jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds supports for RefreshTokens

Browse Source
This commit is contained in:
Jonathan Bourdon
2025-04-17 04:33:28 -04:00
parent c19e2eb493
commit 16ae68a02e
28 changed files with 620 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/Web/Common/Security/PasswordGenerator.cs
View File

@@ -13,7 +13,7 @@ public static class PasswordGenerator
private static readonly Random Random = new();
public static string GeneratePassword(
public static string Next(
int length = 15,
bool requireNumber = true,
bool requireLowercase = true,

14
backend/src/Web/Common/Security/RefreshTokenGenerator.cs Normal file
View File

@@ -0,0 +1,14 @@
using System.Security.Cryptography;
namespace Hutopy.Web.Common.Security;
public static class RefreshTokenGenerator
{
public static string Next()
{
var randomNumber = new byte[32];
using var rng = RandomNumberGenerator.Create();
rng.GetBytes(randomNumber);
return Convert.ToBase64String(randomNumber);
}
}

2
backend/src/Web/Features/Users/IdentityRole.cs → backend/src/Web/Features/Users/Data/IdentityRole.cs
View File

@@ -1,6 +1,6 @@
using Microsoft.AspNetCore.Identity;
namespace Hutopy.Web.Features.Users;
namespace Hutopy.Web.Features.Users.Data;
public class IdentityRole : IdentityRole<Guid>
{

2
backend/src/Web/Features/Users/IdentityService.cs → backend/src/Web/Features/Users/Data/IdentityService.cs
View File

@@ -1,7 +1,7 @@
using System.Security.Claims;
using Hutopy.Web.Features.Users.Models;
namespace Hutopy.Web.Features.Users;
namespace Hutopy.Web.Features.Users.Data;
public class IdentityService(
IdentityUserManager userManager,

4
backend/src/Web/Features/Users/IdentityUser.cs → backend/src/Web/Features/Users/Data/IdentityUser.cs
View File

@@ -1,7 +1,7 @@
using System.ComponentModel.DataAnnotations;
using Microsoft.AspNetCore.Identity;
namespace Hutopy.Web.Features.Users;
namespace Hutopy.Web.Features.Users.Data;
public class IdentityUser : IdentityUser<Guid>
{
@@ -13,5 +13,7 @@ public class IdentityUser : IdentityUser<Guid>
[MaxLength(2048)] public string? PortraitUrl { get; set; }
[MaxLength(255)] public string? GoogleId { get; set; }
[MaxLength(255)] public string? FacebookId { get; set; }
public string RefreshToken { get; set; }
public DateTime RefreshTokenExpiryTime { get; set; }
}

2
backend/src/Web/Features/Users/IdentityUserManager.cs → backend/src/Web/Features/Users/Data/IdentityUserManager.cs
View File

@@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
namespace Hutopy.Web.Features.Users;
namespace Hutopy.Web.Features.Users.Data;
public sealed class IdentityUserManager(
IUserStore<IdentityUser> store,

315
backend/src/Web/Features/Users/Data/Migrations/20250417060553_AddsRefreshToken.Designer.cs generated Normal file
View File

@@ -0,0 +1,315 @@
// <auto-generated />
using System;
using Hutopy.Web.Features.Users.Data;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Hutopy.Web.Features.Users.Data.Migrations
{
[DbContext(typeof(ApplicationDbContext))]
[Migration("20250417060553_AddsRefreshToken")]
partial class AddsRefreshToken
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasDefaultSchema("Identity")
.HasAnnotation("ProductVersion", "9.0.3")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityRole", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", "Identity");
});
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityUser", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("Address")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Alias")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<DateTime?>("BirthDate")
.HasColumnType("timestamp with time zone");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<string>("FacebookId")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Firstname")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("GoogleId")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<string>("Lastname")
.HasMaxLength(255)
.HasColumnType("character varying(255)");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("PortraitUrl")
.HasMaxLength(2048)
.HasColumnType("character varying(2048)");
b.Property<string>("RefreshToken")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("RefreshTokenExpiryTime")
.HasColumnType("timestamp with time zone");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<Guid>("RoleId")
.HasColumnType("uuid");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.Property<Guid>("RoleId")
.HasColumnType("uuid");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{
b.Property<Guid>("UserId")
.HasColumnType("uuid");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", "Identity");
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

