2d30aaf212
- IJwtService 인터페이스 (Application Layer) - JwtSettings POCO (Options Pattern) - JwtService 구현 (Access Token 생성/검증, Refresh Token 생성) - AddJwtAuthentication/AddAuthorizationPolicies 확장 메서드 - Program.cs에 인증/인가 미들웨어 등록 (파이프라인 순서 10~11번) - NuGet: System.IdentityModel.Tokens.Jwt, Microsoft.AspNetCore.Authentication.JwtBearer
81 lines
2.4 KiB
C#
81 lines
2.4 KiB
C#
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Security.Claims;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using SPMS.Application.Interfaces;
|
|
using SPMS.Application.Settings;
|
|
|
|
namespace SPMS.Infrastructure.Auth;
|
|
|
|
public class JwtService : IJwtService
|
|
{
|
|
private readonly JwtSettings _settings;
|
|
|
|
public JwtService(IOptions<JwtSettings> settings)
|
|
{
|
|
_settings = settings.Value;
|
|
}
|
|
|
|
public string GenerateAccessToken(long adminId, string role, string? serviceCode = null)
|
|
{
|
|
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.SecretKey));
|
|
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
|
|
|
var claims = new List<Claim>
|
|
{
|
|
new(JwtRegisteredClaimNames.Sub, adminId.ToString()),
|
|
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
|
|
new(ClaimTypes.Role, role)
|
|
};
|
|
|
|
if (!string.IsNullOrEmpty(serviceCode))
|
|
claims.Add(new Claim("ServiceCode", serviceCode));
|
|
|
|
var token = new JwtSecurityToken(
|
|
issuer: _settings.Issuer,
|
|
audience: _settings.Audience,
|
|
claims: claims,
|
|
expires: DateTime.UtcNow.AddMinutes(_settings.ExpiryMinutes),
|
|
signingCredentials: credentials);
|
|
|
|
return new JwtSecurityTokenHandler().WriteToken(token);
|
|
}
|
|
|
|
public ClaimsPrincipal? ValidateAccessToken(string token)
|
|
{
|
|
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.SecretKey));
|
|
|
|
var validationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidateAudience = true,
|
|
ValidateLifetime = true,
|
|
ValidateIssuerSigningKey = true,
|
|
ValidIssuer = _settings.Issuer,
|
|
ValidAudience = _settings.Audience,
|
|
IssuerSigningKey = key,
|
|
ClockSkew = TimeSpan.Zero
|
|
};
|
|
|
|
try
|
|
{
|
|
var handler = new JwtSecurityTokenHandler();
|
|
return handler.ValidateToken(token, validationParameters, out _);
|
|
}
|
|
catch
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
public string GenerateRefreshToken()
|
|
{
|
|
var randomBytes = new byte[64];
|
|
using var rng = RandomNumberGenerator.Create();
|
|
rng.GetBytes(randomBytes);
|
|
return Convert.ToBase64String(randomBytes);
|
|
}
|
|
}
|