user access module with latest dev branch changes

2023-11-05 14:37:10 -05:00
parent 227795aeda 126da500a1
commit 3f67b578e4
75 changed files with 2072 additions and 268 deletions
--- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs
@ -1,4 +1,5 @@
 using DamageAssesment.Api.Employees.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;

@ -18,7 +19,7 @@ namespace DamageAssesment.Api.Employees.Controllers
        /// <summary>
        /// GET request for retrieving employees.
        /// </summary>
-
+        [Authorize(Roles = "admin")]
        [HttpGet("employees")]
        public async Task<ActionResult> GetEmployeesAsync()
        {
@ -35,7 +36,7 @@ namespace DamageAssesment.Api.Employees.Controllers
        /// <summary>
        /// GET request for retrieving an employee by ID.
        /// </summary>
-        
+        [Authorize(Roles = "admin")]
        [HttpGet("employees/{id}")]
        public async Task<ActionResult> GetEmployeeByIdAsync(int id)
        {
@ -48,11 +49,12 @@ namespace DamageAssesment.Api.Employees.Controllers
            return NotFound();

        }
-   
+
        /// <summary>
        /// PUT request for updating an existing employee.
        /// </summary>
        /// <param name="Employee">The updated employee object.</param>
+        [Authorize(Roles = "admin")]
        [HttpPut("employees/{id}")]
        public async Task<IActionResult> UpdateEmployee(int id, Models.Employee Employee)
        {
@ -75,6 +77,7 @@ namespace DamageAssesment.Api.Employees.Controllers
        /// POST request for creating a new employee.
        /// </summary>
        /// <param name="Employee">The employee information for creating a new employee.</param>
+        [Authorize(Roles = "admin")]
        [HttpPost("employees")]
        public async Task<IActionResult> CreateEmployee(Models.Employee Employee)
        {
@ -93,6 +96,7 @@ namespace DamageAssesment.Api.Employees.Controllers
        /// DELETE request for deleting an existing employee.
        /// </summary>
        /// <param name="id">The ID of the employee to be deleted.</param>
+        [Authorize(Roles = "admin")]
        [HttpDelete("employees/{id}")]
        public async Task<IActionResult> DeleteEmployee(int id)
        {
--- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs
@ -1,23 +1,74 @@
 using DamageAssesment.Api.Employees.Db;
 using DamageAssesment.Api.Employees.Interfaces;
 using DamageAssesment.Api.Employees.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;

 var builder = WebApplication.CreateBuilder(args);

 // Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});

 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
    // Include XML comments from your assembly
    var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });

 builder.Services.AddScoped<IEmployeesProvider, EmployeesProvider>();
@ -43,6 +94,7 @@ if (app.Environment.IsDevelopment())
    }
 }

+app.UseAuthentication();
 app.UseAuthorization();

 app.MapControllers();
--- a/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json
+++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json
@ -8,10 +8,5 @@
      "Microsoft.AspNetCore": "Warning"
    }
  },
-  "AllowedHosts": "*",
-  "settings": {
-    "endpoint1": "xxx",
-    "endpoint2": "xxx",
-    "endpoint3": "xxx"
-  }
+  "AllowedHosts": "*"
 }