Endpoint/Program.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ApiExplorer;
@@ -6,20 +7,24 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
 using Mirea.Api.DataAccess.Application;
 using Mirea.Api.DataAccess.Persistence;
 using Mirea.Api.Endpoint.Common.Interfaces;
 using Mirea.Api.Endpoint.Common.Services;
+using Mirea.Api.Endpoint.Common.Services.Security;
 using Mirea.Api.Endpoint.Configuration;
 using Mirea.Api.Endpoint.Configuration.General;
 using Mirea.Api.Endpoint.Configuration.General.Validators;
 using Mirea.Api.Endpoint.Configuration.Swagger;
 using Mirea.Api.Endpoint.Middleware;
+using Mirea.Api.Security.Common.Interfaces;
 using Swashbuckle.AspNetCore.SwaggerGen;
 using System;
 using System.Collections;
 using System.IO;
 using System.Linq;
+using System.Text;
 
 namespace Mirea.Api.Endpoint;
 
@@ -40,6 +45,58 @@ public class Program
         return result.Build();
     }
 
+    private static IServiceCollection ConfigureJwtToken(IServiceCollection services, IConfiguration configuration)
+    {
+        var lifeTimeJwt = TimeSpan.FromMinutes(int.Parse(configuration["SECURITY_LIFE_TIME_JWT"]!));
+
+        var jwtDecrypt = Encoding.UTF8.GetBytes(configuration["SECURITY_ENCRYPTION_TOKEN"] ?? string.Empty);
+
+        if (jwtDecrypt.Length != 32)
+            throw new InvalidOperationException("The secret token \"SECURITY_ENCRYPTION_TOKEN\" cannot be less than 32 characters long. Now the size is equal is " + jwtDecrypt.Length);
+
+        var jwtKey = Encoding.UTF8.GetBytes(configuration["SECURITY_SIGNING_TOKEN"] ?? string.Empty);
+
+        if (jwtKey.Length != 64)
+            throw new InvalidOperationException("The signature token \"SECURITY_SIGNING_TOKEN\" cannot be less than 64 characters. Now the size is " + jwtKey.Length);
+
+        var jwtIssuer = configuration["SECURITY_JWT_ISSUER"];
+        var jwtAudience = configuration["SECURITY_JWT_AUDIENCE"];
+
+        if (string.IsNullOrEmpty(jwtAudience) || string.IsNullOrEmpty(jwtIssuer))
+            throw new InvalidOperationException("The \"SECURITY_JWT_ISSUER\" and \"SECURITY_JWT_AUDIENCE\" are not specified");
+
+        services.AddSingleton<IAccessToken, JwtTokenService>(_ => new JwtTokenService
+        {
+            Audience = jwtAudience,
+            Issuer = jwtIssuer,
+            Lifetime = lifeTimeJwt,
+            EncryptionKey = jwtDecrypt,
+            SigningKey = jwtKey
+        });
+
+        services.AddAuthentication(options =>
+        {
+            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+        }).AddJwtBearer(options =>
+        {
+            options.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuer = true,
+                ValidIssuer = jwtIssuer,
+
+                ValidateAudience = true,
+                ValidAudience = jwtAudience,
+
+                ValidateLifetime = true,
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKey = new SymmetricSecurityKey(jwtKey),
+                TokenDecryptionKey = new SymmetricSecurityKey(jwtDecrypt)
+            };
+        });
+
+        return services;
+    }
     public static void Main(string[] args)
     {
         Directory.SetCurrentDirectory(AppDomain.CurrentDomain.BaseDirectory);