From 6962be93a46d9d04310d46767703e4183c7e59cb Mon Sep 17 00:00:00 2001
From: Natalia Portillo <claunia@claunia.com>
Date: Thu, 13 Nov 2025 14:36:14 +0000
Subject: [PATCH] Add token authentication.

---
 Directory.Packages.props                 | 45 +++++++++++---------
 Marechai.Server/Marechai.Server.csproj   |  2 +
 Marechai.Server/Program.cs               | 36 ++++++++++++++++
 Marechai.Server/Services/TokenService.cs | 54 ++++++++++++++++++++++++
 4 files changed, 116 insertions(+), 21 deletions(-)
 create mode 100644 Marechai.Server/Services/TokenService.cs

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 625136bc..168d0cff 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -5,30 +5,33 @@
   </PropertyGroup>
   <ItemGroup>
     <!-- Duplicated packages (also in Directory.Build.props) -->
-    <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.11" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Proxies" Version="9.0.11" />
+    <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Proxies" Version="9.0.11"/>
     <!-- Unique to Marechai.csproj -->
-    <PackageVersion Include="Blazorise.Bootstrap" Version="0.9.2.4" />
-    <PackageVersion Include="Blazorise.Icons.FontAwesome" Version="0.9.2.4" />
-    <PackageVersion Include="Markdig" Version="0.22.1" />
-    <PackageVersion Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="9.0.11" />
-    <PackageVersion Include="Microsoft.AspNetCore.Identity.UI" Version="9.0.11" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.11" />
-    <PackageVersion Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0" />
-    <PackageVersion Include="MySql.Data" Version="8.0.22" />
-    <PackageVersion Include="SkiaSharp" Version="3.119.1" />
-    <PackageVersion Include="SkiaSharp.NativeAssets.Linux" Version="3.119.1" />
-    <PackageVersion Include="Svg.Skia" Version="0.4.1" />
-    <PackageVersion Include="Tewr.Blazor.FileReader" Version="3.0.0.20340" />
-    <PackageVersion Include="Unclassified.NetRevisionTask" Version="0.3.0" />
+    <PackageVersion Include="Blazorise.Bootstrap" Version="0.9.2.4"/>
+    <PackageVersion Include="Blazorise.Icons.FontAwesome" Version="0.9.2.4"/>
+    <PackageVersion Include="Markdig" Version="0.22.1"/>
+    <PackageVersion Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.AspNetCore.Identity.UI" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0"/>
+    <PackageVersion Include="MySql.Data" Version="8.0.22"/>
+    <PackageVersion Include="SkiaSharp" Version="3.119.1"/>
+    <PackageVersion Include="SkiaSharp.NativeAssets.Linux" Version="3.119.1"/>
+    <PackageVersion Include="Svg.Skia" Version="0.4.1"/>
+    <PackageVersion Include="Tewr.Blazor.FileReader" Version="3.0.0.20340"/>
+    <PackageVersion Include="Unclassified.NetRevisionTask" Version="0.3.0"/>
     <!-- Unique to Marechai.Database.csproj -->
-    <PackageVersion Include="Aaru.CommonTypes" Version="5.4.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11" />
-    <PackageVersion Include="Pomelo.EntityFrameworkCore.MySql" Version="9.0.0" />
-    <PackageVersion Include="Pomelo.EntityFrameworkCore.MySql.Json.Microsoft" Version="9.0.0" />
+    <PackageVersion Include="Aaru.CommonTypes" Version="5.4.1"/>
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11"/>
+    <PackageVersion Include="Pomelo.EntityFrameworkCore.MySql" Version="9.0.0"/>
+    <PackageVersion Include="Pomelo.EntityFrameworkCore.MySql.Json.Microsoft" Version="9.0.0"/>
     <!-- Build infrastructure -->
-    <PackageVersion Include="Packaging.Targets" Version="0.1.189" />
+    <PackageVersion Include="Packaging.Targets" Version="0.1.189"/>
     <!-- Unique to Marechai.Server.csproj -->
-    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
+    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0"/>
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.AspNetCore.Components.Authorization" Version="9.0.11"/>
+    <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.11"/>
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/Marechai.Server/Marechai.Server.csproj b/Marechai.Server/Marechai.Server.csproj
index fb298ef3..d4ee83db 100644
--- a/Marechai.Server/Marechai.Server.csproj
+++ b/Marechai.Server/Marechai.Server.csproj
@@ -9,6 +9,8 @@
     <PackageReference Include="Markdig"/>
     <PackageReference Include="Microsoft.AspNetCore.OpenApi"/>
     <PackageReference Include="Svg.Skia"/>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer"/>
+    <PackageReference Include="Microsoft.AspNetCore.Identity.UI"/>
   </ItemGroup>
 
