jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds supports for RefreshTokens

Browse Source
This commit is contained in:
Jonathan Bourdon
2025-04-17 04:33:28 -04:00
parent c19e2eb493
commit 16ae68a02e
28 changed files with 620 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/Web/Common/Security/PasswordGenerator.cs
View File

@@ -13,7 +13,7 @@ public static class PasswordGenerator
private static readonly Random Random = new(); private static readonly Random Random = new();
public static string GeneratePassword( public static string Next(
int length = 15, int length = 15,
bool requireNumber = true, bool requireNumber = true,
bool requireLowercase = true, bool requireLowercase = true,

14
backend/src/Web/Common/Security/RefreshTokenGenerator.cs Normal file
View File

@@ -0,0 +1,14 @@
using System.Security.Cryptography;
namespace Hutopy.Web.Common.Security;
public static class RefreshTokenGenerator
{
public static string Next()
{
var randomNumber = new byte[32];
using var rng = RandomNumberGenerator.Create();
rng.GetBytes(randomNumber);
return Convert.ToBase64String(randomNumber);
}
}

2
backend/src/Web/Features/Users/IdentityRole.cs → backend/src/Web/Features/Users/Data/IdentityRole.cs
View File

@@ -1,6 +1,6 @@
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
namespace Hutopy.Web.Features.Users; namespace Hutopy.Web.Features.Users.Data;
public class IdentityRole : IdentityRole<Guid> public class IdentityRole : IdentityRole<Guid>
{ {

2
backend/src/Web/Features/Users/IdentityService.cs → backend/src/Web/Features/Users/Data/IdentityService.cs
View File

@@ -1,7 +1,7 @@
using System.Security.Claims; using System.Security.Claims;
using Hutopy.Web.Features.Users.Models; using Hutopy.Web.Features.Users.Models;
namespace Hutopy.Web.Features.Users; namespace Hutopy.Web.Features.Users.Data;
public class IdentityService( public class IdentityService(
IdentityUserManager userManager, IdentityUserManager userManager,

4
backend/src/Web/Features/Users/IdentityUser.cs → backend/src/Web/Features/Users/Data/IdentityUser.cs
View File

@@ -1,7 +1,7 @@
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
namespace Hutopy.Web.Features.Users; namespace Hutopy.Web.Features.Users.Data;
public class IdentityUser : IdentityUser<Guid> public class IdentityUser : IdentityUser<Guid>
{ {
@@ -13,5 +13,7 @@ public class IdentityUser : IdentityUser<Guid>
[MaxLength(2048)] public string? PortraitUrl { get; set; } [MaxLength(2048)] public string? PortraitUrl { get; set; }
[MaxLength(255)] public string? GoogleId { get; set; } [MaxLength(255)] public string? GoogleId { get; set; }
[MaxLength(255)] public string? FacebookId { get; set; } [MaxLength(255)] public string? FacebookId { get; set; }
public string RefreshToken { get; set; }
public DateTime RefreshTokenExpiryTime { get; set; }
} }

2
backend/src/Web/Features/Users/IdentityUserManager.cs → backend/src/Web/Features/Users/Data/IdentityUserManager.cs
View File

@@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
namespace Hutopy.Web.Features.Users; namespace Hutopy.Web.Features.Users.Data;
public sealed class IdentityUserManager( public sealed class IdentityUserManager(
IUserStore<IdentityUser> store, IUserStore<IdentityUser> store,

315
backend/src/Web/Features/Users/Data/Migrations/20250417060553_AddsRefreshToken.Designer.cs generated Normal file
View File

@@ -0,0 +1,315 @@
// <auto-generated />
using System;
using Hutopy.Web.Features.Users.Data;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Hutopy.Web.Features.Users.Data.Migrations
{
[DbContext(typeof(ApplicationDbContext))]
[Migration("20250417060553_AddsRefreshToken")]
partial class AddsRefreshToken
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasDefaultSchema("Identity")
.HasAnnotation("ProductVersion", "9.0.3")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityRole", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", "Identity");
});
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityUser", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("Address")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Alias")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<DateTime?>("BirthDate")
.HasColumnType("timestamp with time zone");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<string>("FacebookId")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Firstname")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("GoogleId")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Lastname")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("PortraitUrl")
.HasMaxLength(2048)
.HasColumnType("character varying(2048)");
b.Property<string>("RefreshToken")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("RefreshTokenExpiryTime")
.HasColumnType("timestamp with time zone");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<Guid>("RoleId")
.HasColumnType("uuid");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.Property<Guid>("RoleId")
.HasColumnType("uuid");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

