Compare commits
11 Commits
feature/fi
...
5277896bdc
| Author | SHA1 | Date | |
|---|---|---|---|
| 5277896bdc | |||
| 9a02f0e4d6 | |||
| 035da054d6 | |||
| a025bd87c1 | |||
| ff404ec105 | |||
| 8d1e218eb9 | |||
| db10d185da | |||
| cbeeebd5a6 | |||
| 0f7567ec67 | |||
|
aeab9548b8 | ||
| 3eb6bfc60f |
24
Core.Cerberos.Adapters/Common/Constants/Policies.cs
Normal file
24
Core.Cerberos.Adapters/Common/Constants/Policies.cs
Normal file
@@ -0,0 +1,24 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
namespace Core.Thalos.BuildingBlocks.Common.Constants
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for policy.
|
||||
/// </summary>
|
||||
public class Policies
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the access policy for reading mobile-related data.
|
||||
/// This policy grants read-only permissions for retrieving mobile device information,
|
||||
/// user mobile settings, or related data as per the application's authorization scope.
|
||||
/// </summary>
|
||||
public const string Read = "Read";
|
||||
|
||||
/// <summary>
|
||||
/// Defines the access policy for writing mobile-related data.
|
||||
/// This policy grants permissions to modify, update, or store mobile device information,
|
||||
/// user mobile settings, or related data as per the application's authorization scope.
|
||||
/// </summary>
|
||||
public const string Write = "Write";
|
||||
}
|
||||
}
|
||||
15
Core.Cerberos.Adapters/Common/Constants/Roles.cs
Normal file
15
Core.Cerberos.Adapters/Common/Constants/Roles.cs
Normal file
@@ -0,0 +1,15 @@
|
||||
namespace Core.Thalos.BuildingBlocks.Common.Constants
|
||||
{
|
||||
public class Roles
|
||||
{
|
||||
/// <summary>
|
||||
/// The role for Guest.
|
||||
/// </summary>
|
||||
public const string Guest = "684909c4826cd093b4f61c11";
|
||||
|
||||
/// <summary>
|
||||
/// The role for Admin.
|
||||
/// </summary>
|
||||
public const string Admin = "68407642ec46a0e6fe1e8ec9";
|
||||
}
|
||||
}
|
||||
@@ -1,11 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using System.Threading.Tasks;
|
||||
using System.Text.Json;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class BaseAdapterResponse
|
||||
{
|
||||
|
||||
32
Core.Thalos.BuildingBlocks/Adapters/CatalogAdapter.cs
Normal file
32
Core.Thalos.BuildingBlocks/Adapters/CatalogAdapter.cs
Normal file
@@ -0,0 +1,32 @@
|
||||
using Core.Blueprint.Mongo;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks.Adapters
|
||||
{
|
||||
[CollectionAttributeName("Catalogs")]
|
||||
public class CatalogAdapter : Document
|
||||
{
|
||||
[BsonElement("name")]
|
||||
public string Name { get; set; } = null!;
|
||||
|
||||
[BsonElement("key")]
|
||||
public string? Key { get; set; } = null!;
|
||||
|
||||
[BsonElement("description")]
|
||||
public string? Description { get; set; }
|
||||
|
||||
public IEnumerable<CatalogValue>? Values { get; set; }
|
||||
}
|
||||
|
||||
public class CatalogValue
|
||||
{
|
||||
[BsonId]
|
||||
[BsonElement("_id")]
|
||||
[BsonRepresentation(BsonType.ObjectId)]
|
||||
public string _Id { get; set; } = null!;
|
||||
|
||||
[BsonElement("value")]
|
||||
public string Value { get; set; } = null!;
|
||||
}
|
||||
}
|
||||
@@ -5,12 +5,11 @@
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Blueprint.Mongo;
|
||||
using Core.Thalos.Adapters.Common.Enums;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Adapter for representing a module.
|
||||
|
||||
@@ -5,12 +5,11 @@
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Blueprint.Mongo;
|
||||
using Core.Thalos.Adapters.Common.Constants;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Adapter for representing a permission.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Handlers.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class PermissionsAuthorizationAdapter : IAuthorizationRequirement
|
||||
{
|
||||
@@ -5,12 +5,11 @@
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Blueprint.Mongo;
|
||||
using Core.Thalos.Adapters.Common.Enums;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Adapter representing a role.
|
||||
|
||||
53
Core.Thalos.BuildingBlocks/Adapters/TenantAdapter.cs
Normal file
53
Core.Thalos.BuildingBlocks/Adapters/TenantAdapter.cs
Normal file
@@ -0,0 +1,53 @@
|
||||
using Core.Blueprint.Mongo;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
[CollectionAttributeName("Tenants")]
|
||||
public class TenantAdapter : Document
|
||||
{
|
||||
[BsonElement("name")]
|
||||
public string Name { get; set; } = null!;
|
||||
|
||||
[BsonElement("taxIdentifier")]
|
||||
public string TaxIdentifier { get; set; } = null!;
|
||||
|
||||
[BsonElement("addressLine1")]
|
||||
public string AddressLine1 { get; set; } = null!;
|
||||
|
||||
[BsonElement("addressLine2")]
|
||||
[BsonIgnoreIfNull]
|
||||
public string? AddressLine2 { get; set; }
|
||||
|
||||
[BsonElement("city")]
|
||||
public string City { get; set; } = null!;
|
||||
|
||||
[BsonElement("state")]
|
||||
public string State { get; set; } = null!;
|
||||
|
||||
[BsonElement("country")]
|
||||
public string Country { get; set; } = null!;
|
||||
|
||||
[BsonElement("postalCode")]
|
||||
public string PostalCode { get; set; } = null!;
|
||||
|
||||
[BsonElement("contactEmail")]
|
||||
public string ContactEmail { get; set; } = null!;
|
||||
|
||||
[BsonElement("contactPhone")]
|
||||
public string ContactPhone { get; set; } = null!;
|
||||
|
||||
[BsonElement("website")]
|
||||
[BsonIgnoreIfNull]
|
||||
public string? Website { get; set; }
|
||||
|
||||
[BsonElement("connectionString")]
|
||||
[BsonIgnoreIfNull]
|
||||
public string? ConnectionString { get; set; }
|
||||
|
||||
[BsonElement("isolated")]
|
||||
public bool Isolated { get; set; }
|
||||
}
|
||||
|
||||
}
|
||||
@@ -4,7 +4,7 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class TokenAdapter
|
||||
{
|
||||
|
||||
@@ -8,7 +8,7 @@ using MongoDB.Bson;
|
||||
using MongoDB.Bson.Serialization.Attributes;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Adapter representing a user.
