Add user school list endpoint

src/Vulder.Admin.Api/Controllers/User/LoginController.cs

@@ -7,7 +7,6 @@
 namespace Vulder.Admin.Api.Controllers.User
 {
     [ApiController]
-    [Authorize]
     [Route("user/[controller]")]
     public class LoginController : ControllerBase
     {
@@ -21,7 +20,6 @@ public LoginController(IMediator mediator, IJwtService jwtService)
         }
 
         [HttpPost]
-        [AllowAnonymous]
         public async Task<IActionResult> Post([FromBody] Core.Models.UserModel user)
         {
             var userDto = await _mediator.Send(user);

src/Vulder.Admin.Api/Controllers/User/RegisterController.cs

@@ -3,12 +3,10 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Vulder.Admin.Core.Interfaces;
-using Vulder.Admin.Core.Services;
 
 namespace Vulder.Admin.Api.Controllers.User
 {
     [ApiController]
-    [Authorize]
     [Route("user/[controller]")]
     public class RegisterController : ControllerBase
     {
@@ -22,7 +20,6 @@ public RegisterController(IMediator mediator, IJwtService jwtService)
         }
 
         [HttpPost]
-        [AllowAnonymous]
         public async Task<IActionResult> Post([FromBody]Core.Models.UserModel userModel)
         {
             var user = await _mediator.Send(

src/Vulder.Admin.Api/Controllers/User/SchoolListController.cs

@@ -0,0 +1,35 @@
+using System.Security.Claims;
+using System.Threading.Tasks;
+using MediatR;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Vulder.Admin.Core.Models;
+
+namespace Vulder.Admin.Api.Controllers.User
+{
+    [Authorize]
+    [ApiController]
+    [Route("user/[controller]")]
+    public class SchoolListController : ControllerBase
+    {
+        private readonly IMediator _mediator;
+
+        public SchoolListController(IMediator mediator)
+        {
+            _mediator = mediator;
+        }
+
+        [HttpGet]
+        public async Task<IActionResult> Get()
+        {
+            var schoolsDto = await _mediator.Send(new JwtModel
+            {
+                Id = User.FindFirst(ClaimTypes.Sid)?.Value,
+                Email = User.FindFirst(ClaimTypes.Email)?.Value
+            });
+
+            return Ok(schoolsDto);
+        }
+    }
+}

src/Vulder.Admin.Api/Startup.cs

@@ -1,4 +1,6 @@
 using System;
+using System.Collections;
+using System.Collections.Generic;
 using Autofac;
 using FluentValidation;
 using FluentValidation.AspNetCore;
@@ -8,10 +10,10 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.OpenApi.Models;
+using Vulder.Admin.Core;
 using Vulder.Admin.Core.Models;
 using Vulder.Admin.Core.Validators;
 using Vulder.Admin.Infrastructure;
-using Vulder.Admin.Infrastructure.Configuration;
 
 namespace Vulder.Admin.Api
 {
@@ -29,8 +31,7 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            services.Configure<AuthConfiguration>(Configuration.GetSection("Auth"));
-
+            services.AddJwtDefault(Configuration);
             services.AddCors(options =>
             {
                 options.AddPolicy(name: CorsPolicyName,
@@ -41,15 +42,30 @@ public void ConfigureServices(IServiceCollection services)
                             .AllowAnyHeader();
                     });
             });
-
             services.AddControllers()
                 .AddNewtonsoftJson()
                 .AddFluentValidation();
             services.AddModelsToValidate();
-
             services.AddSwaggerGen(c =>
             {
                 c.SwaggerDoc("v1", new OpenApiInfo { Title = "Vulder.Admin.Api", Version = "v1" });
+                var securitySchema = new OpenApiSecurityScheme
+                {
+                    Name = "Authorization",
+                    Description = "JWT Auth header",
+                    In = ParameterLocation.Header,
+                    Type = SecuritySchemeType.ApiKey,
+                    Reference = new OpenApiReference
+                    {
+                        Type = ReferenceType.SecurityScheme,
+                        Id = "Bearer"
+                    },
+                };
+                c.AddSecurityDefinition("Bearer", securitySchema);
+                c.AddSecurityRequirement(new OpenApiSecurityRequirement
+                {
+                    { securitySchema, new [] { "Bearer" } }   
+                });
             });
         }
 