45
backend/src/Web/Features/Users/Data/Migrations/20250417060553_AddsRefreshToken.cs Normal file
View File

@@ -0,0 +1,45 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Hutopy.Web.Features.Users.Data.Migrations
{
/// <inheritdoc />
public partial class AddsRefreshToken : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "RefreshToken",
schema: "Identity",
table: "AspNetUsers",
type: "text",
nullable: false,
defaultValue: "");
migrationBuilder.AddColumn<DateTime>(
name: "RefreshTokenExpiryTime",
schema: "Identity",
table: "AspNetUsers",
type: "timestamp with time zone",
nullable: false,
defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "RefreshToken",
schema: "Identity",
table: "AspNetUsers");
migrationBuilder.DropColumn(
name: "RefreshTokenExpiryTime",
schema: "Identity",
table: "AspNetUsers");
}
}
}

23
backend/src/Web/Features/Users/Data/Migrations/ApplicationDbContextModelSnapshot.cs
View File

@@ -23,7 +23,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder); NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Hutopy.Web.Features.Users.IdentityRole", b => modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityRole", b =>
{ {
b.Property<Guid>("Id") b.Property<Guid>("Id")
.ValueGeneratedOnAdd() .ValueGeneratedOnAdd()
@@ -50,7 +50,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
b.ToTable("AspNetRoles", "Identity"); b.ToTable("AspNetRoles", "Identity");
}); });
modelBuilder.Entity("Hutopy.Web.Features.Users.IdentityUser", b => modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityUser", b =>
{ {
b.Property<Guid>("Id") b.Property<Guid>("Id")
.ValueGeneratedOnAdd() .ValueGeneratedOnAdd()
@@ -124,6 +124,13 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
.HasMaxLength(2048) .HasMaxLength(2048)
.HasColumnType("character varying(2048)"); .HasColumnType("character varying(2048)");
b.Property<string>("RefreshToken")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("RefreshTokenExpiryTime")
.HasColumnType("timestamp with time zone");
b.Property<string>("SecurityStamp") b.Property<string>("SecurityStamp")
.HasColumnType("text"); .HasColumnType("text");
@@ -251,7 +258,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b => modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{ {
b.HasOne("Hutopy.Web.Features.Users.IdentityRole", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany() .WithMany()
.HasForeignKey("RoleId") .HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)
@@ -260,7 +267,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b => modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{ {
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany() .WithMany()
.HasForeignKey("UserId") .HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)
@@ -269,7 +276,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b => modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{ {
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany() .WithMany()
.HasForeignKey("UserId") .HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)
@@ -278,13 +285,13 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b => modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{ {
b.HasOne("Hutopy.Web.Features.Users.IdentityRole", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany() .WithMany()
.HasForeignKey("RoleId") .HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)
.IsRequired(); .IsRequired();
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany() .WithMany()
.HasForeignKey("UserId") .HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)
@@ -293,7 +300,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b => modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{ {
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null) b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany() .WithMany()
.HasForeignKey("UserId") .HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade) .OnDelete(DeleteBehavior.Cascade)

2
backend/src/Web/Features/Users/DependencyInjection.cs
View File

@@ -2,6 +2,8 @@
using Hutopy.Web.Features.Messages.Data; using Hutopy.Web.Features.Messages.Data;
using Hutopy.Web.Features.Users.Data; using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using IdentityRole = Hutopy.Web.Features.Users.Data.IdentityRole;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users; namespace Hutopy.Web.Features.Users;

1
backend/src/Web/Features/Users/Handlers/ChangeAddress.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeAlias.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeBirthDate.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeEmail.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeFullname.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangePhone.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangePortrait.cs
View File