|
||||
@@ -72,28 +72,6 @@ namespace Core.Thalos.Adapters
|
||||
[JsonPropertyName("roleId")]
|
||||
public string RoleId { get; set; } = null!;
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the array of companies associated with the user.
|
||||
/// </summary>
|
||||
[BsonElement("companies")]
|
||||
[JsonPropertyName("companies")]
|
||||
public string[] Companies { get; set; } = null!;
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the array of projects associated with the user.
|
||||
/// </summary>
|
||||
[BsonElement("projects")]
|
||||
[JsonPropertyName("projects")]
|
||||
public string[]? Projects { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the boolean of the consent form accepted by the user.
|
||||
/// </summary>
|
||||
[BsonElement("consentFormAccepted")]
|
||||
[JsonPropertyName("consentFormAccepted")]
|
||||
[BsonIgnoreIfNull]
|
||||
public bool ConsentFormAccepted { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the timestamp of the last login of the user.
|
||||
/// </summary>
|
||||
@@ -118,5 +96,13 @@ namespace Core.Thalos.Adapters
|
||||
[BsonRepresentation(BsonType.String)]
|
||||
[JsonPropertyName("token")]
|
||||
public string? Token { get; set; } = null;
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the tenant identifier associated with the user.
|
||||
/// </summary>
|
||||
[BsonElement("tenantId")]
|
||||
[BsonRepresentation(BsonType.ObjectId)]
|
||||
[JsonPropertyName("tenantId")]
|
||||
public string? TenantId { get; set; } = null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Adapter representing a user.
|
||||
@@ -1,4 +1,4 @@
|
||||
namespace Core.Thalos.Adapters
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class Permission
|
||||
{
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.Filters;
|
||||
|
||||
namespace Core.Thalos.Adapters.Attributes
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Custom authorization attribute that checks if the user has any of the required permissions.
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
using Google.Apis.Auth.OAuth2;
|
||||
using Google.Apis.Auth.OAuth2.Flows;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class GoogleAuthorization(
|
||||
IGoogleAuthHelper googleHelper, IConfiguration config, GoogleAuthSettings googlesettings) : IGoogleAuthorization
|
||||
{
|
||||
private string RedirectUrl = googlesettings.RedirectUri ?? string.Empty;
|
||||
|
||||
public async Task<UserCredential> ExchangeCodeForToken(string code)
|
||||
{
|
||||
var flow = new GoogleAuthorizationCodeFlow(
|
||||
new GoogleAuthorizationCodeFlow.Initializer
|
||||
{
|
||||
ClientSecrets = googleHelper.GetClientSecrets(),
|
||||
Scopes = googleHelper.GetScopes()
|
||||
});
|
||||
|
||||
var token = await flow.ExchangeCodeForTokenAsync(
|
||||
"user", code, RedirectUrl, CancellationToken.None);
|
||||
|
||||
return new UserCredential(flow, "user", token);
|
||||
}
|
||||
|
||||
public string GetAuthorizationUrl() =>
|
||||
new GoogleAuthorizationCodeFlow(
|
||||
new GoogleAuthorizationCodeFlow.Initializer
|
||||
{
|
||||
|
||||
ClientSecrets = googleHelper.GetClientSecrets(),
|
||||
Scopes = googleHelper.GetScopes(),
|
||||
Prompt = "consent"
|
||||
}).CreateAuthorizationCodeRequest(RedirectUrl).Build().ToString();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
using Google.Apis.Auth.OAuth2;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public interface IGoogleAuthorization
|
||||
{
|
||||
string GetAuthorizationUrl();
|
||||
Task<UserCredential> ExchangeCodeForToken(string code);
|
||||
}
|
||||
}
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Specifies different access level for a permission.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// AgileWebs
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for Azure Active Directory.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// AgileWebs
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for claims used in JWT tokens.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public static class CollectionNames
|
||||
{
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants of the environment variables for this service.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// AgileWebs
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for Key Vault configuration.
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
using System.Globalization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for the mime types.
|
||||
|
||||
24
Core.Thalos.BuildingBlocks/Common/Constants/Policies.cs
Normal file
24
Core.Thalos.BuildingBlocks/Common/Constants/Policies.cs
Normal file
@@ -0,0 +1,24 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for policy.
|
||||
/// </summary>
|
||||
public class Policies
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the access policy for reading mobile-related data.
|
||||
/// This policy grants read-only permissions for retrieving mobile device information,
|
||||
/// user mobile settings, or related data as per the application's authorization scope.
|
||||
/// </summary>
|
||||
public const string Read = "Read";
|
||||
|
||||
/// <summary>
|
||||
/// Defines the access policy for writing mobile-related data.
|
||||
/// This policy grants permissions to modify, update, or store mobile device information,
|
||||
/// user mobile settings, or related data as per the application's authorization scope.
|
||||
/// </summary>
|
||||
public const string Write = "Write";
|
||||
}
|
||||
}
|
||||
15
Core.Thalos.BuildingBlocks/Common/Constants/Roles.cs
Normal file
15
Core.Thalos.BuildingBlocks/Common/Constants/Roles.cs
Normal file
@@ -0,0 +1,15 @@
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class Roles
|
||||
{
|
||||
/// <summary>
|
||||
/// The role for Guest.
|
||||
/// </summary>
|
||||
public const string Guest = "684909c4826cd093b4f61c11";
|
||||
|
||||
/// <summary>
|
||||
/// The role for Admin.
|
||||
/// </summary>
|
||||
public const string Admin = "68407642ec46a0e6fe1e8ec9";
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,7 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants of the routes of this service.