45
backend/src/Web/Features/Users/Data/Migrations/20250417060553_AddsRefreshToken.cs Normal file
View File

@@ -0,0 +1,45 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Hutopy.Web.Features.Users.Data.Migrations
{
/// <inheritdoc />
public partial class AddsRefreshToken : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "RefreshToken",
schema: "Identity",
table: "AspNetUsers",
type: "text",
nullable: false,
defaultValue: "");
migrationBuilder.AddColumn<DateTime>(
name: "RefreshTokenExpiryTime",
schema: "Identity",
table: "AspNetUsers",
type: "timestamp with time zone",
nullable: false,
defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "RefreshToken",
schema: "Identity",
table: "AspNetUsers");
migrationBuilder.DropColumn(
name: "RefreshTokenExpiryTime",
schema: "Identity",
table: "AspNetUsers");
}
}
}

23
backend/src/Web/Features/Users/Data/Migrations/ApplicationDbContextModelSnapshot.cs
View File

@@ -23,7 +23,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Hutopy.Web.Features.Users.IdentityRole", b =>
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityRole", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
@@ -50,7 +50,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
b.ToTable("AspNetRoles", "Identity");
});
modelBuilder.Entity("Hutopy.Web.Features.Users.IdentityUser", b =>
modelBuilder.Entity("Hutopy.Web.Features.Users.Data.IdentityUser", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
@@ -124,6 +124,13 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
.HasMaxLength(2048)
.HasColumnType("character varying(2048)");
b.Property<string>("RefreshToken")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("RefreshTokenExpiryTime")
.HasColumnType("timestamp with time zone");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
@@ -251,7 +258,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.IdentityRole", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
@@ -260,7 +267,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
@@ -269,7 +276,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
@@ -278,13 +285,13 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.IdentityRole", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
@@ -293,7 +300,7 @@ namespace Hutopy.Web.Features.Users.Data.Migrations
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
{
b.HasOne("Hutopy.Web.Features.Users.IdentityUser", null)
b.HasOne("Hutopy.Web.Features.Users.Data.IdentityUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)

2
backend/src/Web/Features/Users/DependencyInjection.cs
View File

@@ -2,6 +2,8 @@
using Hutopy.Web.Features.Messages.Data;
using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity;
using IdentityRole = Hutopy.Web.Features.Users.Data.IdentityRole;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users;

1
backend/src/Web/Features/Users/Handlers/ChangeAddress.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeAlias.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeBirthDate.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeEmail.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangeFullname.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangePhone.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

1
backend/src/Web/Features/Users/Handlers/ChangePortrait.cs
View File

@@ -1,5 +1,6 @@
using Hutopy.Web.Common.BlobStorage;
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;

6
backend/src/Web/Features/Users/Handlers/GetCurrentUser.cs
View File

@@ -1,13 +1,11 @@
using Hutopy.Web.Features.Users.Handlers.Models;
using Hutopy.Web.Features.Memberships.Data;
using Hutopy.Web.Features.Memberships.Infrastructure;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI]
public class GetCurrentUserQueryHandler(
IdentityService identityService,
MembershipDbContext membershipDbContext)
IdentityService identityService)
: EndpointWithoutRequest<UserDto>
{
public override void Configure()

7
backend/src/Web/Features/Users/Handlers/GetCurrentUserProfilePicture.cs
View File

@@ -1,4 +1,5 @@
using Hutopy.Web.Common.BlobStorage;
using Hutopy.Web.Features.Users.Data;
namespace Hutopy.Web.Features.Users.Handlers;
@@ -20,6 +21,12 @@ public class GetCurrentUserPortraitHandler(
{
var identityUser = await identityService.GetCurrentUserAsync();
if (identityUser is null)
{
await SendNotFoundAsync(cancellationToken);
return;
}
var stream = await blobStorage.DownloadFileAsync(
ContainerNames.Users,
$"{identityUser.Id.ToString()}/{SubDirectoryNames.Profile}/{CommonFileNames.ProfilePicture}",

