Services/TokenGenerator.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Identity;
using System.Text;
using System.Security.Claims;
using System.Security.Cryptography;
using BackendPIA.Models;

namespace BackendPIA.Services {
    public class TokenGenerator : ITokenGenerator {
        private readonly string _key;
        public TokenGenerator(string key) {
            _key = key;
        }

        public string Generate(UserAccount user, string role) {
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_key));
	        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var expiration = DateTime.UtcNow.AddMinutes(5);
            //var issuer = _configuration["Jwt:Issuer"];
            var claims = new List<Claim> {
		        new Claim("sid", user.Id),
		        new Claim("username", user.UserName),
		        new Claim("email", user.Email),
                new Claim(ClaimTypes.Role, role)
	        };
            var descriptor = new JwtSecurityToken(issuer: null, audience: null, claims: claims, expires: expiration, signingCredentials: creds);

            return new JwtSecurityTokenHandler().WriteToken(descriptor);
        }

        public string GenerateRefreshToken() {
            byte[] random_number = new byte[16];
            RandomNumberGenerator rng = RandomNumberGenerator.Create();
            rng.GetBytes(random_number);
            
            return Convert.ToBase64String(random_number);
        }

        public string? GetPrincipalFromToken(string token) {
            var tokenValidationParameters = new TokenValidationParameters {
                ValidateAudience = false,
                ValidateIssuer = false,
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_key)),
                ValidateLifetime = false
            };
            var tokenHandler = new JwtSecurityTokenHandler();
            SecurityToken security_token;
            var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out security_token);
            var jwtSecurityToken = security_token as JwtSecurityToken;
            
            if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
                return null;

            var jwt = tokenHandler.ReadJwtToken(token);

            return jwt.Claims.Where(c => c.Type == "email").First().Value;
        }
    }
}