|
||||
@@ -24,7 +24,7 @@ namespace Core.Thalos.Adapters.Common.Constants
|
||||
/// <summary>
|
||||
/// The identifier route.
|
||||
/// </summary>
|
||||
public const string Id = "{id}";
|
||||
public const string Id = "{_id}";
|
||||
|
||||
/// <summary>
|
||||
/// The Authentication route.
|
||||
@@ -74,7 +74,7 @@ namespace Core.Thalos.Adapters.Common.Constants
|
||||
/// <summary>
|
||||
/// The ChangeStatus route.
|
||||
/// </summary>
|
||||
public const string ChangeStatus = "{id}/{newStatus}/ChangeStatus";
|
||||
public const string ChangeStatus = "{_id}/{newStatus}/ChangeStatus";
|
||||
|
||||
/// <summary>
|
||||
/// The AddCompany route.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for schemes.
|
||||
@@ -14,5 +14,10 @@
|
||||
/// The azure scheme.
|
||||
/// </summary>
|
||||
public const string AzureScheme = "AzureScheme";
|
||||
|
||||
/// <summary>
|
||||
/// The google scheme.
|
||||
/// </summary>
|
||||
public const string GoogleScheme = "GoogleScheme";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// AgileWebs
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
namespace Core.Thalos.Adapters.Common.Constants
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Constants for secrets in azure key vault.
|
||||
@@ -23,12 +23,12 @@ namespace Core.Thalos.Adapters.Common.Constants
|
||||
/// <summary>
|
||||
/// The Issuer parameter for JWT settings.
|
||||
/// </summary>
|
||||
public const string Issuer = "Issuer";
|
||||
public const string Issuer = "JWTIssuer";
|
||||
|
||||
/// <summary>
|
||||
/// The Audience parameter for JWT settings.
|
||||
/// </summary>
|
||||
public const string Audience = "Audience";
|
||||
public const string Audience = "JWTAudience";
|
||||
|
||||
/// <summary>
|
||||
/// The TokenExpirationInMinutes parameter for JWT settings.
|
||||
@@ -55,5 +55,8 @@ namespace Core.Thalos.Adapters.Common.Constants
|
||||
public const string ThalosAppScope = "Swagger:Scope";
|
||||
public const string PrivateKey = "JwtTokenPrivateKey";
|
||||
public const string PublicKey = "JwtTokenPublicKey";
|
||||
public const string GoogleClientId = "GoogleClientId";
|
||||
public const string GoogleClientSecret = "GoogleClientSecret";
|
||||
public const string GoogleRedirectUri = "GoogleRedirectUri";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Enums
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the applications associated with the role.
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Common.Enums
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the status of an entity.
|
||||
|
||||
11
Core.Thalos.BuildingBlocks/Contracts/IGoogleAuthHelper.cs
Normal file
11
Core.Thalos.BuildingBlocks/Contracts/IGoogleAuthHelper.cs
Normal file
@@ -0,0 +1,11 @@
|
||||
using Google.Apis.Auth.OAuth2;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public interface IGoogleAuthHelper
|
||||
{
|
||||
string[] GetScopes();
|
||||
string ScopeToString();
|
||||
ClientSecrets GetClientSecrets();
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,7 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
namespace Core.Thalos.Adapters.Contracts
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Interface for token provider.
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Core.Thalos.Adapters.Contracts
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Interface for authenticacion service.
|
||||
|
||||
@@ -8,15 +8,20 @@
|
||||
<TargetFramework>net8.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<VersionPrefix>1.0.2</VersionPrefix>
|
||||
<VersionPrefix>1.0.5</VersionPrefix>
|
||||
<VersionSuffix>$(Date:yyyyMMddHHmm)</VersionSuffix>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="8.1.0" />
|
||||
<PackageReference Include="Core.Blueprint.KeyVault" Version="1.0.3" />
|
||||
<PackageReference Include="Core.Blueprint.Mongo" Version="1.0.0" />
|
||||
<PackageReference Include="Google.Apis.Auth" Version="1.70.0" />
|
||||
<PackageReference Include="Google.Apis.Oauth2.v2" Version="1.68.0.1869" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="8.0.18" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.10" />
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.AzureAppConfiguration" Version="8.2.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Options" Version="9.0.7" />
|
||||
<PackageReference Include="Microsoft.Identity.Web" Version="3.9.1" />
|
||||
<PackageReference Include="Microsoft.Identity.Web.MicrosoftGraph" Version="3.9.1" />
|
||||
<PackageReference Include="MongoDB.Bson" Version="3.4.0" />
|
||||
@@ -30,4 +35,8 @@
|
||||
<PackageReference Include="System.Text.Json" Version="9.0.5" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<Folder Include="Handlers\Adapters\" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
||||
@@ -4,11 +4,7 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Thalos.Adapters.Common.Constants;
|
||||
using Core.Thalos.Adapters.Contracts;
|
||||
using Core.Thalos.Adapters.Handlers;
|
||||
using Core.Thalos.Adapters.Options;
|
||||
using Core.Thalos.Adapters.Services;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
@@ -17,7 +13,7 @@ using Microsoft.Identity.Web;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace Core.Thalos.Adapters.Extensions
|
||||
namespace Core.Thalos.BuildingBlocks.Configuration
|
||||
{
|
||||
/// <summary>
|
||||
/// Extension methods for configuring authentication with various Azure AD setups.