23
backend/src/Web/Features/Users/Handlers/LoginWithFacebook.cs
View File

@@ -1,11 +1,14 @@
using System.Text.Json;
using System.Text.Json.Serialization;
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI]
public class FacebookUserInfo
{
[JsonPropertyName("id")] public required string Id { get; init; }
@@ -14,11 +17,13 @@ public class FacebookUserInfo
[JsonPropertyName("picture")] public required FacebookPictureData Picture { get; init; }
}
[PublicAPI]
public class FacebookPictureData
{
[JsonPropertyName("data")] public required FacebookPicture Picture { get; init; }
}
[PublicAPI]
public class FacebookPicture
{
[JsonPropertyName("url")] public required string Url { get; init; }
@@ -83,7 +88,7 @@ public class LoginWithFacebookHandler(
if (user is null)
{
var generatedPassword = PasswordGenerator.GeneratePassword();
var generatedPassword = PasswordGenerator.Next();
var generatedUser = new IdentityUser
{
UserName = userInfo.Email ?? $"fb_{userInfo.Id}",
@@ -113,20 +118,28 @@ public class LoginWithFacebookHandler(
await signInManager.SignInAsync(user, isPersistent: false);
// Generate refresh token
var refreshToken = RefreshTokenGenerator.Next();
// Store refresh token in user's properties
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key,
userId: user.Id.ToString(),
email: user.Email,
email: user.Email ?? string.Empty,
alias: user.Alias,
firstname: user.Firstname,
lastname: user.Lastname,
firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl);
await SendOkAsync(
new LoginWithFacebookResponse(accessToken, string.Empty),
new LoginWithFacebookResponse(accessToken, refreshToken),
cancellation: ct);
}
}

20
backend/src/Web/Features/Users/Handlers/LoginWithGoogle.cs
View File

@@ -1,8 +1,10 @@
using System.Text.Json;
using System.Text.Json.Serialization;
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using IdentityUser = Hutopy.Web.Features.Users.Data.IdentityUser;
namespace Hutopy.Web.Features.Users.Handlers;
@@ -90,7 +92,7 @@ public class LoginWithGoogleHandler(
if (user is null)
{
var generatedPassword = PasswordGenerator.GeneratePassword();
var generatedPassword = PasswordGenerator.Next();
var generatedUser = new IdentityUser
{
UserName = userInfo.Email,
@@ -120,20 +122,28 @@ public class LoginWithGoogleHandler(
await signInManager.SignInAsync(user, isPersistent: false);
// Generate refresh token
var refreshToken = RefreshTokenGenerator.Next();
// Store refresh token in user's properties
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key,
userId: user.Id.ToString(),
email: user.Email,
email: user.Email ?? string.Empty,
alias: user.Alias,
firstname: user.Firstname,
lastname: user.Lastname,
firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl);
await SendOkAsync(
new LoginWithGoogleResponse(accessToken, string.Empty),
new LoginWithGoogleResponse(accessToken, refreshToken),
cancellation: ct);
}
}

