Configura authentication and authorization

2025-07-15 14:04:07 -06:00
parent 0429704cac
commit 482a330a39
8 changed files with 61 additions and 29 deletions
--- a/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs
@@ -3,6 +3,7 @@ using Core.Thalos.Adapters;
 using Core.Thalos.Adapters.Common.Constants;
 using Core.Thalos.Adapters.Contracts;
 using Core.Thalos.Application.UseCases.Users.Input;
+using Core.Thalos.BuildingBlocks.Authentication.Authorization.Google;
 using Core.Thalos.External.Clients.Thalos.Requests.Users;
 using LSA.Dashboard.External.Clients.Dashboard;
 using Microsoft.AspNetCore.Authorization;
@@ -18,8 +19,22 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Produces(MimeTypes.ApplicationJson)]
    [Consumes(MimeTypes.ApplicationJson)]
    [ApiController]
-    public class AuthenticationController(IThalosServiceClient thalosServiceClient, ILogger<AuthenticationController> logger, ITokenService tokenService) : BaseController(logger)
+    public class AuthenticationController(
+    IThalosServiceClient thalosServiceClient,
+    ILogger<AuthenticationController> logger,
+    ITokenService tokenService,
+    IGoogleAuthorization googleAuthorization) : BaseController(logger)
    {
+        [HttpGet]
+        public IActionResult Authorize() => Ok(googleAuthorization.GetAuthorizationUrl());
+
+        [HttpGet("callback")]
+        public async Task<IActionResult> Callback(string code)
+        {
+            var userCredential = await googleAuthorization.ExchangeCodeForToken(code);
+
+            return Ok(new { Token = userCredential!.Token.IdToken });
+        }
        /// <summary>
        /// Get token for user.
        /// </summary>
@@ -30,7 +45,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [HttpGet]
        [Route(Routes.GenerateToken)]
        [ProducesResponseType(typeof(UserAdapter), StatusCodes.Status200OK)]
-        [Authorize(AuthenticationSchemes = Schemes.AzureScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.GoogleScheme)]
        public async Task<IActionResult> GenerateTokenService(CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Controllers/ModuleController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/ModuleController.cs
@@ -19,7 +19,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class ModuleController(IThalosServiceClient thalosServiceClient, ILogger<ModuleController> logger) : BaseController(logger)
    {
        /// <summary>
@@ -32,7 +32,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Read, RoleManagement.Read")]
+        [Permission("ModuleManagement.Read, RoleManagement.Read")]
        public async Task<IActionResult> GetAllModulesService(CancellationToken cancellationToken)
        {
            try
@@ -65,7 +65,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Read")]
+        [Permission("ModuleManagement.Read")]
        public async Task<IActionResult> GetAllModulesByListAsync([FromBody] GetAllModulesByListRequest request, CancellationToken cancellationToken)
        {
            try
@@ -98,7 +98,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Write")]
+        [Permission("ModuleManagement.Write")]
        public async Task<IActionResult> CreateModuleService(CreateModuleRequest newModule, CancellationToken cancellationToken)
        {
            try
@@ -132,7 +132,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Read")]
+        [Permission("ModuleManagement.Read")]
        public async Task<IActionResult> GetModuleByIdService(GetModuleRequest request, CancellationToken cancellationToken)
        {
            try
@@ -160,7 +160,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Write")]
+        [Permission("ModuleManagement.Write")]
        public async Task<IActionResult> UpdateModuleService(UpdateModuleRequest newModule, CancellationToken cancellationToken)
        {
            try
@@ -196,7 +196,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Write")]
+        [Permission("ModuleManagement.Write")]
        public async Task<IActionResult> ChangeModuleStatusService([FromBody] ChangeModuleStatusRequest request, CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Controllers/PermissionController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/PermissionController.cs
@@ -20,7 +20,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class PermissionController(IThalosServiceClient thalosServiceClient, ILogger<PermissionController> logger) : BaseController(logger)
    {
        /// <summary>
--- a/Core.Thalos.BFF.Api/Controllers/RoleController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/RoleController.cs
@@ -18,7 +18,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class RoleController(IThalosServiceClient thalosServiceClient, ILogger<RoleController> logger) : BaseController(logger)
    {
        /// <summary>
--- a/Core.Thalos.BFF.Api/Controllers/UserController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/UserController.cs
@@ -31,7 +31,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetAllUsersService(CancellationToken cancellationToken)
        {
@@ -58,7 +58,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> CreateUserService(CreateUserRequest newUser, CancellationToken cancellationToken)
        {
@@ -97,7 +97,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetUserByIdService(GetUserRequest request, CancellationToken cancellationToken)
        {
@@ -126,7 +126,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetUserByEmailService(GetUserByEmailRequest request, CancellationToken cancellationToken)
        {
@@ -155,7 +155,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> UpdateUserService(UpdateUserRequest request, CancellationToken cancellationToken)
        {
@@ -194,7 +194,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        [Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")]
+        [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")]
        public async Task<IActionResult> LoginUserService([FromBody] LoginUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -222,7 +222,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        [Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")]
+        [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")]
        public async Task<IActionResult> LogoutUserService([FromBody] LogoutUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -252,7 +252,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> ChangeUserStatusService([FromBody] ChangeUserStatusRequest request, CancellationToken cancellationToken)
        {
@@ -283,7 +283,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> AddCompanyToUserService([FromBody] AddCompanyToUserRequest request, CancellationToken cancellationToken)
        {
@@ -315,7 +315,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> RemoveCompanyFromUserService([FromBody] RemoveCompanyFromUserRequest request, CancellationToken cancellationToken)
        {
@@ -347,7 +347,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]

