add postgres

Azaion.Api/Program.cs

@@ -1,5 +1,3 @@
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
 using System.Text;
 using Azaion.Common;
 using Azaion.Common.Configs;
@@ -9,11 +7,10 @@ using Azaion.Common.Requests;
 using Azaion.Services;
 using FluentValidation;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 
 var builder = WebApplication.CreateBuilder(args);
-builder.Configuration.AddEnvironmentVariables();
 
 var jwtConfig = builder.Configuration.GetSection(nameof(JwtConfig)).Get<JwtConfig>();
 if (jwtConfig == null)
@@ -38,12 +35,41 @@ builder.Services.AddAuthorization();
 builder.Services.AddHttpContextAccessor();
 
 builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddSwaggerGen();
+builder.Services.AddSwaggerGen(c =>
+{
+    c.SwaggerDoc("v1", new OpenApiInfo {Title = "Azaion.API", Version = "v1"});
+    c.CustomSchemaIds(type => type.ToString());
+    var jwtSecurityScheme = new OpenApiSecurityScheme
+    {
+        Scheme = "bearer",
+        BearerFormat = "JWT",
+        Name = "JWT Authentication",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+        Description = "Put **_ONLY_** your JWT Bearer token on textbox below!",
+
+        Reference = new OpenApiReference
+        {
+            Id = JwtBearerDefaults.AuthenticationScheme,
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    c.AddSecurityDefinition(jwtSecurityScheme.Reference.Id, jwtSecurityScheme);
+
+    c.AddSecurityRequirement(new OpenApiSecurityRequirement
+    {
+        { jwtSecurityScheme, Array.Empty<string>() }
+    });
+});
 builder.Services.Configure<ResourcesConfig>(builder.Configuration.GetSection(nameof(ResourcesConfig)));
+builder.Services.Configure<JwtConfig>(builder.Configuration.GetSection(nameof(JwtConfig)));
+builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(nameof(ConnectionStrings)));
+
 builder.Services.AddScoped<IUserService, UserService>();
 builder.Services.AddScoped<IResourcesService, ResourcesService>();
-
-builder.Services.AddSingleton<IDbFactory, DbFactory>(sp => new DbFactory(sp.GetService<IOptions<ConnectionStrings>>()!.Value.AzaionDb));
+builder.Services.AddSingleton<IAuthService, AuthService>();
+builder.Services.AddSingleton<IDbFactory, DbFactory>();
 
 builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
 
@@ -61,29 +87,10 @@ app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapPost("/login",
-    async (string username, string password, IUserService userService, CancellationToken cancellationToken) =>
+    async (string username, string password, IUserService userService, IAuthService authService, CancellationToken cancellationToken) =>
     {
-        var user = await userService.ValidateUser(username, password);
-
-        var tokenHandler = new JwtSecurityTokenHandler();
-        var tokenDescriptor = new SecurityTokenDescriptor
-        {
-            Subject = new ClaimsIdentity([
-                new Claim(ClaimTypes.NameIdentifier, user.Id),
-                new Claim(ClaimTypes.Name, user.Email),
-                new Claim(ClaimTypes.Role, user.Role.ToString()),
-                new Claim(Constants.HARDWARE_ID, user.HardwareId)
-            ]),
-            Expires = DateTime.UtcNow.AddHours(2),
-            Issuer = jwtConfig.Issuer,
-            Audience = jwtConfig.Audience,
-            SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature)
-        };
-
-        var token = tokenHandler.CreateToken(tokenDescriptor);
-        var tokenString = tokenHandler.WriteToken(token);
-
-        return Results.Ok(new { Token = tokenString });
+        var user = await userService.ValidateUser(username, password, cancellationToken: cancellationToken);
+        return Results.Ok(new { Token = authService.CreateToken(user)});
     });
 
 app.MapPost("/register-user",
@@ -97,13 +104,15 @@ app.MapPost("/resources",
     .RequireAuthorization(p => p.RequireRole(RoleEnum.ApiAdmin.ToString()));
 
 app.MapPost("/resources/get",
-    async (GetResourceRequest request, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
+    async (GetResourceRequest request, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
     {
-        var user = userService.CurrentUser;
-        if (user == null)
-            throw new BusinessException(ExceptionEnum.NoUser, "No current user");
+        var user = authService.CurrentUser;
+        if (user?.HardwareId != request.HardwareId)
+            throw new BusinessException(ExceptionEnum.HardwareIdMismatch, "Hardware mismatch! You are not authorized to access this resource from this hardware.");
+
         if (string.IsNullOrEmpty(user.HardwareId))
             await userService.UpdateHardwareId(user.Email, request.HardwareId);
+
         var ms = new MemoryStream();
         var key = Security.MakeEncryptionKey(user.Email, request.Password);
         await resourcesService.GetEncryptedResource(request.ResourceEnum, key, ms, cancellationToken);