using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using Azaion.Common.Configs; using Azaion.Common.Entities; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; namespace Azaion.Services; public interface IAuthService { User? CurrentUser { get; } string CreateToken(User user); } public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions jwtConfig) : IAuthService { public User? CurrentUser { get { var claims = httpContextAccessor.HttpContext?.User.Claims.ToDictionary(x => x.Type); if (claims == null) return null; if (!Enum.TryParse(claims[ClaimTypes.Role].Value, out RoleEnum role)) throw new ApplicationException("Invalid role"); return new User { Id = Guid.Parse(claims[ClaimTypes.NameIdentifier].Value), Email = claims[ClaimTypes.Name].Value, Role = role, HardwareHash = claims[Constants.HARDWARE_ID].Value, }; } } public string CreateToken(User user) { var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.Value.Secret)); var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity([ new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Email), new Claim(ClaimTypes.Role, user.Role.ToString()), new Claim(Constants.HARDWARE_ID, user.HardwareHash ?? "") ]), Expires = DateTime.UtcNow.AddHours(jwtConfig.Value.TokenLifetimeHours), Issuer = jwtConfig.Value.Issuer, Audience = jwtConfig.Value.Audience, SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); return tokenHandler.WriteToken(token); } }