|
||||
@@ -33,36 +29,38 @@ namespace Core.Thalos.Adapters.Extensions
|
||||
{
|
||||
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
|
||||
|
||||
var azureAdInMemorySettings = new Dictionary<string, string?>
|
||||
{
|
||||
{ "AzureAdB2C:Instance", authSettings.AzureADInstance ?? string.Empty },
|
||||
{ "AzureAdB2C:TenantId", authSettings.AzureADTenantId ?? string.Empty },
|
||||
{ "AzureAdB2C:ClientId", authSettings.AzureADClientId ?? string.Empty },
|
||||
{ "AzureAdB2C:ClientSecret", authSettings.AzureADClientSecret ?? string.Empty }
|
||||
};
|
||||
var identityProviders = new IdentityProviders();
|
||||
configuration.GetSection("IdentityProviders").Bind(identityProviders);
|
||||
|
||||
var configurationBuilder = new ConfigurationBuilder()
|
||||
.AddConfiguration(configuration)
|
||||
.AddInMemoryCollection(azureAdInMemorySettings);
|
||||
AddCustomAuthentication(services, authSettings.Token);
|
||||
|
||||
var combinedConfiguration = configurationBuilder.Build();
|
||||
if (identityProviders.Azure)
|
||||
AddAzureAuthentication(authSettings, configuration, services);
|
||||
|
||||
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||
.AddMicrosoftIdentityWebApi(combinedConfiguration.GetSection("AzureAdB2C"), Schemes.AzureScheme)
|
||||
.EnableTokenAcquisitionToCallDownstreamApi()
|
||||
.AddMicrosoftGraph(configuration.GetSection("MicrosoftGraph"))
|
||||
.AddInMemoryTokenCaches();
|
||||
if (identityProviders.Google)
|
||||
AddGoogleAuthentication(services, authSettings.Google);
|
||||
|
||||
services.AddAuthorization();
|
||||
services.AddTransient<IAuthorizationHandler, PermissionsAuthorizationHandler>();
|
||||
services.AddTransient<ITokenService, TokenService>();
|
||||
}
|
||||
|
||||
public static void AddCustomAuthentication(IServiceCollection services, TokenAuthSettings tokenAuthSettings)
|
||||
{
|
||||
var rsa = RSA.Create();
|
||||
rsa.ImportFromPem(authSettings.PrivateKey?.ToCharArray());
|
||||
rsa.ImportFromPem(tokenAuthSettings.PrivateKey?.ToCharArray());
|
||||
var rsaPrivateKey = new RsaSecurityKey(rsa);
|
||||
|
||||
var rsaPublic = RSA.Create();
|
||||
rsaPublic.ImportFromPem(authSettings.PublicKey?.ToCharArray());
|
||||
rsaPublic.ImportFromPem(tokenAuthSettings.PublicKey?.ToCharArray());
|
||||
var rsaPublicKey = new RsaSecurityKey(rsaPublic);
|
||||
|
||||
var jwtAppSettingOptions = configuration.GetSection("B2C:JwtIssuerOptions");
|
||||
var jwtIssuerOptions = jwtAppSettingOptions.Get<JwtIssuerOptions>();
|
||||
|
||||
var jwtIssuerOptions = new JwtIssuerOptions
|
||||
{
|
||||
Audience = tokenAuthSettings.Audience,
|
||||
Issuer = tokenAuthSettings.Issuer,
|
||||
};
|
||||
|
||||
if (string.IsNullOrEmpty(jwtIssuerOptions?.Issuer) || string.IsNullOrEmpty(jwtIssuerOptions.Audience))
|
||||
throw new InvalidOperationException("JwtIssuerOptions are not configured correctly.");
|
||||
@@ -88,10 +86,52 @@ namespace Core.Thalos.Adapters.Extensions
|
||||
options.Audience = jwtIssuerOptions?.Audience;
|
||||
options.SigningCredentials = new SigningCredentials(rsaPrivateKey, SecurityAlgorithms.RsaSha256);
|
||||
});
|
||||
}
|
||||
|
||||
services.AddSingleton(jwtAppSettingOptions);
|
||||
services.AddTransient<IAuthorizationHandler, PermissionsAuthorizationHandler>();
|
||||
services.AddTransient<ITokenService, TokenService>();
|
||||
public static void AddAzureAuthentication(AuthSettings authSettings, IConfiguration configuration, IServiceCollection services)
|
||||
{
|
||||
var azureAdInMemorySettings = new Dictionary<string, string?>
|
||||
{
|
||||
{ "AzureAdB2C:Instance", authSettings.Azure.Instance ?? string.Empty },
|
||||
{ "AzureAdB2C:TenantId", authSettings.Azure.TenantId ?? string.Empty },
|
||||
{ "AzureAdB2C:ClientId", authSettings.Azure.ClientId ?? string.Empty },
|
||||
{ "AzureAdB2C:ClientSecret", authSettings.Azure.ClientSecret ?? string.Empty }
|
||||
};
|
||||
|
||||
var configurationBuilder = new ConfigurationBuilder()
|
||||
.AddConfiguration(configuration)
|
||||
.AddInMemoryCollection(azureAdInMemorySettings);
|
||||
|
||||
var combinedConfiguration = configurationBuilder.Build();
|
||||
|
||||
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||
.AddMicrosoftIdentityWebApi(combinedConfiguration.GetSection("AzureAdB2C"), Schemes.AzureScheme)
|
||||
.EnableTokenAcquisitionToCallDownstreamApi()
|
||||
.AddMicrosoftGraph(configuration.GetSection("MicrosoftGraph"))
|
||||
.AddInMemoryTokenCaches();
|
||||
}
|
||||
|
||||
public static void AddGoogleAuthentication(IServiceCollection services, GoogleAuthSettings googleAuthSettings)
|
||||
{
|
||||
services.AddSingleton<GoogleAuthSettings>(googleAuthSettings);
|
||||
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = Schemes.GoogleScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddScheme<AuthenticationSchemeOptions,
|
||||
GoogleAccessTokenAuthenticationHandler>(Schemes.GoogleScheme, null)
|
||||
.AddGoogle(options =>
|
||||
{
|
||||
options.ClientId = googleAuthSettings.ClientId!;
|
||||
options.ClientSecret = googleAuthSettings.ClientSecret!;
|
||||
//options.SaveTokens = true;
|
||||
options.CallbackPath = $"/{googleAuthSettings.RedirectUri}";
|
||||
});
|
||||
|
||||
services.AddScoped<IGoogleAuthHelper, GoogleAuthHelper>();
|
||||
services.AddScoped<IGoogleAuthorization, GoogleAuthorization>();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,8 +5,6 @@
|
||||
// ***********************************************************************
|
||||
|
||||
using Asp.Versioning.ApiExplorer;
|
||||
using Core.Thalos.Adapters.Common.Constants;
|
||||
using Core.Thalos.Adapters.Extensions;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
@@ -16,7 +14,7 @@ using Microsoft.OpenApi.Models;
|
||||
using Swashbuckle.AspNetCore.SwaggerGen;
|
||||
using Swashbuckle.AspNetCore.SwaggerUI;
|
||||
|
||||
namespace Core.Thalos.Adapters.Extensions
|
||||
namespace Core.Thalos.BuildingBlocks.Configuration
|
||||
{
|
||||
/// <summary>
|
||||
/// Extension methods for configuring Swagger documentation and UI.
