Major update to auth for MAuth

src/Server/Program.cs

@@ -7,7 +7,7 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
-using System.Text;
+using System.Security.Cryptography;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -39,15 +39,6 @@ string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd";
 DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;");
 builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) );
 
-////////////////////////////////
-////////// Auth Service ////////
-////////////////////////////////
-
-// Address
-string? _jwtSecret = Environment.GetEnvironmentVariable("JWTsecret");
-string JWTsecret = !string.IsNullOrEmpty(_jwtSecret) ? _jwtSecret : "v0Ftluhdh7Nht8^2b5eaiC^IS^VS1ku0VBs3j*B2";
-BoredCareersJWT.TokenSecretKey = JWTsecret;
-
 ////////////////////////////////
 ///////// Email Service ////////
 ////////////////////////////////
@@ -92,7 +83,26 @@ if (IPayment._PaymentType == PaymentType.StripeIntent) {
     IPayment._EndpointSecret = string.IsNullOrEmpty(StripeEndpointKey) ? "" : StripeEndpointKey;
 }
 
-// Authentication Service
+////////////////////////////////
+///////   Auth Service  ////////
+////////////////////////////////
+
+RsaSecurityKey? PublicKey = null;
+using (HttpClient client = new HttpClient()) {
+    HttpResponseMessage PublicKeyResponse = await client.GetAsync("https://auth.mistox.com/api/auth/publickey");
+    if (PublicKeyResponse.IsSuccessStatusCode) {
+        string publicKey = await PublicKeyResponse.Content.ReadAsStringAsync();
+        RSA rsa = RSA.Create();
+        rsa.ImportFromPem(publicKey);
+        PublicKey = new RsaSecurityKey(rsa);
+    }
+}
+
+if (PublicKey == null) {
+    Console.WriteLine("Unable to load RSA PubKey Shutting Down");
+    Environment.Exit(100);
+}
+
 builder.Services.AddAuthentication(options => {
     options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -102,14 +112,14 @@ builder.Services.AddAuthentication(options => {
         ValidateAudience = true,
         ValidateLifetime = true,
         ValidateIssuerSigningKey = true,
-        ValidIssuer = BoredCareersJWT.TokenIssuer,
-        ValidAudience = BoredCareersJWT.TokenAudience,
-        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(BoredCareersJWT.TokenSecretKey)),
+        ValidIssuer = "https://auth.mistox.com",
+        ValidAudience = "mistox-llc-auth-token",
+        IssuerSigningKey = PublicKey,
         ClockSkew = TimeSpan.FromMinutes(1)
     };
     options.Events = new JwtBearerEvents {
         OnMessageReceived = context => {
-            context.Token = context.Request.Cookies[BoredCareersJWT.TokenName];
+            context.Token = context.Request.Cookies["mistox_session"];
             return Task.CompletedTask;
         },
         OnTokenValidated = context => {
@@ -118,10 +128,7 @@ builder.Services.AddAuthentication(options => {
                 var exp = jwtToken.ValidTo;
                 var now = DateTime.UtcNow;
                 if ((exp - now) < TimeSpan.FromDays(3)) {
-                    int accountID = Convert.ToInt32(context.Principal?.FindFirst(ClaimTypes.NameIdentifier)?.Value);
-                    bool isPersistent = bool.Parse(context.Principal?.FindFirst(ClaimTypes.IsPersistent)?.Value);
-                    var newJWT = BoredCareersJWT.GenereateJWTToken(accountID, isPersistent);
-                    BoredCareersJWT.SignIn(context.HttpContext.Response, isPersistent, newJWT);
+                    // Impliment token refresh
                 }
             }
             return Task.CompletedTask;