From 482a330a397ffb69b6fd69f434640e4fd32e7dd3 Mon Sep 17 00:00:00 2001 From: Oscar Morales Date: Tue, 15 Jul 2025 14:04:07 -0600 Subject: [PATCH] Configura authentication and authorization --- .../Controllers/AuthenticationController.cs | 19 +++++++++++++-- .../Controllers/ModuleController.cs | 14 +++++------ .../Controllers/PermissionController.cs | 2 +- .../Controllers/RoleController.cs | 2 +- .../Controllers/UserController.cs | 24 +++++++++---------- Core.Thalos.BFF.Api/Program.cs | 12 ++++++---- Core.Thalos.BFF.Api/appsettings.Local.json | 15 +++++++++++- .../Core.Thalos.External.csproj | 2 +- 8 files changed, 61 insertions(+), 29 deletions(-) diff --git a/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs b/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs index f247b08..f7192b3 100644 --- a/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs +++ b/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs @@ -3,6 +3,7 @@ using Core.Thalos.Adapters; using Core.Thalos.Adapters.Common.Constants; using Core.Thalos.Adapters.Contracts; using Core.Thalos.Application.UseCases.Users.Input; +using Core.Thalos.BuildingBlocks.Authentication.Authorization.Google; using Core.Thalos.External.Clients.Thalos.Requests.Users; using LSA.Dashboard.External.Clients.Dashboard; using Microsoft.AspNetCore.Authorization; @@ -18,8 +19,22 @@ namespace Core.Thalos.BFF.Api.Controllers [Produces(MimeTypes.ApplicationJson)] [Consumes(MimeTypes.ApplicationJson)] [ApiController] - public class AuthenticationController(IThalosServiceClient thalosServiceClient, ILogger logger, ITokenService tokenService) : BaseController(logger) + public class AuthenticationController( + IThalosServiceClient thalosServiceClient, + ILogger logger, + ITokenService tokenService, + IGoogleAuthorization googleAuthorization) : BaseController(logger) { + [HttpGet] + public IActionResult Authorize() => Ok(googleAuthorization.GetAuthorizationUrl()); + + [HttpGet("callback")] + public async Task Callback(string code) + { + var userCredential = await googleAuthorization.ExchangeCodeForToken(code); + + return Ok(new { Token = userCredential!.Token.IdToken }); + } /// /// Get token for user. /// @@ -30,7 +45,7 @@ namespace Core.Thalos.BFF.Api.Controllers [HttpGet] [Route(Routes.GenerateToken)] [ProducesResponseType(typeof(UserAdapter), StatusCodes.Status200OK)] - [Authorize(AuthenticationSchemes = Schemes.AzureScheme)] + [Authorize(AuthenticationSchemes = Schemes.GoogleScheme)] public async Task GenerateTokenService(CancellationToken cancellationToken) { try diff --git a/Core.Thalos.BFF.Api/Controllers/ModuleController.cs b/Core.Thalos.BFF.Api/Controllers/ModuleController.cs index dd9865e..b349f1f 100644 --- a/Core.Thalos.BFF.Api/Controllers/ModuleController.cs +++ b/Core.Thalos.BFF.Api/Controllers/ModuleController.cs @@ -19,7 +19,7 @@ namespace Core.Thalos.BFF.Api.Controllers [Consumes("application/json")] [Produces("application/json")] [ApiController] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] public class ModuleController(IThalosServiceClient thalosServiceClient, ILogger logger) : BaseController(logger) { /// @@ -32,7 +32,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Read, RoleManagement.Read")] + [Permission("ModuleManagement.Read, RoleManagement.Read")] public async Task GetAllModulesService(CancellationToken cancellationToken) { try @@ -65,7 +65,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Read")] + [Permission("ModuleManagement.Read")] public async Task GetAllModulesByListAsync([FromBody] GetAllModulesByListRequest request, CancellationToken cancellationToken) { try @@ -98,7 +98,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Write")] + [Permission("ModuleManagement.Write")] public async Task CreateModuleService(CreateModuleRequest newModule, CancellationToken cancellationToken) { try @@ -132,7 +132,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Read")] + [Permission("ModuleManagement.Read")] public async Task GetModuleByIdService(GetModuleRequest request, CancellationToken cancellationToken) { try @@ -160,7 +160,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Write")] + [Permission("ModuleManagement.Write")] public async Task UpdateModuleService(UpdateModuleRequest newModule, CancellationToken cancellationToken) { try @@ -196,7 +196,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Permission("ModuleManagement.Write")] + [Permission("ModuleManagement.Write")] public async Task ChangeModuleStatusService([FromBody] ChangeModuleStatusRequest request, CancellationToken cancellationToken) { try diff --git a/Core.Thalos.BFF.Api/Controllers/PermissionController.cs b/Core.Thalos.BFF.Api/Controllers/PermissionController.cs index f8e38ea..cf0c0a4 100644 --- a/Core.Thalos.BFF.Api/Controllers/PermissionController.cs +++ b/Core.Thalos.BFF.Api/Controllers/PermissionController.cs @@ -20,7 +20,7 @@ namespace Core.Thalos.BFF.Api.Controllers [Consumes("application/json")] [Produces("application/json")] [ApiController] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] public class PermissionController(IThalosServiceClient thalosServiceClient, ILogger logger) : BaseController(logger) { /// diff --git a/Core.Thalos.BFF.Api/Controllers/RoleController.cs b/Core.Thalos.BFF.Api/Controllers/RoleController.cs index 77c2728..0d90bb6 100644 --- a/Core.Thalos.BFF.Api/Controllers/RoleController.cs +++ b/Core.Thalos.BFF.Api/Controllers/RoleController.cs @@ -18,7 +18,7 @@ namespace Core.Thalos.BFF.Api.Controllers [Consumes("application/json")] [Produces("application/json")] [ApiController] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] public class