@@ -1,5 +1,6 @@
using Hutopy.Web.Common.BlobStorage; using Hutopy.Web.Common.BlobStorage;
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;

6
backend/src/Web/Features/Users/Handlers/GetCurrentUser.cs
View File

@@ -1,13 +1,11 @@
using Hutopy.Web.Features.Users.Handlers.Models; using Hutopy.Web.Features.Users.Handlers.Models;
using Hutopy.Web.Features.Memberships.Data; using Hutopy.Web.Features.Users.Data;
using Hutopy.Web.Features.Memberships.Infrastructure;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI] [PublicAPI]
public class GetCurrentUserQueryHandler( public class GetCurrentUserQueryHandler(
IdentityService identityService, IdentityService identityService)
MembershipDbContext membershipDbContext)
: EndpointWithoutRequest<UserDto> : EndpointWithoutRequest<UserDto>
{ {
public override void Configure() public override void Configure()

7
backend/src/Web/Features/Users/Handlers/GetCurrentUserProfilePicture.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.BlobStorage; using Hutopy.Web.Common.BlobStorage;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;
@@ -20,6 +21,12 @@ public class GetCurrentUserPortraitHandler(
{ {
var identityUser = await identityService.GetCurrentUserAsync(); var identityUser = await identityService.GetCurrentUserAsync();
if (identityUser is null)
{
await SendNotFoundAsync(cancellationToken);
return;
}
var stream = await blobStorage.DownloadFileAsync( var stream = await blobStorage.DownloadFileAsync(
ContainerNames.Users, ContainerNames.Users,
$"{identityUser.Id.ToString()}/{SubDirectoryNames.Profile}/{CommonFileNames.ProfilePicture}", $"{identityUser.Id.ToString()}/{SubDirectoryNames.Profile}/{CommonFileNames.ProfilePicture}",

23
backend/src/Web/Features/Users/Handlers/LoginWithFacebook.cs
View File

@@ -1,11 +1,14 @@
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization; using System.Text.Json.Serialization;
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI]
public class FacebookUserInfo public class FacebookUserInfo
{ {
[JsonPropertyName("id")] public required string Id { get; init; } [JsonPropertyName("id")] public required string Id { get; init; }
@@ -14,11 +17,13 @@ public class FacebookUserInfo
[JsonPropertyName("picture")] public required FacebookPictureData Picture { get; init; } [JsonPropertyName("picture")] public required FacebookPictureData Picture { get; init; }
} }
[PublicAPI]
public class FacebookPictureData public class FacebookPictureData
{ {
[JsonPropertyName("data")] public required FacebookPicture Picture { get; init; } [JsonPropertyName("data")] public required FacebookPicture Picture { get; init; }
} }
[PublicAPI]
public class FacebookPicture public class FacebookPicture
{ {
[JsonPropertyName("url")] public required string Url { get; init; } [JsonPropertyName("url")] public required string Url { get; init; }
@@ -83,7 +88,7 @@ public class LoginWithFacebookHandler(
if (user is null) if (user is null)
{ {
var generatedPassword = PasswordGenerator.GeneratePassword(); var generatedPassword = PasswordGenerator.Next();
var generatedUser = new IdentityUser var generatedUser = new IdentityUser
{ {
UserName = userInfo.Email ?? $"fb_{userInfo.Id}", UserName = userInfo.Email ?? $"fb_{userInfo.Id}",
@@ -113,20 +118,28 @@ public class LoginWithFacebookHandler(
await signInManager.SignInAsync(user, isPersistent: false); await signInManager.SignInAsync(user, isPersistent: false);
// Generate refresh token
var refreshToken = RefreshTokenGenerator.Next();
// Store refresh token in user's properties
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
var accessToken = JwtTokenHelper.GenerateJwtToken( var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime, expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer, issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience, audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key, key: jwtOptions.Value.Key,
userId: user.Id.ToString(), userId: user.Id.ToString(),
email: user.Email, email: user.Email ?? string.Empty,
alias: user.Alias, alias: user.Alias,
firstname: user.Firstname, firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname, lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl); portraitUrl: user.PortraitUrl);
await SendOkAsync( await SendOkAsync(
new LoginWithFacebookResponse(accessToken, string.Empty), new LoginWithFacebookResponse(accessToken, refreshToken),
cancellation: ct); cancellation: ct);
} }
} }