|
||||
@@ -40,71 +38,115 @@ namespace Core.Thalos.Adapters.Extensions
|
||||
/// </summary>
|
||||
/// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
|
||||
/// <param name="configuration">The <see cref="IConfiguration"/> containing Swagger and OAuth2 configuration settings.</param>
|
||||
public static void AddSwaggerGen(this IServiceCollection services, IConfiguration configuration, string DocumentationFile, AuthSettings authSettings)
|
||||
public static void AddSwaggerGen(
|
||||
this IServiceCollection services,
|
||||
IConfiguration configuration,
|
||||
string documentationFile,
|
||||
AuthSettings authSettings)
|
||||
{
|
||||
var identityProviders = new IdentityProviders();
|
||||
configuration.GetSection("IdentityProviders").Bind(identityProviders);
|
||||
|
||||
services.AddSwaggerGen(c =>
|
||||
{
|
||||
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
||||
{
|
||||
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
|
||||
Description = "JWT Authorization header using the Bearer scheme",
|
||||
Name = "Authorization",
|
||||
In = ParameterLocation.Header,
|
||||
Type = SecuritySchemeType.Http,
|
||||
Scheme = "bearer",
|
||||
BearerFormat = "JWT"
|
||||
});
|
||||
|
||||
c.AddSecurityRequirement(new OpenApiSecurityRequirement
|
||||
{
|
||||
{
|
||||
new OpenApiSecurityScheme
|
||||
{
|
||||
Reference = new OpenApiReference
|
||||
{
|
||||
Description = "OAuth2.0 Authorization Code flow",
|
||||
Name = "oauth2.0",
|
||||
Type = ReferenceType.SecurityScheme,
|
||||
Id = "Bearer"
|
||||
}
|
||||
},
|
||||
Array.Empty<string>()
|
||||
}
|
||||
});
|
||||
|
||||
if (identityProviders.Azure)
|
||||
{
|
||||
const string azureScheme = "oauth2-Azure";
|
||||
|
||||
c.AddSecurityDefinition(azureScheme, new OpenApiSecurityScheme
|
||||
{
|
||||
Description = "Azure OAuth2 Authorization Code flow",
|
||||
Type = SecuritySchemeType.OAuth2,
|
||||
Flows = new OpenApiOAuthFlows
|
||||
{
|
||||
AuthorizationCode = new OpenApiOAuthFlow
|
||||
{
|
||||
AuthorizationUrl = new Uri(authSettings.ThalosAppAuthorizationUrl ?? string.Empty),
|
||||
TokenUrl = new Uri(authSettings.ThalosAppTokenUrl ?? string.Empty),
|
||||
AuthorizationUrl = new Uri(authSettings.Azure?.ThalosAppAuthorizationUrl ??
|
||||
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
|
||||
TokenUrl = new Uri(authSettings.Azure?.ThalosAppTokenUrl ??
|
||||
"https://login.microsoftonline.com/common/oauth2/v2.0/token"),
|
||||
Scopes = new Dictionary<string, string>
|
||||
{
|
||||
{ authSettings.ThalosAppScope ?? string.Empty, "Access API as User" }
|
||||
}
|
||||
{
|
||||
{ authSettings.Azure?.ThalosAppScope ?? "access_as_user", "Access API as User" }
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
c.AddSecurityRequirement(new OpenApiSecurityRequirement
|
||||
{
|
||||
{
|
||||
new OpenApiSecurityScheme
|
||||
[new OpenApiSecurityScheme
|
||||
{
|
||||
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }
|
||||
},
|
||||
new[] { authSettings.ThalosAppScope }
|
||||
}
|
||||
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = azureScheme }
|
||||
}] = new[] { authSettings.Azure?.ThalosAppScope ?? "access_as_user" }
|
||||
});
|
||||
}
|
||||
|
||||
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
||||
if (identityProviders.Google)
|
||||
{
|
||||
const string googleScheme = "oauth2-Google";
|
||||
|
||||
c.AddSecurityDefinition(googleScheme, new OpenApiSecurityScheme
|
||||
{
|
||||
Description = "JWT Authorization header using the Bearer scheme",
|
||||
Name = "Authorization",
|
||||
In = ParameterLocation.Header,
|
||||
Type = SecuritySchemeType.Http,
|
||||
Scheme = "bearer",
|
||||
BearerFormat = "JWT"
|
||||
Type = SecuritySchemeType.OAuth2,
|
||||
Flows = new OpenApiOAuthFlows
|
||||
{
|
||||
AuthorizationCode = new OpenApiOAuthFlow
|
||||
{
|
||||
AuthorizationUrl = new Uri("https://accounts.google.com/o/oauth2/v2/auth"),
|
||||
TokenUrl = new Uri("https://oauth2.googleapis.com/token"),
|
||||
Scopes = new Dictionary<string, string>
|
||||
{
|
||||
{ "openid", "OpenID Connect" },
|
||||
{ "email", "Access email" },
|
||||
{ "profile", "Access profile" }
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
c.AddSecurityRequirement(new OpenApiSecurityRequirement
|
||||
{
|
||||
{
|
||||
new OpenApiSecurityScheme
|
||||
[new OpenApiSecurityScheme
|
||||
{
|
||||
Reference = new OpenApiReference
|
||||
{
|
||||
Type = ReferenceType.SecurityScheme,
|
||||
Id = "Bearer"
|
||||
}
|
||||
},
|
||||
Array.Empty<string>()
|
||||
}
|
||||
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = googleScheme }
|
||||
}] = new[] { "openid", "email", "profile" }
|
||||
});
|
||||
}
|
||||
|
||||
var filePath = Path.Combine(AppContext.BaseDirectory, DocumentationFile);
|
||||
c.IncludeXmlComments(filePath);
|
||||
c.SchemaFilter<EnumSchemaFilter>();
|
||||
});
|
||||
// ✅ XML Comments
|
||||
var filePath = Path.Combine(AppContext.BaseDirectory, documentationFile);
|
||||
c.IncludeXmlComments(filePath);
|
||||
c.SchemaFilter<EnumSchemaFilter>();
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Configures Swagger and Swagger UI for the application.