@@ -59,6 +75,7 @@ public void ConfigureContainer(ContainerBuilder builder)
                Environment.GetEnvironmentVariable("POSTGRES_CONNECTION")
                ?? Configuration["Postgres:ConnectionString"])
             );
+            builder.RegisterModule(new DefaultCoreModule(Configuration));
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -76,11 +93,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseRouting();
 
             app.UseCors(CorsPolicyName);
+
+            app.UseAuthentication();
 
             app.UseAuthorization();
 
-            app.UseAuthentication();
-
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapControllers();

src/Vulder.Admin.Api/Vulder.Admin.Api.csproj

@@ -9,15 +9,15 @@
     <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="7.1.0" />
     <PackageReference Include="FluentValidation" Version="10.3.0" />
     <PackageReference Include="FluentValidation.AspNetCore" Version="10.3.0" />
-    <PackageReference Include="JWT" Version="8.4.0-beta1" />
-    <PackageReference Include="JWT.Extensions.AspNetCore" Version="7.2.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.9" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="5.0.8" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="5.0.8">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Newtonsoft.Json.Bson" Version="1.0.2" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.12.2" />
   </ItemGroup>
 
   <ItemGroup>

src/Vulder.Admin.Api/appsettings.json

@@ -1,6 +1,8 @@
 {
   "Auth": {
-    "Key": "wV7unQu7Uj+2vN8ve76BZcYpPLivN4zRfHtEPJYaCuY="
+    "Key": "wV7unQu7Uj+2vN8ve76BZcYpPLivN4zRfHtEPJYaCuY=",
+    "Issuer": "http://localhost:3000",
+    "Audience": "https://localhost:5001"
   },
   "Postgres": {
     "ConnectionString": "Server=localhost;Database=admin;Uid=test;Pwd=123;"

src/Vulder.Admin.Infrastructure/Configuration/AuthConfiguration.cs → src/Vulder.Admin.Core/Configuration/AuthConfiguration.cs

@@ -1,9 +1,11 @@
 using Vulder.Admin.Core.Interfaces;
 
-namespace Vulder.Admin.Infrastructure.Configuration
+namespace Vulder.Admin.Core.Configuration
 {
     public class AuthConfiguration : IAuthConfiguration
     {
         public string Key { get; set; }
+        public string Issuer { get; set; }
+        public string Audience { get; set; }
     }
 }

src/Vulder.Admin.Core/DefaultCoreModule.cs

@@ -1,4 +1,6 @@
 using Autofac;
+using Microsoft.Extensions.Configuration;
+using Vulder.Admin.Core.Configuration;
 using Vulder.Admin.Core.Interfaces;
 using Vulder.Admin.Core.Services;
 using Module = Autofac.Module;
@@ -7,11 +9,26 @@ namespace Vulder.Admin.Core
 {
     public class DefaultCoreModule : Module
     {
+        private readonly IConfiguration _configuration;
+
+        public DefaultCoreModule(IConfiguration configuration)
+        {
+            _configuration = configuration;
+        }
+
         protected override void Load(ContainerBuilder builder)
         {
-            builder.RegisterType<JwtGenerationService>()
+            builder.RegisterType<JwtService>()
                 .As<IJwtService>()
                 .InstancePerLifetimeScope();
+
+            builder.RegisterInstance(new AuthConfiguration
+                {
+                    Key = _configuration["Auth:Key"],
+                    Issuer = _configuration["Auth:Issuer"],
+                    Audience = _configuration["Auth:Audience"]
+                })
+                .As<IAuthConfiguration>();
         }
     }
 }

src/Vulder.Admin.Core/Interfaces/IAuthConfiguration.cs

@@ -3,5 +3,7 @@ namespace Vulder.Admin.Core.Interfaces
     public interface IAuthConfiguration
     {
         string Key { get; set; }
+        string Issuer { get; set; }
+        string Audience { get; set; }
     }
 }

src/Vulder.Admin.Core/Models/JwtModel.cs

@@ -1,16 +1,12 @@
+using MediatR;
 using Newtonsoft.Json;
+using Vulder.Admin.Core.ProjectAggregate.User.Dtos;
 
 namespace Vulder.Admin.Core.Models
 {
-    public class JwtModel
+    public class JwtModel : IRequest<UserSchoolListDto>
     {
-        [JsonProperty("jti")]
         public string Id { get; set; }
-
-        [JsonProperty("address")]
         public string Email { get; set; }
-
-        [JsonProperty("exp")]
-        public long Expire { get; set; }
     }
 }

