mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-06-21 22:40:34 -04:00
385f61f9f0
* Updated number inputs with a more mobile friendly control * Started writing lots of unit tests on PersonHelper to try and hammer out foreign constraint * Fixes side-nav actionable alignment * Added some unit tests * Buffed out the unit tests * Applied input modes throughout the app * Fixed a small bug in refresh token validation to make it work correctly * Try out a new way to block multithreading from interacting with people during series metadata update. * Fixed the lock code to properly lock, which should help with any constraint issues. * Locking notes * Tweaked locking on people to prevent a constraint issue. This slows down the scanner a bit, but not much. Will tweak after validating on a user's server. * Replaced all DBFactory.Series with SeriesBuilder. * Replaced all DBFactory.Volume() with VolumeBuilder * Replaced SeriesMetadata with Builder * Replaced DBFactory.CollectionTag * Lots of refactoring to streamline entity creation * Fixed one of the unit tests * Refactored all of new Library() * Removed tag and genre * Removed new SeriesMetadata * Refactored new Volume() * MangaFile() * ReadingList() * Refactored all of Chapter and ReadingList * Add title to all event widget flows * Updated Base Url to inform user it doesn't work for docker users with non-root user. * Added unit test coverage to FormatChapterTitle and FormatChapterName. * Started on Unit test for scanner, but need to finish it later. --------- Co-authored-by: Robbie Davis <robbie@therobbiedavis.com>
106 lines
3.7 KiB
C#
106 lines
3.7 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using API.DTOs.Account;
|
|
using API.Entities;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using static System.Security.Claims.ClaimTypes;
|
|
using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
|
|
|
|
|
|
namespace API.Services;
|
|
|
|
public interface ITokenService
|
|
{
|
|
Task<string> CreateToken(AppUser user);
|
|
Task<TokenRequestDto?> ValidateRefreshToken(TokenRequestDto request);
|
|
Task<string> CreateRefreshToken(AppUser user);
|
|
}
|
|
|
|
|
|
public class TokenService : ITokenService
|
|
{
|
|
private readonly UserManager<AppUser> _userManager;
|
|
private readonly SymmetricSecurityKey _key;
|
|
private const string RefreshTokenName = "RefreshToken";
|
|
|
|
public TokenService(IConfiguration config, UserManager<AppUser> userManager)
|
|
{
|
|
|
|
_userManager = userManager;
|
|
_key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"] ?? string.Empty));
|
|
}
|
|
|
|
public async Task<string> CreateToken(AppUser user)
|
|
{
|
|
var claims = new List<Claim>
|
|
{
|
|
new Claim(JwtRegisteredClaimNames.Name, user.UserName!),
|
|
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
|
};
|
|
|
|
var roles = await _userManager.GetRolesAsync(user);
|
|
|
|
claims.AddRange(roles.Select(role => new Claim(Role, role)));
|
|
|
|
var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
|
|
|
|
var tokenDescriptor = new SecurityTokenDescriptor()
|
|
{
|
|
Subject = new ClaimsIdentity(claims),
|
|
Expires = DateTime.UtcNow.AddDays(14),
|
|
SigningCredentials = creds
|
|
};
|
|
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
|
|
|
return tokenHandler.WriteToken(token);
|
|
}
|
|
|
|
public async Task<string> CreateRefreshToken(AppUser user)
|
|
{
|
|
await _userManager.RemoveAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName);
|
|
var refreshToken = await _userManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName);
|
|
await _userManager.SetAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName, refreshToken);
|
|
return refreshToken;
|
|
}
|
|
|
|
public async Task<TokenRequestDto?> ValidateRefreshToken(TokenRequestDto request)
|
|
{
|
|
try
|
|
{
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var tokenContent = tokenHandler.ReadJwtToken(request.Token);
|
|
var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.NameId)?.Value;
|
|
if (string.IsNullOrEmpty(username)) return null;
|
|
var user = await _userManager.FindByIdAsync(username);
|
|
if (user == null) return null; // This forces a logout
|
|
var validated = await _userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName, request.RefreshToken);
|
|
if (!validated) return null;
|
|
await _userManager.UpdateSecurityStampAsync(user);
|
|
|
|
return new TokenRequestDto()
|
|
{
|
|
Token = await CreateToken(user),
|
|
RefreshToken = await CreateRefreshToken(user)
|
|
};
|
|
} catch (SecurityTokenExpiredException)
|
|
{
|
|
// Handle expired token
|
|
return null;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
// Handle other exceptions
|
|
return null;
|
|
}
|
|
}
|
|
}
|