|
||||
/// </summary>
|
||||
@@ -129,15 +171,36 @@ namespace Core.Thalos.Adapters.Extensions
|
||||
/// </summary>
|
||||
/// <param name="app">The <see cref="WebApplication"/> instance.</param>
|
||||
/// <param name="configuration">The <see cref="IConfiguration"/> containing Swagger UI and OAuth2 configuration settings.</param>
|
||||
public static void UseSwaggerUI(this WebApplication app, IConfiguration configuration, AuthSettings authSettings)
|
||||
public static void UseSwaggerUI(
|
||||
this WebApplication app,
|
||||
IConfiguration configuration,
|
||||
AuthSettings authSettings)
|
||||
{
|
||||
app.UseSwaggerUI(options =>
|
||||
var identityProviders = new IdentityProviders();
|
||||
configuration.GetSection("IdentityProviders").Bind(identityProviders);
|
||||
|
||||
app.UseSwagger();
|
||||
|
||||
if (identityProviders.Google)
|
||||
{
|
||||
options.SwaggerEndpoint("/swagger/v1/swagger.json", "Custom Auth API with Azure AD v1");
|
||||
options.OAuthClientId(authSettings.ThalosAppClientId);
|
||||
options.OAuthUsePkce();
|
||||
options.OAuthScopeSeparator(" ");
|
||||
});
|
||||
app.UseSwaggerUI(options =>
|
||||
{
|
||||
options.OAuthUsePkce();
|
||||
options.OAuthScopeSeparator(" ");
|
||||
options.OAuthClientId(authSettings.Google?.ClientId);
|
||||
options.OAuthClientSecret(authSettings.Google?.ClientSecret);
|
||||
});
|
||||
}
|
||||
|
||||
if (identityProviders.Azure)
|
||||
{
|
||||
app.UseSwaggerUI(options =>
|
||||
{
|
||||
options.OAuthUsePkce();
|
||||
options.OAuthScopeSeparator(" ");
|
||||
options.OAuthClientId(authSettings.Azure?.ThalosAppClientId);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
||||
@@ -4,15 +4,15 @@ using OpenTelemetry.Metrics;
|
||||
using OpenTelemetry.Resources;
|
||||
using OpenTelemetry.Trace;
|
||||
|
||||
namespace Core.Thalos.Adapters.Extensions
|
||||
namespace Core.Thalos.BuildingBlocks.Configuration
|
||||
{
|
||||
public static class TelemetryExtensions
|
||||
{
|
||||
public static void AddTelemetry(this IServiceCollection services)
|
||||
public static void AddTelemetry(this IServiceCollection services, string apiName)
|
||||
{
|
||||
// Add OpenTelemetry Tracing
|
||||
services.AddOpenTelemetry()
|
||||
.ConfigureResource(resource => resource.AddService("lsa.dashboard.bff.api"))
|
||||
.ConfigureResource(resource => resource.AddService($"{apiName}"))
|
||||
.WithTracing(tracing => tracing.AddAspNetCoreInstrumentation().AddConsoleExporter())
|
||||
.WithMetrics(metrics => metrics.AddAspNetCoreInstrumentation().AddConsoleExporter()).
|
||||
WithLogging(logs => logs.AddConsoleExporter());
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Core.Thalos.Adapters.Extensions
|
||||
namespace Core.Thalos.BuildingBlocks.Extensions
|
||||
{
|
||||
public sealed class TrackingMechanismExtension : DelegatingHandler
|
||||
{
|
||||
|
||||
@@ -4,9 +4,8 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Thalos.Adapters.Contracts;
|
||||
|
||||
namespace Core.Thalos.Adapters.Handlers
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Class to inject the token in all requests.