20
backend/src/Web/Features/Users/Handlers/LoginWithGoogle.cs
View File

@@ -1,8 +1,10 @@
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization; using System.Text.Json.Serialization;
using Hutopy.Web.Common.Security; using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users.Handlers; namespace Hutopy.Web.Features.Users.Handlers;
@@ -90,7 +92,7 @@ public class LoginWithGoogleHandler(
if (user is null) if (user is null)
{ {
var generatedPassword = PasswordGenerator.GeneratePassword(); var generatedPassword = PasswordGenerator.Next();
var generatedUser = new IdentityUser var generatedUser = new IdentityUser
{ {
UserName = userInfo.Email, UserName = userInfo.Email,
@@ -120,20 +122,28 @@ public class LoginWithGoogleHandler(
await signInManager.SignInAsync(user, isPersistent: false); await signInManager.SignInAsync(user, isPersistent: false);
// Generate refresh token
var refreshToken = RefreshTokenGenerator.Next();
// Store refresh token in user's properties
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
var accessToken = JwtTokenHelper.GenerateJwtToken( var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime, expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer, issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience, audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key, key: jwtOptions.Value.Key,
userId: user.Id.ToString(), userId: user.Id.ToString(),
email: user.Email, email: user.Email ?? string.Empty,
alias: user.Alias, alias: user.Alias,
firstname: user.Firstname, firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname, lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl); portraitUrl: user.PortraitUrl);
await SendOkAsync( await SendOkAsync(
new LoginWithGoogleResponse(accessToken, string.Empty), new LoginWithGoogleResponse(accessToken, refreshToken),
cancellation: ct); cancellation: ct);
} }
} }

76
backend/src/Web/Features/Users/Handlers/RefreshToken.cs Normal file
View File

@@ -0,0 +1,76 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.Extensions.Options;
namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI]
public record RefreshTokenRequest(
string RefreshToken);
[PublicAPI]
public record RefreshTokenResponse(
string AccessToken,
string RefreshToken);
[PublicAPI]
public class RefreshTokenHandler(
IdentityUserManager userManager,
IOptionsSnapshot<JwtOptions> jwtOptions)
: Endpoint<RefreshTokenRequest, RefreshTokenResponse>
{
public override void Configure()
{
AllowAnonymous();
Post("/api/users/refresh");
Options(o => o.WithTags("Users"));
}
public override async Task HandleAsync(
RefreshTokenRequest request,
CancellationToken ct)
{
// Find user with the refresh token
var user = await userManager.Users
.FirstOrDefaultAsync(u => u.RefreshToken == request.RefreshToken, ct);
if (user == null || user.RefreshTokenExpiryTime <= DateTime.UtcNow)
{
await SendUnauthorizedAsync(ct);
return;
}
// Generate new refresh token if rotation is required
string newRefreshToken;
if (jwtOptions.Value.RefreshTokenRequireRotation)
{
newRefreshToken = RefreshTokenGenerator.Next();
user.RefreshToken = newRefreshToken;
}
else
{
newRefreshToken = user.RefreshToken;
}
// Update refresh token expiry time
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
// Generate new access token
var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key,
userId: user.Id.ToString(),
email: user.Email ?? string.Empty,
alias: user.Alias,
firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl);
await SendOkAsync(
new RefreshTokenResponse(accessToken, newRefreshToken),
cancellation: ct);
}
}

3
backend/src/Web/Features/Users/JwtOptions.cs
View File

@@ -8,4 +8,7 @@ public record JwtOptions
public required string Issuer { get; init; } public required string Issuer { get; init; }
public required string Audience { get; init; } public required string Audience { get; init; }
public required string Key { get; init; } public required string Key { get; init; }
public TimeSpan RefreshTokenLifetime { get; init; }
public bool RefreshTokenRequireRotation { get; init; }
} }

