99 lines
3.8 KiB
C#
99 lines
3.8 KiB
C#
using Mirea.Api.Security.Common.Domain;
|
|
using Mirea.Api.Security.Common.Dto.Requests;
|
|
using Mirea.Api.Security.Common.Dto.Responses;
|
|
using Mirea.Api.Security.Common.Interfaces;
|
|
using System;
|
|
using System.Security;
|
|
using System.Text.Json;
|
|
using System.Threading;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace Mirea.Api.Security.Services;
|
|
|
|
public class AuthService(ICacheService cache, IAccessToken accessTokenService, IRevokedToken revokedToken)
|
|
{
|
|
public TimeSpan Lifetime { private get; init; }
|
|
|
|
private static string GenerateRefreshToken() => Guid.NewGuid().ToString().Replace("-", "") +
|
|
GeneratorKey.GenerateString(32);
|
|
private (string Token, DateTime ExpireIn) GenerateAccessToken(string userId) =>
|
|
accessTokenService.GenerateToken(userId);
|
|
|
|
private static string GetAuthCacheKey(string fingerprint) => $"{fingerprint}_auth_token";
|
|
|
|
private Task SetAuthTokenDataToCache(string fingerprint, AuthToken data, CancellationToken cancellation) =>
|
|
cache.SetAsync(
|
|
GetAuthCacheKey(fingerprint),
|
|
JsonSerializer.SerializeToUtf8Bytes(data),
|
|
slidingExpiration: Lifetime,
|
|
cancellationToken: cancellation);
|
|
|
|
private Task RevokeAccessToken(string token) =>
|
|
revokedToken.AddTokenToRevokedAsync(token, accessTokenService.GetExpireDateTime(token));
|
|
|
|
public async Task<AuthTokenResponse> GenerateAuthTokensAsync(TokenRequest request, string preAuthToken, CancellationToken cancellation = default)
|
|
{
|
|
string userId = await new PreAuthService(cache).MatchToken(request, preAuthToken, cancellation);
|
|
|
|
var refreshToken = GenerateRefreshToken();
|
|
var accessToken = GenerateAccessToken(userId);
|
|
|
|
var authTokenStruct = new AuthToken
|
|
{
|
|
CreatedAt = DateTime.UtcNow,
|
|
Ip = request.Ip,
|
|
RefreshToken = refreshToken,
|
|
UserAgent = request.UserAgent,
|
|
UserId = userId,
|
|
AccessToken = accessToken.Token
|
|
};
|
|
|
|
await SetAuthTokenDataToCache(request.Fingerprint, authTokenStruct, cancellation);
|
|
|
|
return new AuthTokenResponse
|
|
{
|
|
AccessToken = accessToken.Token,
|
|
ExpiresIn = accessToken.ExpireIn,
|
|
RefreshToken = authTokenStruct.RefreshToken
|
|
};
|
|
}
|
|
|
|
public async Task<AuthTokenResponse> RefreshTokenAsync(TokenRequest request, string refreshToken, CancellationToken cancellation = default)
|
|
{
|
|
var authToken = await cache.GetAsync<AuthToken>(GetAuthCacheKey(request.Fingerprint), cancellation)
|
|
?? throw new SecurityException(request.Fingerprint);
|
|
|
|
if (authToken.RefreshToken != refreshToken ||
|
|
authToken.UserAgent != request.UserAgent &&
|
|
authToken.Ip != request.Ip)
|
|
{
|
|
await cache.RemoveAsync(request.Fingerprint, cancellation);
|
|
await RevokeAccessToken(authToken.AccessToken);
|
|
|
|
throw new SecurityException(request.Fingerprint);
|
|
}
|
|
|
|
var accessToken = GenerateAccessToken(authToken.UserId);
|
|
await RevokeAccessToken(authToken.AccessToken);
|
|
|
|
authToken.AccessToken = accessToken.Token;
|
|
await SetAuthTokenDataToCache(request.Fingerprint, authToken, cancellation);
|
|
|
|
return new AuthTokenResponse
|
|
{
|
|
AccessToken = accessToken.Token,
|
|
ExpiresIn = accessToken.ExpireIn,
|
|
RefreshToken = GenerateRefreshToken()
|
|
};
|
|
}
|
|
|
|
public async Task LogoutAsync(string fingerprint, CancellationToken cancellation = default)
|
|
{
|
|
var authTokenStruct = await cache.GetAsync<AuthToken>(GetAuthCacheKey(fingerprint), cancellation);
|
|
if (authTokenStruct == null) return;
|
|
|
|
await RevokeAccessToken(authTokenStruct.AccessToken);
|
|
|
|
await cache.RemoveAsync(fingerprint, cancellation);
|
|
}
|
|
} |