|
||||
|
||||
@@ -0,0 +1,65 @@
|
||||
using Google.Apis.Auth;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class GoogleAccessTokenAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
|
||||
ILoggerFactory logger,
|
||||
UrlEncoder encoder,
|
||||
IConfiguration config,
|
||||
GoogleAuthSettings googleSettings
|
||||
) : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
|
||||
|
||||
{
|
||||
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
if (!Request.Headers.ContainsKey("Authorization"))
|
||||
return AuthenticateResult.Fail("Missing Authorization header");
|
||||
|
||||
var authHeader = Request.Headers.Authorization.ToString();
|
||||
if (!authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
|
||||
return AuthenticateResult.Fail("Invalid Authorization header");
|
||||
|
||||
var idToken = authHeader["Bearer ".Length..].Trim();
|
||||
|
||||
GoogleJsonWebSignature.Payload payload;
|
||||
try
|
||||
{
|
||||
payload = await GoogleJsonWebSignature.ValidateAsync(
|
||||
idToken,
|
||||
new GoogleJsonWebSignature.ValidationSettings
|
||||
{
|
||||
Audience = new[] { googleSettings.ClientId! }
|
||||
});
|
||||
}
|
||||
catch (InvalidJwtException)
|
||||
{
|
||||
return AuthenticateResult.Fail("Invalid Google token");
|
||||
}
|
||||
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
new Claim(ClaimTypes.NameIdentifier, payload.Subject),
|
||||
new Claim(ClaimTypes.Email, payload.Email),
|
||||
new Claim(ClaimTypes.Name, payload.Name ?? "")
|
||||
};
|
||||
|
||||
var identity = new ClaimsIdentity(claims, Schemes.GoogleScheme);
|
||||
var principal = new ClaimsPrincipal(identity);
|
||||
|
||||
var userEmail = principal.FindFirst(ClaimTypes.Email)?.Value;
|
||||
|
||||
if (string.IsNullOrEmpty(userEmail) ||
|
||||
!userEmail.EndsWith("@agilewebs.com", StringComparison.OrdinalIgnoreCase))
|
||||
return AuthenticateResult.Fail("Unauthorized Access");
|
||||
|
||||
var ticket = new AuthenticationTicket(principal, Schemes.GoogleScheme);
|
||||
return AuthenticateResult.Success(ticket);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,6 @@
|
||||
using Core.Thalos.Adapters.Handlers.Adapters;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace Core.Thalos.Adapters.Handlers
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class PermissionsAuthorizationHandler : AuthorizationHandler<PermissionsAuthorizationAdapter>
|
||||
{
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
using Azure.Identity;
|
||||
using Core.Thalos.Adapters.Common.Constants;
|
||||
using Core.Blueprint.KeyVault;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.Configuration.AzureAppConfiguration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Core.Thalos.Adapters.Helpers
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public static class AuthHelper
|
||||
{
|
||||
@@ -15,9 +16,16 @@ namespace Core.Thalos.Adapters.Helpers
|
||||
}).CreateLogger("AuthHelper");
|
||||
|
||||
|
||||
public static AuthSettings GetAuthSettings(WebApplicationBuilder builder, string appConfigLabel)
|
||||
public static async Task<AuthSettings> GetAuthSettings(this IServiceCollection services, WebApplicationBuilder builder, string appConfigLabel)
|
||||
{
|
||||
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
|
||||
var authSettings = new AuthSettings();
|
||||
|
||||
var identityProviders = new IdentityProviders();
|
||||
builder.Configuration.GetSection("IdentityProviders").Bind(identityProviders);
|
||||
|
||||
using var serviceProvider = services.BuildServiceProvider();
|
||||
var keyVaultProvider = serviceProvider.GetRequiredService<IKeyVaultProvider>();
|
||||
|
||||
if (environment != "Local")
|
||||
{
|
||||
@@ -39,19 +47,82 @@ namespace Core.Thalos.Adapters.Helpers
|
||||
});
|
||||
}
|
||||
|
||||
return new AuthSettings
|
||||
if (identityProviders.Google)
|
||||
authSettings.Google = await GetGoogleSettings(keyVaultProvider, builder);
|
||||
|
||||
if (identityProviders.Azure)
|
||||
authSettings.Azure = GetAzureSettings(builder);
|
||||
|
||||
authSettings.Token = await GetTokenSettings(keyVaultProvider, builder);
|
||||
|
||||
return authSettings;
|
||||
}
|
||||
|
||||
private async static ValueTask<TokenAuthSettings> GetTokenSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
|
||||
{
|
||||
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
|
||||
|
||||
var tokenSettings = new TokenAuthSettings();
|
||||
|
||||
if (environment == "Local")
|
||||
{
|
||||
AzureADInstance = builder.Configuration.GetSection(Secrets.AzureADInstance).Value,
|
||||
AzureADTenantId = builder.Configuration.GetSection(Secrets.AzureADTenantId).Value,
|
||||
AzureADClientId = builder.Configuration.GetSection(Secrets.AzureADClientId).Value,
|
||||
AzureADClientSecret = builder.Configuration.GetSection(Secrets.AzureADClientSecret).Value,
|
||||
tokenSettings.PublicKey = (await keyVaultProvider.GetSecretAsync(Secrets.PublicKey, new CancellationToken { })).Secret.Value;
|
||||
tokenSettings.PrivateKey = (await keyVaultProvider.GetSecretAsync(Secrets.PrivateKey, new CancellationToken { })).Secret.Value;
|
||||
tokenSettings.Issuer = (await keyVaultProvider.GetSecretAsync(Secrets.Issuer, new CancellationToken { })).Secret.Value;
|
||||
tokenSettings.Audience = (await keyVaultProvider.GetSecretAsync(Secrets.Audience, new CancellationToken { })).Secret.Value;
|
||||
}
|
||||
else
|
||||
{
|
||||
tokenSettings.PrivateKey = builder.Configuration.GetSection(Secrets.PrivateKey).Value;
|
||||
tokenSettings.PublicKey = builder.Configuration.GetSection(Secrets.PublicKey).Value;
|
||||
tokenSettings.Issuer = builder.Configuration.GetSection(Secrets.Issuer).Value;
|
||||
tokenSettings.Audience = builder.Configuration.GetSection(Secrets.Audience).Value;
|
||||
}
|
||||
|
||||
if (string.IsNullOrEmpty(tokenSettings.PrivateKey) || string.IsNullOrEmpty(tokenSettings.PublicKey))
|
||||
{
|
||||
logger.LogError("Settings for token creation are missing or incorrectly formatted.");
|
||||
throw new InvalidOperationException("Invalid public or private key.");
|
||||
}
|
||||
|
||||
return tokenSettings;
|
||||
}
|
||||
|
||||
private static AzureAuthSettings GetAzureSettings(WebApplicationBuilder builder)
|
||||
{
|
||||
return new AzureAuthSettings
|
||||
{
|
||||
Instance = builder.Configuration.GetSection(Secrets.AzureADInstance).Value,
|
||||
TenantId = builder.Configuration.GetSection(Secrets.AzureADTenantId).Value,