4
backend/src/Web/appsettings.json
View File

@@ -16,7 +16,9 @@
"Lifetime": "00:30:00", "Lifetime": "00:30:00",
"Audience": "hutopy", "Audience": "hutopy",
"Issuer": "https://auth.hutopy.com", "Issuer": "https://auth.hutopy.com",
"Key": "b2df428b9929d3ace7c598bbf4e496b2f0b71ab3cd4f94540356cfc35b000000" "Key": "b2df428b9929d3ace7c598bbf4e496b2f0b71ab3cd4f94540356cfc35b000000",
"RefreshTokenLifetime": "7.00:00:00",
"RefreshTokenRequireRotation": true
} }
}, },
"Contents": { "Contents": {

44
frontend/src/plugins/api.js
View File

@@ -4,42 +4,52 @@ import {useAuthStore} from "@/stores/authStore.js"
export function useClient() { export function useClient() {
if (!import.meta.env.VITE_API_URL) throw new Error("VITE_API_URL is not provided") if (!import.meta.env.VITE_API_URL) throw new Error("VITE_API_URL is not provided")
const api = axios.create({ const authStore = useAuthStore()
const client = axios.create({
baseURL: import.meta.env.VITE_API_URL, baseURL: import.meta.env.VITE_API_URL,
timeout: 10000, headers: {
'Content-Type': 'application/json',
},
}); });
const authStore = useAuthStore() // Request interceptor
const requestInterceptor = (config) => { client.interceptors.request.use(async (config) => {
// Proactively check and refresh token if needed
if (authStore.isAuthenticated) { if (authStore.isAuthenticated) {
config.headers["Authorization"] = `Bearer ${authStore.accessToken}` try {
console.log('within api call')
await authStore.ensureValidToken();
} catch (error) {
console.error('Failed to ensure valid token:', error);
} }
return config
} }
api.interceptors.request.use(requestInterceptor); if (authStore.isAuthenticated) {
config.headers.Authorization = `Bearer ${authStore.accessToken}`;
}
return config;
});
// Add response interceptor for token refresh // Response interceptor
api.interceptors.response.use( client.interceptors.response.use(
(response) => response, (response) => response,
async (error) => { async (error) => {
const originalRequest = error.config; const originalRequest = error.config;
// If error is 401 and we haven't tried to refresh the token yet // If the error is 401 and we haven't tried to refresh the token yet
if (error.response?.status === 401 && !originalRequest._retry) { if (error.response?.status === 401 && !originalRequest._retry) {
console.log('Received 401 error, attempting token refresh...');
originalRequest._retry = true; originalRequest._retry = true;
try { try {
// Attempt to refresh the token
await authStore.refresh(); await authStore.refresh();
console.log('Token refresh successful, retrying original request...');
// Retry the original request with the new token // Retry the original request with the new token
originalRequest.headers["Authorization"] = `Bearer ${authStore.accessToken}`; return client(originalRequest);
return api(originalRequest);
} catch (refreshError) { } catch (refreshError) {
// If refresh fails, logout the user console.error('Token refresh failed, logging out user:', refreshError);
await authStore.logout(); await authStore.logout();
return Promise.reject(refreshError); throw refreshError;
} }
} }
@@ -47,6 +57,6 @@ export function useClient() {
} }
); );
return api; return client;
} }