RoleController(IThalosServiceClient thalosServiceClient, ILogger logger) : BaseController(logger) { /// diff --git a/Core.Thalos.BFF.Api/Controllers/UserController.cs b/Core.Thalos.BFF.Api/Controllers/UserController.cs index 8a14c92..a3ea2bf 100644 --- a/Core.Thalos.BFF.Api/Controllers/UserController.cs +++ b/Core.Thalos.BFF.Api/Controllers/UserController.cs @@ -31,7 +31,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Read")] public async Task GetAllUsersService(CancellationToken cancellationToken) { @@ -58,7 +58,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task CreateUserService(CreateUserRequest newUser, CancellationToken cancellationToken) { @@ -97,7 +97,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Read")] public async Task GetUserByIdService(GetUserRequest request, CancellationToken cancellationToken) { @@ -126,7 +126,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Read")] public async Task GetUserByEmailService(GetUserByEmailRequest request, CancellationToken cancellationToken) { @@ -155,7 +155,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task UpdateUserService(UpdateUserRequest request, CancellationToken cancellationToken) { @@ -194,7 +194,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - [Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")] + [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")] public async Task LoginUserService([FromBody] LoginUserRequest request, CancellationToken cancellationToken) { try @@ -222,7 +222,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - [Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")] + [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")] public async Task LogoutUserService([FromBody] LogoutUserRequest request, CancellationToken cancellationToken) { try @@ -252,7 +252,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task ChangeUserStatusService([FromBody] ChangeUserStatusRequest request, CancellationToken cancellationToken) { @@ -283,7 +283,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task AddCompanyToUserService([FromBody] AddCompanyToUserRequest request, CancellationToken cancellationToken) { @@ -315,7 +315,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task RemoveCompanyFromUserService([FromBody] RemoveCompanyFromUserRequest request, CancellationToken cancellationToken) { @@ -347,7 +347,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task AddProjectToUserService([FromBody] AddProjectToUserRequest request, CancellationToken cancellationToken) @@ -380,7 +380,7 @@ namespace Core.Thalos.BFF.Api.Controllers [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)] [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)] [ProducesResponseType(StatusCodes.Status500InternalServerError)] - //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] + [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)] [Permission("UserManagement.Write")] public async Task RemoveProjectFromUserService([FromBody] RemoveProjectFromUserRequest request, CancellationToken cancellationToken) { diff --git a/Core.Thalos.BFF.Api/Program.cs b/Core.Thalos.BFF.Api/Program.cs index b90e44d..2465156 100644 --- a/Core.Thalos.BFF.Api/Program.cs +++ b/Core.Thalos.BFF.Api/Program.cs @@ -1,10 +1,10 @@ -using Asp.Versioning; -using Azure.Identity; using Core.Blueprint.Logging.Configuration; +using Core.Thalos.Adapters.Contracts; using Core.Thalos.Adapters.Extensions; +using Core.Thalos.Adapters.Services; +using Core.Thalos.BuildingBlocks.Authentication.Extensions; using Core.Thalos.External.ClientConfiguration; using Microsoft.AspNetCore.ResponseCompression; -using Microsoft.Extensions.Configuration.AzureAppConfiguration; using OpenTelemetry.Logs; using OpenTelemetry.Resources; using Swashbuckle.AspNetCore.SwaggerUI; @@ -13,6 +13,8 @@ using System.Reflection; var builder = WebApplication.CreateBuilder(args); +builder.Services.ConfigureAuthentication(builder.Configuration); + builder.Services.AddEndpointsApiExplorer(); builder.Configuration .AddUserSecrets(Assembly.GetExecutingAssembly()) @@ -81,7 +83,7 @@ builder.Host.ConfigureServices((context, services) => services.AddResponseCaching(); services.AddControllers(); services.AddEndpointsApiExplorer(); - services.AddSwaggerGen(); + services.AddSwaggerGen(builder.Configuration); services.AddLogging(); services.AddProblemDetails(); services.AddHttpContextAccessor(); @@ -107,6 +109,8 @@ builder.Services.AddCors(options => }); }); +builder.Services.AddScoped(); + //*************************************************************************// var app = builder.Build(); diff --git a/Core.Thalos.BFF.Api/appsettings.Local.json b/Core.Thalos.BFF.Api/appsettings.Local.json index f9eaec1..2ca5e21 100644 --- a/Core.Thalos.BFF.Api/appsettings.Local.json +++ b/Core.Thalos.BFF.Api/appsettings.Local.json @@ -7,6 +7,19 @@ }, "LocalGateways": { "ThalosService": "https://localhost:7253/api" - } + }, + "Authentication": { + "Google": { + "ClientId": "128345072002-mtfdgpcur44o9tbd7q6e0bb9qnp2crfp.apps.googleusercontent.com", + "ClientSecret": "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", + "ApplicationName": "Thalos", + "RedirectUri": "https://localhost:7239/api/v1/Authentication/callback" + } + }, + "JwtIssuerOptions": { + "Audience": "https://localhost:7239/", + "Issuer": "webApi" + }, + "SecretKey": "iNivDmHLpUA223sqsfhqGbMRdRj1PVkH1" } diff --git a/Core.Thalos.External/Core.Thalos.External.csproj b/Core.Thalos.External/Core.Thalos.External.csproj index 81178b9..aab67ea 100644 --- a/Core.Thalos.External/Core.Thalos.External.csproj +++ b/Core.Thalos.External/Core.Thalos.External.csproj @@ -7,7 +7,7 @@ - +