|
||||
ClientId = builder.Configuration.GetSection(Secrets.AzureADClientId).Value,
|
||||
ClientSecret = builder.Configuration.GetSection(Secrets.AzureADClientSecret).Value,
|
||||
ThalosAppAuthorizationUrl = builder.Configuration.GetSection(Secrets.ThalosAppAuthorizationUrl).Value,
|
||||
ThalosAppTokenUrl = builder.Configuration.GetSection(Secrets.ThalosAppTokenUrl).Value,
|
||||
ThalosAppClientId = builder.Configuration.GetSection(Secrets.ThalosAppClientId).Value,
|
||||
ThalosAppScope = builder.Configuration.GetSection(Secrets.ThalosAppScope).Value,
|
||||
PrivateKey = builder.Configuration.GetSection(Secrets.PrivateKey).Value,
|
||||
PublicKey = builder.Configuration.GetSection(Secrets.PublicKey).Value,
|
||||
};
|
||||
}
|
||||
|
||||
private static async ValueTask<GoogleAuthSettings> GetGoogleSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
|
||||
{
|
||||
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
|
||||
var googleSettings = new GoogleAuthSettings();
|
||||
|
||||
if (environment == "Local")
|
||||
{
|
||||
googleSettings.ClientId = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientId, new CancellationToken { })).Secret.Value; ;
|
||||
googleSettings.ClientSecret = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientSecret, new CancellationToken { })).Secret.Value;
|
||||
googleSettings.RedirectUri = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleRedirectUri, new CancellationToken { })).Secret.Value;
|
||||
}
|
||||
else
|
||||
{
|
||||
googleSettings.ClientId = builder.Configuration.GetSection(Secrets.GoogleClientId).Value;
|
||||
googleSettings.ClientSecret = builder.Configuration.GetSection(Secrets.GoogleClientSecret).Value;
|
||||
googleSettings.RedirectUri = builder.Configuration.GetSection(Secrets.GoogleRedirectUri).Value;
|
||||
}
|
||||
|
||||
return googleSettings;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
31
Core.Thalos.BuildingBlocks/Helpers/GoogleAuthHelper.cs
Normal file
31
Core.Thalos.BuildingBlocks/Helpers/GoogleAuthHelper.cs
Normal file
@@ -0,0 +1,31 @@
|
||||
using Google.Apis.Auth.OAuth2;
|
||||
using Google.Apis.Oauth2.v2;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class GoogleAuthHelper(IConfiguration config, GoogleAuthSettings googleSettings) : IGoogleAuthHelper
|
||||
{
|
||||
public ClientSecrets GetClientSecrets()
|
||||
{
|
||||
string clientId = googleSettings.ClientId ?? string.Empty;
|
||||
string clientSecret = googleSettings.ClientSecret ?? string.Empty;
|
||||
|
||||
return new() { ClientId = clientId, ClientSecret = clientSecret };
|
||||
}
|
||||
|
||||
public string[] GetScopes()
|
||||
{
|
||||
var scopes = new[]
|
||||
{
|
||||
Oauth2Service.Scope.Openid,
|
||||
Oauth2Service.Scope.UserinfoEmail,
|
||||
Oauth2Service.Scope.UserinfoProfile
|
||||
};
|
||||
|
||||
return scopes;
|
||||
}
|
||||
|
||||
public string ScopeToString() => string.Join(", ", GetScopes());
|
||||
}
|
||||
}
|
||||
@@ -10,7 +10,7 @@ using Org.BouncyCastle.Security;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
||||
namespace Core.Thalos.Adapters.Helpers
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Handles all methods related to RSA encryption"/>.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace Core.Thalos.Adapters.Options
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// JWT token Issuer options (used for JWT Factory)
|
||||
|
||||
@@ -3,9 +3,6 @@
|
||||
// AgileWebs
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
using Core.Thalos.Adapters.Common.Constants;
|
||||
using Core.Thalos.Adapters.Contracts;
|
||||
using Core.Thalos.Adapters.Options;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
@@ -16,7 +13,7 @@ using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Json;
|
||||
|
||||
namespace Core.Thalos.Adapters.Services
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Service responsible for manage authenticacion.
|
||||
|
||||
@@ -4,22 +4,39 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
namespace Core.Thalos.BuildingBlocks;
|
||||
public class AuthSettings
|
||||
{
|
||||
// Azure AD Settings
|
||||
public string? AzureADInstance { get; set; }
|
||||
public string? AzureADTenantId { get; set; }
|
||||
public string? AzureADClientId { get; set; }
|
||||
public string? AzureADClientSecret { get; set; }
|
||||
public AzureAuthSettings? Azure { get; set; }
|
||||
public TokenAuthSettings Token { get; set; } = null!;
|
||||
public GoogleAuthSettings? Google { get; set; }
|
||||
}
|
||||
|
||||
//Thalos App Settings
|
||||
public class AzureAuthSettings
|
||||
{
|
||||
public string? Instance { get; set; }
|
||||
public string? TenantId { get; set; }
|
||||
public string? ClientId { get; set; }
|
||||
public string? ClientSecret { get; set; }
|
||||
public string? ThalosAppAuthorizationUrl { get; set; }
|
||||
public string? ThalosAppTokenUrl { get; set; }
|
||||
public string? ThalosAppClientId { get; set; }
|
||||
public string? ThalosAppScope { get; set; }
|
||||
|
||||
// Token Keys
|
||||
public string? PrivateKey { get; set; }
|
||||
public string? PublicKey { get; set; }
|
||||
}
|
||||
|
||||
public class GoogleAuthSettings
|
||||
{
|
||||
public string? ClientId { get; set; }
|
||||
public string? ClientSecret { get; set; }
|
||||
public string? RedirectUri { get; set; }
|
||||
|
||||
}
|
||||
|
||||
public class TokenAuthSettings
|
||||
{
|
||||
public string? PrivateKey { get; set; }
|
||||
public string? PublicKey { get; set; }
|
||||
public string? Audience { get; set; }
|
||||
public string? Issuer { get; set; }
|
||||
}
|
||||
|
||||
|
||||
8
Core.Thalos.BuildingBlocks/Settings/IdentityProviders.cs
Normal file
8
Core.Thalos.BuildingBlocks/Settings/IdentityProviders.cs
Normal file
@@ -0,0 +1,8 @@
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
public class IdentityProviders
|
||||
{
|
||||
public bool Google { get; set; }
|
||||
public bool Azure { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -4,10 +4,9 @@
|
||||
// </copyright>
|
||||
// ***********************************************************************
|
||||
|
||||
using Core.Thalos.Adapters.Contracts;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace Core.Thalos.Adapters.TokenProvider
|
||||
namespace Core.Thalos.BuildingBlocks
|
||||
{
|
||||
/// <summary>
|
||||
/// Class to return the access token to controllers.
|
||||
|
||||
Reference in New Issue
Block a user