43
frontend/src/stores/authStore.js
View File

@@ -1,5 +1,5 @@
import {defineStore} from 'pinia'; import {defineStore} from 'pinia';
import {computed} from "vue"; import {computed, ref} from "vue";
import {useRouter} from "vue-router"; import {useRouter} from "vue-router";
import {useClient} from "@/plugins/api.js"; import {useClient} from "@/plugins/api.js";
import {useSessionStorage} from "@vueuse/core"; import {useSessionStorage} from "@vueuse/core";
@@ -9,11 +9,12 @@ function getClaimsFromToken(token) {
try { try {
return jwtDecode(token); return jwtDecode(token);
} catch (error) { } catch (error) {
console.error('Failed to decode token:', error);
return null; return null;
} }
} }
function isTokenExpired(token) { function isTokenExpiringSoon(token) {
if (!token) return true; if (!token) return true;
const claims = getClaimsFromToken(token); const claims = getClaimsFromToken(token);
if (!claims) return true; if (!claims) return true;
@@ -30,10 +31,15 @@ export const useAuthStore = defineStore(
const clientApi = useClient() const clientApi = useClient()
const router = useRouter() const router = useRouter()
// Flag to track if we're currently refreshing the token
const isRefreshing = ref(false)
// Store the refresh promise to avoid multiple concurrent refreshes
let refreshPromise = null
const accessToken = useSessionStorage('auth-accessToken', undefined) const accessToken = useSessionStorage('auth-accessToken', undefined)
const refreshToken = useSessionStorage('auth-refreshToken', undefined) const refreshToken = useSessionStorage('auth-refreshToken', undefined)
const isAuthenticated = computed(() => !!accessToken.value && !isTokenExpired(accessToken.value)) const isAuthenticated = computed(() => !!accessToken.value)
const userId = computed(() => { const userId = computed(() => {
const claims = getClaimsFromToken(accessToken.value) const claims = getClaimsFromToken(accessToken.value)
@@ -111,7 +117,16 @@ export const useAuthStore = defineStore(
throw new Error('No refresh token available'); throw new Error('No refresh token available');
} }
// If we're already refreshing, return the existing promise
if (isRefreshing.value && refreshPromise) {
return refreshPromise;
}
// Create a new refresh promise
refreshPromise = (async () => {
try { try {
isRefreshing.value = true;
const response = await clientApi.post( const response = await clientApi.post(
'api/users/refresh', 'api/users/refresh',
{ {
@@ -122,18 +137,35 @@ export const useAuthStore = defineStore(
accessToken: response.data.accessToken, accessToken: response.data.accessToken,
refreshToken: response.data.refreshToken refreshToken: response.data.refreshToken
}); });
isRefreshing.value = false;
refreshPromise = null;
return true; return true;
} catch (error) { } catch (error) {
console.error('Token refresh failed:', error); console.error('Token refresh failed:', error);
isRefreshing.value = false;
refreshPromise = null;
// Only clear tokens and session storage after a failed refresh attempt
cleanTokens(); cleanTokens();
// Force a redirect to the login page
await router.push('/login');
throw error; throw error;
} }
})();
return refreshPromise;
} }
// Function to check if token needs refresh // Function to check if token needs refresh
async function ensureValidToken() { async function ensureValidToken() {
if (isTokenExpired(accessToken.value)) { if (isTokenExpiringSoon(accessToken.value)) {
await refresh(); // Start the refresh process without waiting for it to complete
refresh().catch(error => {
console.error('Error during token refresh:', error);
});
} }
} }
@@ -142,6 +174,7 @@ export const useAuthStore = defineStore(
refreshToken, refreshToken,
isAuthenticated, isAuthenticated,
userId, userId,
isRefreshing,
login, login,
loginWithGoogle, loginWithGoogle,
loginWithFacebook, loginWithFacebook,

2
frontend/src/stores/creatorProfileStore.js
View File

@@ -22,7 +22,7 @@ export const useCreatorProfileStore = defineStore(
} else { } else {
await router.push('/'); await router.push('/');
} }
} else { } else if (!authStore.isRefreshing) {
value.value = undefined; value.value = undefined;
} }
} }

4
frontend/src/stores/userProfileStore.js
View File

@@ -15,7 +15,7 @@ export const useUserProfileStore = defineStore(
async (newValue) => { async (newValue) => {
if (newValue) { if (newValue) {
await fetchCurrentUserProfile() await fetchCurrentUserProfile()
} else { } else if (!authStore.isRefreshing) {
value.value = undefined value.value = undefined
} }
}) })
@@ -59,7 +59,7 @@ export const useUserProfileStore = defineStore(
const userResponse = await client.get("/api/users/profile"); const userResponse = await client.get("/api/users/profile");
value.value = userResponse.data value.value = userResponse.data
} catch (error) { } catch (error) {
value.value = undefined; console.error(error)
} }
} }