Implement jwt authorization

planetarium · Feb 15, 2024 · 328e239 · 328e239
1 parent a90defd
commit 328e239
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/NineChroniclesUtilBackend/NineChroniclesUtilBackend.csproj b/NineChroniclesUtilBackend/NineChroniclesUtilBackend.csproj
@@ -9,11 +9,13 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.3.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
     <PackageReference Include="Lib9c" Version="1.1.0-dev.e1742b5c9a96d9b86a329e796c9c6e13e874ba0c" />
     <PackageReference Include="Libplanet" Version="3.9.3" />
     <PackageReference Include="StrawberryShake" Version="13.8.1" />
     <PackageReference Include="StrawberryShake.Transport.Http" Version="13.8.1" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.3.1" />
   </ItemGroup>
 
 </Project>
diff --git a/NineChroniclesUtilBackend/Options/HeadlessStateServiceOption.cs b/NineChroniclesUtilBackend/Options/HeadlessStateServiceOption.cs
@@ -3,4 +3,6 @@ namespace NineChroniclesUtilBackend.Options;
 public class HeadlessStateServiceOption
 {
     public Uri HeadlessEndpoint { get; set; }
+    public string? JwtIssuer { get; set; }
+    public string? JwtSecretKey { get; set; }
 }
diff --git a/NineChroniclesUtilBackend/Program.cs b/NineChroniclesUtilBackend/Program.cs
@@ -1,4 +1,8 @@
 using System.Text.Json.Serialization;
+using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http.Headers;
+using System.Text;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Extensions.Options;
 using NineChroniclesUtilBackend.Services;
 using NineChroniclesUtilBackend.Options;
@@ -21,7 +25,24 @@
 builder.Services.AddControllers();
 builder.Services.AddHeadlessGQLClient()
     .ConfigureHttpClient((provider, client) =>
-        client.BaseAddress = provider.GetRequiredService<IOptions<HeadlessStateServiceOption>>().Value.HeadlessEndpoint);
+    {
+        var headlessStateServiceOption = provider.GetRequiredService<IOptions<HeadlessStateServiceOption>>();
+        client.BaseAddress = headlessStateServiceOption.Value.HeadlessEndpoint;
+
+        if (headlessStateServiceOption.Value.JwtSecretKey is not null && headlessStateServiceOption.Value.JwtIssuer is not null)
+        {
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(headlessStateServiceOption.Value.JwtSecretKey));
+            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
+
+            var token = new JwtSecurityToken(
+                issuer: headlessStateServiceOption.Value.JwtIssuer,
+                expires: DateTime.UtcNow.AddMinutes(5),
+                signingCredentials: creds);
+
+            client.DefaultRequestHeaders.Authorization =
+                new AuthenticationHeaderValue("Bearer", new JwtSecurityTokenHandler().WriteToken(token));
+        }
+    });
 builder.Services.AddCors();
 builder.Services.AddHttpClient();