src/Vulder.Admin.Core/ProjectAggregate/User/Dtos/UserSchoolListDto.cs

@@ -1,9 +1,10 @@
+using System;
 using System.Collections.Generic;
 
 namespace Vulder.Admin.Core.ProjectAggregate.User.Dtos
 {
     public class UserSchoolListDto
     {
-        public List<School.School> Schools { get; set; }
+        public Guid[] Schools { get; set; }
     }
 }

src/Vulder.Admin.Core/ProjectAggregate/User/User.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using MediatR;
 using Vulder.Admin.Core.Utils;
 using Vulder.SharedKernel;

src/Vulder.Admin.Core/Services/JwtService.cs

@@ -1,36 +1,45 @@
 using System;
-using JWT.Algorithms;
-using JWT.Builder;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
 using Microsoft.Extensions.Configuration;
+using Microsoft.IdentityModel.Tokens;
 using Vulder.Admin.Core.Interfaces;
-using Vulder.Admin.Core.Models;
 using Vulder.Admin.Core.ProjectAggregate.User;
 
 namespace Vulder.Admin.Core.Services
 {
-    public class JwtGenerationService : IJwtService
+    public class JwtService : IJwtService
     {
-        private readonly IAuthConfiguration _configuration;
-        
-        public JwtGenerationService(IAuthConfiguration configuration)
+        private readonly IAuthConfiguration _authConfiguration;
+
+        public JwtService(IAuthConfiguration configuration)
         {
-            _configuration = configuration;
+            _authConfiguration = configuration;
         }
 
         public string GetGeneratedJwtToken(UserDto userDto)
-            => JwtBuilder.Create()
-                .WithAlgorithm(new HMACSHA512Algorithm())
-                .WithSecret(_configuration.Key)
-                .AddClaim(ClaimName.JwtId, userDto.Id)
-                .AddClaim(ClaimName.Address, userDto.Email)
-                .AddClaim(ClaimName.ExpirationTime, DateTimeOffset.UtcNow.AddHours(1).ToUnixTimeSeconds())
-                .Encode();
-
-        public JwtModel GetUserDataFromJwtToken(string token)
-            => JwtBuilder.Create()
-                .WithAlgorithm(new HMACSHA512Algorithm())
-                .WithSecret(_configuration.Key)
-                .MustVerifySignature()
-                .Decode<JwtModel>(token);
+        {
+            var tokenHandler = new JwtSecurityTokenHandler();
+            var tokenDescriptor = new SecurityTokenDescriptor
+            {
+                Subject = new ClaimsIdentity(new[]
+                {
+                    new Claim(ClaimTypes.PrimarySid, userDto.Id.ToString()),
+                    new Claim(ClaimTypes.Email, userDto.Email)
+                }),
+                Expires = DateTime.UtcNow.AddHours(2),
+                Issuer = _authConfiguration.Issuer,
+                Audience = _authConfiguration.Audience,
+                SigningCredentials = new SigningCredentials(
+                    new SymmetricSecurityKey(
+                        Encoding.UTF8.GetBytes(_authConfiguration.Key)
+                    ),
+                    SecurityAlgorithms.HmacSha256Signature
+                )
+            };
+            var token = tokenHandler.CreateToken(tokenDescriptor);
+            return tokenHandler.WriteToken(token);
+        }
     }
 }

src/Vulder.Admin.Core/Vulder.Admin.Core.csproj

@@ -8,7 +8,7 @@
     <PackageReference Include="Autofac" Version="6.2.0" />
     <PackageReference Include="BCrypt.Net-Next" Version="4.0.2" />
     <PackageReference Include="FluentValidation" Version="10.3.0" />
-    <PackageReference Include="JWT" Version="8.4.0-beta1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.9" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="5.0.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="Vulder.SharedKernel" Version="0.1.5" />

src/Vulder.Admin.Infrastructure/Data/AppDbContext.cs

@@ -1,9 +1,5 @@
 using System.Reflection;
-using System.Threading;
-using System.Threading.Tasks;
-using MediatR;
 using Microsoft.EntityFrameworkCore;
-using Vulder.Admin.Core.ProjectAggregate.School;
 using Vulder.Admin.Core.ProjectAggregate.User;
 
 namespace Vulder.Admin.Infrastructure.Data
@@ -12,7 +8,6 @@ public class AppDbContext : DbContext
     {
         private readonly string _postgresConnectionString;
         public DbSet<User> Users { get; set; }
-        public DbSet<School> Schools { get; set; }
 
         public AppDbContext(string postgresConnectionString)
         {