76
backend/src/Web/Features/Users/Handlers/RefreshToken.cs Normal file
View File

@@ -0,0 +1,76 @@
using Hutopy.Web.Common.Security;
using Hutopy.Web.Features.Users.Data;
using Microsoft.Extensions.Options;
namespace Hutopy.Web.Features.Users.Handlers;
[PublicAPI]
public record RefreshTokenRequest(
string RefreshToken);
[PublicAPI]
public record RefreshTokenResponse(
string AccessToken,
string RefreshToken);
[PublicAPI]
public class RefreshTokenHandler(
IdentityUserManager userManager,
IOptionsSnapshot<JwtOptions> jwtOptions)
: Endpoint<RefreshTokenRequest, RefreshTokenResponse>
{
public override void Configure()
{
AllowAnonymous();
Post("/api/users/refresh");
Options(o => o.WithTags("Users"));
}
public override async Task HandleAsync(
RefreshTokenRequest request,
CancellationToken ct)
{
// Find user with the refresh token
var user = await userManager.Users
.FirstOrDefaultAsync(u => u.RefreshToken == request.RefreshToken, ct);
if (user == null || user.RefreshTokenExpiryTime <= DateTime.UtcNow)
{
await SendUnauthorizedAsync(ct);
return;
}
// Generate new refresh token if rotation is required
string newRefreshToken;
if (jwtOptions.Value.RefreshTokenRequireRotation)
{
newRefreshToken = RefreshTokenGenerator.Next();
user.RefreshToken = newRefreshToken;
}
else
{
newRefreshToken = user.RefreshToken;
}
// Update refresh token expiry time
user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
await userManager.UpdateAsync(user);
// Generate new access token
var accessToken = JwtTokenHelper.GenerateJwtToken(
expiresIn: jwtOptions.Value.Lifetime,
issuer: jwtOptions.Value.Issuer,
audience: jwtOptions.Value.Audience,
key: jwtOptions.Value.Key,
userId: user.Id.ToString(),
email: user.Email ?? string.Empty,
alias: user.Alias,
firstname: user.Firstname ?? string.Empty,
lastname: user.Lastname ?? string.Empty,
portraitUrl: user.PortraitUrl);
await SendOkAsync(
new RefreshTokenResponse(accessToken, newRefreshToken),
cancellation: ct);
}
}

3
backend/src/Web/Features/Users/JwtOptions.cs
View File

@@ -8,4 +8,7 @@ public record JwtOptions
public required string Issuer { get; init; }
public required string Audience { get; init; }
public required string Key { get; init; }
public TimeSpan RefreshTokenLifetime { get; init; }
public bool RefreshTokenRequireRotation { get; init; }
}

4
backend/src/Web/appsettings.json
View File

@@ -16,7 +16,9 @@
"Lifetime": "00:30:00",
"Audience": "hutopy",
"Issuer": "https://auth.hutopy.com",
"Key": "b2df428b9929d3ace7c598bbf4e496b2f0b71ab3cd4f94540356cfc35b000000"
"Key": "b2df428b9929d3ace7c598bbf4e496b2f0b71ab3cd4f94540356cfc35b000000",
"RefreshTokenLifetime": "7.00:00:00",
"RefreshTokenRequireRotation": true
}
},
"Contents": {

46
frontend/src/plugins/api.js
View File

@@ -4,42 +4,52 @@ import {useAuthStore} from "@/stores/authStore.js"
export function useClient() {
if (!import.meta.env.VITE_API_URL) throw new Error("VITE_API_URL is not provided")
const api = axios.create({
const authStore = useAuthStore()
const client = axios.create({
baseURL: import.meta.env.VITE_API_URL,
timeout: 10000,
headers: {
'Content-Type': 'application/json',
},
});
const authStore = useAuthStore()
const requestInterceptor = (config) => {
// Request interceptor
client.interceptors.request.use(async (config) => {
// Proactively check and refresh token if needed
if (authStore.isAuthenticated) {
config.headers["Authorization"] = `Bearer ${authStore.accessToken}`
try {
console.log('within api call')
await authStore.ensureValidToken();
} catch (error) {
console.error('Failed to ensure valid token:', error);
}
}
return config
}
api.interceptors.request.use(requestInterceptor);
if (authStore.isAuthenticated) {
config.headers.Authorization = `Bearer ${authStore.accessToken}`;
}
return config;
});
// Add response interceptor for token refresh
api.interceptors.response.use(
// Response interceptor
client.interceptors.response.use(
(response) => response,
async (error) => {
const originalRequest = error.config;
// If error is 401 and we haven't tried to refresh the token yet
// If the error is 401 and we haven't tried to refresh the token yet
if (error.response?.status === 401 && !originalRequest._retry) {
console.log('Received 401 error, attempting token refresh...');
originalRequest._retry = true;
try {
// Attempt to refresh the token
await authStore.refresh();
console.log('Token refresh successful, retrying original request...');
// Retry the original request with the new token
originalRequest.headers["Authorization"] = `Bearer ${authStore.accessToken}`;
return api(originalRequest);
return client(originalRequest);
} catch (refreshError) {
// If refresh fails, logout the user
console.error('Token refresh failed, logging out user:', refreshError);
await authStore.logout();
return Promise.reject(refreshError);
throw refreshError;
}
}
@@ -47,6 +57,6 @@ export function useClient() {
}
);
return api;
return client;
}

