer,
+                Audience = jwtConfig.Audience,
+                SigningCredentials = new SigningCredentials(
+                    new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.SigningKey)), SecurityAlgorithms.HmacSha384),
+                IssuedAt = DateTime.Now,
+                Expires = DateTime.Now.AddDays(1)
+            };
+
+            var token = _tokenHandler.CreateToken(tokenDescriptor);
+            var tokenString = _tokenHandler.WriteToken(token);
+
+            return tokenString;
+        }
+    }
+}
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs
index b3d76e3e..ab5a31bb 100644
--- a/Timeline/Services/UserService.cs
+++ b/Timeline/Services/UserService.cs
@@ -21,8 +21,8 @@ namespace Timeline.Services
     public class UserService : IUserService
     {
         private readonly IList<User> _users = new List<User>{
-            new User { Id = 0, Username = "hello", Password = "crupest" },
-            new User { Id = 1, Username = "test", Password = "test"}
+            new User { Id = 0, Username = "admin", Password = "admin", Roles = new string[] { "User", "Admin" } },
+            new User { Id = 1, Username = "user", Password = "user", Roles = new string[] { "User"} }
         };
 
         public User Authenticate(string username, string password)
-- 
cgit v1.2.3