mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-06-22 06:50:32 -04:00
7616eb5b0f
* Introduced a new claim on the Token to get UserId as well as Username, thus allowing for many places of reduced DB calls. All users will need to reauthenticate. Introduced UTC Dates throughout the application, they are not exposed in all DTOs, that will come later when we fully switch over. For now, Utc dates will be updated along side timezone specific dates. Refactored get-progress/progress api to be 50% faster by reducing how much data is loaded from the query. * Speed up the following apis: collection/search, download/bookmarks, reader/bookmark-info, recommended/quick-reads, recommended/quick-catchup-reads, recommended/highly-rated, recommended/more-in, recommended/rediscover, want-to-read/ * Added a migration to sync all dates with their new UTC counterpart. * Added LastReadingProgressUtc onto ChapterDto for some browsing apis, but not all. Added LastReadingProgressUtc to reading list items. Refactored the migration to run raw SQL which is much faster. * Added LastReadingProgressUtc onto ChapterDto for some browsing apis, but not all. Added LastReadingProgressUtc to reading list items. Refactored the migration to run raw SQL which is much faster. * Fixed the unit tests * Fixed an issue with auto mapper which was causing progress page number to not get sent to UI * series/volume has chapter last reading progress * Added filesize and library name on reading list item dto for CDisplayEx. * Some minor code cleanup * Forgot to fill a field
92 lines
3.2 KiB
C#
92 lines
3.2 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using API.DTOs.Account;
|
|
using API.Entities;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using static System.Security.Claims.ClaimTypes;
|
|
using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
|
|
|
|
|
|
namespace API.Services;
|
|
|
|
public interface ITokenService
|
|
{
|
|
Task<string> CreateToken(AppUser user);
|
|
Task<TokenRequestDto> ValidateRefreshToken(TokenRequestDto request);
|
|
Task<string> CreateRefreshToken(AppUser user);
|
|
}
|
|
|
|
|
|
public class TokenService : ITokenService
|
|
{
|
|
private readonly UserManager<AppUser> _userManager;
|
|
private readonly SymmetricSecurityKey _key;
|
|
|
|
public TokenService(IConfiguration config, UserManager<AppUser> userManager)
|
|
{
|
|
|
|
_userManager = userManager;
|
|
_key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"]));
|
|
}
|
|
|
|
public async Task<string> CreateToken(AppUser user)
|
|
{
|
|
var claims = new List<Claim>
|
|
{
|
|
new Claim(JwtRegisteredClaimNames.Name, user.UserName),
|
|
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
|
};
|
|
|
|
var roles = await _userManager.GetRolesAsync(user);
|
|
|
|
claims.AddRange(roles.Select(role => new Claim(Role, role)));
|
|
|
|
var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
|
|
|
|
var tokenDescriptor = new SecurityTokenDescriptor()
|
|
{
|
|
Subject = new ClaimsIdentity(claims),
|
|
Expires = DateTime.UtcNow.AddDays(14),
|
|
SigningCredentials = creds
|
|
};
|
|
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
|
|
|
return tokenHandler.WriteToken(token);
|
|
}
|
|
|
|
public async Task<string> CreateRefreshToken(AppUser user)
|
|
{
|
|
await _userManager.RemoveAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken");
|
|
var refreshToken = await _userManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken");
|
|
await _userManager.SetAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken", refreshToken);
|
|
return refreshToken;
|
|
}
|
|
|
|
public async Task<TokenRequestDto> ValidateRefreshToken(TokenRequestDto request)
|
|
{
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var tokenContent = tokenHandler.ReadJwtToken(request.Token);
|
|
var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.NameId)?.Value;
|
|
var user = await _userManager.FindByNameAsync(username);
|
|
if (user == null) return null; // This forces a logout
|
|
await _userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken", request.RefreshToken);
|
|
|
|
await _userManager.UpdateSecurityStampAsync(user);
|
|
|
|
return new TokenRequestDto()
|
|
{
|
|
Token = await CreateToken(user),
|
|
RefreshToken = await CreateRefreshToken(user)
|
|
};
|
|
}
|
|
}
|