public ActionResult <UserAccessViewModel> Post([FromServices] TokenConfig tokenConfig,
[FromServices] UserLogin user,
[FromServices] TokenSecurityConfig tokenSecurityConfig,
UserAccessViewModel authModel)
{
if (String.IsNullOrEmpty(authModel.Email) || String.IsNullOrEmpty(authModel.Password))
{
return(BadRequest(new { error = "Authentication failed" }));
}
else
{
bool validCredentials = (user != null && authModel.Email == user.Email && authModel.Password == user.Password);
if (validCredentials)
{
ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(authModel.Email, "Login"),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, authModel.Email)
});
DateTime dataCriacao = DateTime.Now;
DateTime dataExpiracao = dataCriacao +
TimeSpan.FromSeconds(tokenConfig.Seconds);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = tokenConfig.Issuer,
Audience = tokenConfig.Audience,
SigningCredentials = tokenSecurityConfig.Credentials,
Subject = identity,
NotBefore = dataCriacao,
Expires = dataExpiracao
});
var token = handler.WriteToken(securityToken);
var result = new
{
AccessToken = token,
created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"),
authenticated = true
};
return(Ok(result));
}
else
{
var result = new
{
AccessToken = "",
authenticated = false
};
return(Ok(result));
}
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddDbContext <DataContext>(options => options
.UseInMemoryDatabase("DBTASKLIST")
.UseLoggerFactory(LoggerFactory.Create(builder => builder.AddConsole()))
);
services.AddScoped <DataContext, DataContext>();
services.AddScoped <IDataTransaction, DataTransaction>();
services.AddScoped <ITaskRepository, TaskRepository>();
services.AddCors();
/*Automapper*/
var config = new AutoMapper.MapperConfiguration(c =>
{
c.AddProfile(new MapperConfig());
});
var mapper = config.CreateMapper();
services.AddSingleton(mapper);
/*swagger*/
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1",
new OpenApiInfo
{
Title = "Api - Desafio SuperoWF",
Version = "v1",
Description = "Viabilizar requisições e persistencia de dados",
Contact = new OpenApiContact
{
Name = "Marcos Mateus",
Email = "*****@*****.**",
}
});
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
In = ParameterLocation.Header,
Description = "Copie 'Bearer ' + token'",
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] {}
}
});
string caminhoAplicacao = PlatformServices.Default.Application.ApplicationBasePath;
string nomeAplicacao = PlatformServices.Default.Application.ApplicationName;
string caminhoXmlDoc = Path.Combine(caminhoAplicacao, $"{nomeAplicacao}.xml");
c.IncludeXmlComments(caminhoXmlDoc);
});
/* WebToken*/
// A titulo de simulação os dados de usuário para authenticação estão fixos na classe
services.AddTransient <UserLogin>();
var configToken = new TokenSecurityConfig();
services.AddSingleton(configToken);
var tokenConfig = new TokenConfig();
new ConfigureFromConfigurationOptions <TokenConfig>(Configuration.GetSection("DataTokenConfiguration"))
.Configure(tokenConfig);
services.AddSingleton(tokenConfig);
services.AddAuthentication(authOptions =>
{
authOptions.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
authOptions.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(bearerOptions =>
{
var paramsValidation = bearerOptions.TokenValidationParameters;
paramsValidation.IssuerSigningKey = configToken.Key;
paramsValidation.ValidAudience = tokenConfig.Audience;
paramsValidation.ValidIssuer = tokenConfig.Issuer;
// Valida a assinatura de um token recebido
paramsValidation.ValidateIssuerSigningKey = true;
// Verifica se um token recebido ainda é válido
paramsValidation.ValidateLifetime = true;
paramsValidation.ClockSkew = TimeSpan.Zero;
});
// Ativa o uso do token como forma de autorizar o acesso a recursos do projeto
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build());
});
}