        public async Task<IActionResult> AddProjectToUserService([FromBody] AddProjectToUserRequest request, CancellationToken cancellationToken)
@@ -380,7 +380,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
        [Permission("UserManagement.Write")]
        public async Task<IActionResult> RemoveProjectFromUserService([FromBody] RemoveProjectFromUserRequest request, CancellationToken cancellationToken)
        {
--- a/Core.Thalos.BFF.Api/Program.cs
+++ b/Core.Thalos.BFF.Api/Program.cs
@@ -1,10 +1,10 @@
-using Asp.Versioning;
-using Azure.Identity;
 using Core.Blueprint.Logging.Configuration;
+using Core.Thalos.Adapters.Contracts;
 using Core.Thalos.Adapters.Extensions;
+using Core.Thalos.Adapters.Services;
+using Core.Thalos.BuildingBlocks.Authentication.Extensions;
 using Core.Thalos.External.ClientConfiguration;
 using Microsoft.AspNetCore.ResponseCompression;
-using Microsoft.Extensions.Configuration.AzureAppConfiguration;
 using OpenTelemetry.Logs;
 using OpenTelemetry.Resources;
 using Swashbuckle.AspNetCore.SwaggerUI;
@@ -13,6 +13,8 @@ using System.Reflection;

 var builder = WebApplication.CreateBuilder(args);

+builder.Services.ConfigureAuthentication(builder.Configuration);
+
 builder.Services.AddEndpointsApiExplorer();
 builder.Configuration
    .AddUserSecrets(Assembly.GetExecutingAssembly())
@@ -81,7 +83,7 @@ builder.Host.ConfigureServices((context, services) =>
    services.AddResponseCaching();
    services.AddControllers();
    services.AddEndpointsApiExplorer();
-    services.AddSwaggerGen();
+    services.AddSwaggerGen(builder.Configuration);
    services.AddLogging();
    services.AddProblemDetails();
    services.AddHttpContextAccessor();
@@ -107,6 +109,8 @@ builder.Services.AddCors(options =>
        });
 });

+builder.Services.AddScoped<ITokenService, TokenService>();
+
 //*************************************************************************//
 var app = builder.Build();

--- a/Core.Thalos.BFF.Api/appsettings.Local.json
+++ b/Core.Thalos.BFF.Api/appsettings.Local.json
@@ -7,6 +7,19 @@
  },
  "LocalGateways": {
    "ThalosService": "https://localhost:7253/api"
-  }
+  },
+  "Authentication": {
+    "Google": {
+      "ClientId": "128345072002-mtfdgpcur44o9tbd7q6e0bb9qnp2crfp.apps.googleusercontent.com",
+      "ClientSecret": "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",
+      "ApplicationName": "Thalos",
+      "RedirectUri": "https://localhost:7239/api/v1/Authentication/callback"
+    }
+  },
+  "JwtIssuerOptions": {
+    "Audience": "https://localhost:7239/",
+    "Issuer": "webApi"
+  },
+  "SecretKey": "iNivDmHLpUA223sqsfhqGbMRdRj1PVkH1"
 }

--- a/Core.Thalos.External/Core.Thalos.External.csproj
+++ b/Core.Thalos.External/Core.Thalos.External.csproj
@@ -7,7 +7,7 @@
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Core.Thalos.BuildingBlocks" Version="1.0.2" />
+    <PackageReference Include="Core.Thalos.BuildingBlocks" Version="1.0.5" />
    <PackageReference Include="Lib.Architecture.BuildingBlocks" Version="1.0.0" />
    <PackageReference Include="Refit" Version="8.0.0" />
  </ItemGroup>