73
frontend/src/stores/authStore.js
View File

@@ -1,5 +1,5 @@
import {defineStore} from 'pinia';
import {computed} from "vue";
import {computed, ref} from "vue";
import {useRouter} from "vue-router";
import {useClient} from "@/plugins/api.js";
import {useSessionStorage} from "@vueuse/core";
@@ -9,11 +9,12 @@ function getClaimsFromToken(token) {
try {
return jwtDecode(token);
} catch (error) {
console.error('Failed to decode token:', error);
return null;
}
}
function isTokenExpired(token) {
function isTokenExpiringSoon(token) {
if (!token) return true;
const claims = getClaimsFromToken(token);
if (!claims) return true;
@@ -30,10 +31,15 @@ export const useAuthStore = defineStore(
const clientApi = useClient()
const router = useRouter()
// Flag to track if we're currently refreshing the token
const isRefreshing = ref(false)
// Store the refresh promise to avoid multiple concurrent refreshes
let refreshPromise = null
const accessToken = useSessionStorage('auth-accessToken', undefined)
const refreshToken = useSessionStorage('auth-refreshToken', undefined)
const isAuthenticated = computed(() => !!accessToken.value && !isTokenExpired(accessToken.value))
const isAuthenticated = computed(() => !!accessToken.value)
const userId = computed(() => {
const claims = getClaimsFromToken(accessToken.value)
@@ -111,29 +117,55 @@ export const useAuthStore = defineStore(
throw new Error('No refresh token available');
}
try {
const response = await clientApi.post(
'api/users/refresh',
{
refreshToken: refreshToken.value
// If we're already refreshing, return the existing promise
if (isRefreshing.value && refreshPromise) {
return refreshPromise;
}
// Create a new refresh promise
refreshPromise = (async () => {
try {
isRefreshing.value = true;
const response = await clientApi.post(
'api/users/refresh',
{
refreshToken: refreshToken.value
});
updateTokens({
accessToken: response.data.accessToken,
refreshToken: response.data.refreshToken
});
updateTokens({
accessToken: response.data.accessToken,
refreshToken: response.data.refreshToken
});
return true;
} catch (error) {
console.error('Token refresh failed:', error);
cleanTokens();
throw error;
}
isRefreshing.value = false;
refreshPromise = null;
return true;
} catch (error) {
console.error('Token refresh failed:', error);
isRefreshing.value = false;
refreshPromise = null;
// Only clear tokens and session storage after a failed refresh attempt
cleanTokens();
// Force a redirect to the login page
await router.push('/login');
throw error;
}
})();
return refreshPromise;
}
// Function to check if token needs refresh
async function ensureValidToken() {
if (isTokenExpired(accessToken.value)) {
await refresh();
if (isTokenExpiringSoon(accessToken.value)) {
// Start the refresh process without waiting for it to complete
refresh().catch(error => {
console.error('Error during token refresh:', error);
});
}
}
@@ -142,6 +174,7 @@ export const useAuthStore = defineStore(
refreshToken,
isAuthenticated,
userId,
isRefreshing,
login,
loginWithGoogle,
loginWithFacebook,

2
frontend/src/stores/creatorProfileStore.js
View File

@@ -22,7 +22,7 @@ export const useCreatorProfileStore = defineStore(
} else {
await router.push('/');
}
} else {
} else if (!authStore.isRefreshing) {
value.value = undefined;
}
}

4
frontend/src/stores/userProfileStore.js
View File

@@ -15,7 +15,7 @@ export const useUserProfileStore = defineStore(
async (newValue) => {
if (newValue) {
await fetchCurrentUserProfile()
} else {
} else if (!authStore.isRefreshing) {
value.value = undefined
}
})
@@ -59,7 +59,7 @@ export const useUserProfileStore = defineStore(
const userResponse = await client.get("/api/users/profile");
value.value = userResponse.data
} catch (error) {
value.value = undefined;
console.error(error)
}
}