Change to JWT inside Secure Cookie Auth

2025-07-21 10:07:26 -07:00
parent 1687b097f8
commit bd5a909bcd
4 changed files with 98 additions and 23 deletions
@@ -5,6 +5,11 @@ using BoredCareers.Services.DatabaseService;
 using System.Threading.RateLimiting;
 using Stripe;
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using Org.BouncyCastle.Bcpg.Sig;
+using System.Text;
+using System.IdentityModel.Tokens.Jwt;

 var builder = WebApplication.CreateBuilder(args);

@@ -81,15 +86,40 @@ if (IPayment._PaymentType == PaymentType.StripeIntent) {
 }

 // Authentication Service
-builder.Services.AddAuthentication( options => {
-    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-} ).AddCookie(options => {
-    options.Cookie.HttpOnly = true;
-    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
-    options.Cookie.SameSite = SameSiteMode.Strict;
-    options.LoginPath = "/account/login";
-    options.LogoutPath = "/account/logout";
-    options.SlidingExpiration = true;
+builder.Services.AddAuthentication(options => {
+    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(options => {
+    options.TokenValidationParameters = new TokenValidationParameters {
+        ValidateIssuer = true,
+        ValidateAudience = true,
+        ValidateLifetime = true,
+        ValidateIssuerSigningKey = true,
+        ValidIssuer = "your-app",
+        ValidAudience = "your-app",
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret-key")),
+        ClockSkew = TimeSpan.FromMinutes(1)
+    };
+    options.Events = new JwtBearerEvents {
+        OnMessageReceived = context => {
+            context.Token = context.Request.Cookies["access_token"];
+            return Task.CompletedTask;
+        },
+        OnTokenValidated = context => {
+            var jwtToken = context.SecurityToken as JwtSecurityToken;
+            if (jwtToken != null) {
+                var exp = jwtToken.ValidTo;
+                var now = DateTime.UtcNow;
+                if ((exp - now) < TimeSpan.FromMinutes(5)) {
+                    int accountID = Convert.ToInt32(context.Principal?.FindFirst(ClaimTypes.NameIdentifier)?.Value);
+                    bool isPersistent = bool.Parse(context.Principal?.FindFirst(ClaimTypes.IsPersistent)?.Value);
+                    var newJWT = BoredCareersJWT.GenereateJWTToken(accountID, isPersistent);
+                    BoredCareersJWT.SignIn(context.HttpContext.Response, isPersistent, newJWT);
+                }
+            }
+            return Task.CompletedTask;
+        }
+    };
 });

 builder.Services.AddCors(o => o.AddDefaultPolicy(builder => {