   <ItemGroup>
diff --git a/Marechai.Server/Program.cs b/Marechai.Server/Program.cs
index 8595f765..786bd31e 100644
--- a/Marechai.Server/Program.cs
+++ b/Marechai.Server/Program.cs
@@ -6,12 +6,15 @@ using Marechai.Database;
 using Marechai.Database.Models;
 using Marechai.Helpers;
 using Marechai.Server.Helpers;
+using Marechai.Server.Services;
 using Markdig;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.IdentityModel.Tokens;
 using Version = Marechai.Server.Interop.Version;
 
 namespace Marechai.Server;
@@ -156,6 +159,32 @@ file class Program
         // Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
         builder.Services.AddOpenApi();
 
+        builder.Services.AddAuthentication(options =>
+                {
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultScheme             = JwtBearerDefaults.AuthenticationScheme;
+                })
+               .AddJwtBearer(options =>
+                {
+                    options.SaveToken = true;
+
+                    options.TokenValidationParameters = new TokenValidationParameters
+                    {
+                        ClockSkew                = TimeSpan.Zero,
+                        ValidateIssuer           = true,
+                        ValidateAudience         = true,
+                        ValidateLifetime         = false,
+                        ValidateIssuerSigningKey = true,
+                        ValidIssuer              = "apiWithAuthBackend",
+                        ValidAudience            = "apiWithAuthBackend",
+                        IssuerSigningKey =
+                            new
+                                SymmetricSecurityKey("!SomethingSecret!!SomethingSecret!!SomethingSecret!!SomethingSecret!"u8
+                                                        .ToArray())
+                    };
+                });
+
         builder.Services.AddDbContextFactory<MarechaiContext>(options => options.UseLazyLoadingProxies()
                                                                  .UseMySql(builder.Configuration
                                                                               .GetConnectionString("DefaultConnection"),
@@ -164,6 +193,12 @@ file class Program
                                                                                    Version(10, 5, 0)),
                                                                            b => b.UseMicrosoftJson()));
 
+        builder.Services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
+               .AddRoles<ApplicationRole>()
+               .AddEntityFrameworkStores<MarechaiContext>();
+
+        builder.Services.AddScoped<TokenService, TokenService>();
+
         WebApplication app = builder.Build();
 
         // Configure the HTTP request pipeline.
@@ -171,6 +206,7 @@ file class Program
 
         app.UseHttpsRedirection();
 
+        app.UseAuthentication();
         app.UseAuthorization();
 
         app.MapControllers();
diff --git a/Marechai.Server/Services/TokenService.cs b/Marechai.Server/Services/TokenService.cs
new file mode 100644
index 00000000..bcdba46b
--- /dev/null
+++ b/Marechai.Server/Services/TokenService.cs
@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Marechai.Server.Services;
+
+public sealed class TokenService
+{
+    public string CreateToken(IdentityUser user, IList<string> roles)
+    {
+        JwtSecurityToken token        = CreateJwtToken(CreateClaims(user, roles), CreateSigningCredentials());
+        var              tokenHandler = new JwtSecurityTokenHandler();
+
+        return tokenHandler.WriteToken(token);
+    }
+
+    JwtSecurityToken CreateJwtToken(List<Claim> claims, SigningCredentials credentials) =>
+        new("apiWithAuthBackend", "apiWithAuthBackend", claims, expires: null, signingCredentials: credentials);
+
+    List<Claim> CreateClaims(IdentityUser user, IList<string> roles)
+    {
+        try
+        {
+            List<Claim> claims =
+            [
+                new(JwtRegisteredClaimNames.Sub, "TokenForTheApiWithAuth"),
+                new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
+                new(JwtRegisteredClaimNames.Iat,
+                    EpochTime.GetIntDate(DateTime.UtcNow).ToString(CultureInfo.InvariantCulture)),
+                new(ClaimTypes.Sid, user.Id), new(ClaimTypes.Name, user.UserName), new(ClaimTypes.Email, user.Email)
+            ];
+
+            claims.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role)));
+
+            return claims;
+        }
+        catch(Exception e)
+        {
+            Console.WriteLine(e);
+
+            throw;
+        }
+    }
+
+    SigningCredentials CreateSigningCredentials() =>
+        new(new SymmetricSecurityKey("!SomethingSecret!!SomethingSecret!!SomethingSecret!!SomethingSecret!"u8
+                                        .ToArray()),
+            SecurityAlgorithms.HmacSha256);
+}
\ No newline at end of file