Star-Academy · mobinbr · Aug 22, 2024 · Aug 22, 2024
diff --git a/src/Application/Interfaces/IJwtGenerator.cs b/src/Application/Interfaces/IJwtGenerator.cs
diff --git a/src/Application/Interfaces/ITokenService.cs b/src/Application/Interfaces/ITokenService.cs
@@ -0,0 +1,10 @@
+using Domain.Entities;
+
+namespace Application.Interfaces;
+
+public interface ITokenService
+{
+    string GenerateToken(AppUser user, string role);
+    Task<bool> IsTokenInvalidatedAsync(string token);
+    Task AddInvalidatedTokenAsync(string token);
+}
diff --git a/src/Application/Interfaces/Services/IIdentityService.cs b/src/Application/Interfaces/Services/IIdentityService.cs
@@ -12,4 +12,5 @@ public interface IIdentityService
     Task<Result<LoginUserResponse>> Login(LoginUserRequest loginDto);
     Task<Result> ChangeRole(ChangeRoleRequest changeRoleRequest);
     Task<List<GetUserResponse>> GetUsersAsync();
+    Task<Result> Logout(string token);
 }
diff --git a/src/Application/Services/DomainService/IdentityService.cs b/src/Application/Services/DomainService/IdentityService.cs
@@ -16,14 +16,14 @@ public class IdentityService : IIdentityService
 {
     private readonly IUserManagerRepository _userManagerRepository;
     private readonly IRoleManagerRepository _roleManagerRepository;
-    private readonly IJwtGenerator _jwtGenerator;
+    private readonly ITokenService _tokenService;
     public IdentityService(IUserManagerRepository userManagerRepository,
         IRoleManagerRepository roleManagerRepository,
-        IJwtGenerator jwtGenerator)
+        ITokenService tokenService)
     {
         _userManagerRepository = userManagerRepository;
         _roleManagerRepository = roleManagerRepository;
-        _jwtGenerator = jwtGenerator;
+        _tokenService = tokenService;
     }
 
     public async Task<Result<CreateUserResponse>> SignUpUser(CreateUserRequest createUserRequest)
@@ -74,7 +74,7 @@ public async Task<Result<LoginUserResponse>> Login(LoginUserRequest loginUserReq
         if (!succeed) return Result<LoginUserResponse>.Fail("Username/Email not found and/or password incorrect");
 
         var role = await _userManagerRepository.GetRoleAsync(appUser);
-        var token = _jwtGenerator.GenerateToken(appUser, role);
+        var token = _tokenService.GenerateToken(appUser, role);
 
         return Result<LoginUserResponse>.Ok(appUser.ToLoginUserResponse(role, token));
     }
@@ -108,4 +108,10 @@ public async Task<List<GetUserResponse>> GetUsersAsync()
 
         return userWithRoles;
     }
+
+    public async Task<Result> Logout(string token)
+    {
+        await _tokenService.AddInvalidatedTokenAsync(token);
+        return Result.Ok();
+    }
 }
diff --git a/src/Web/Controllers/IdentityController.cs b/src/Web/Controllers/IdentityController.cs
@@ -88,4 +88,18 @@ public async Task<IActionResult> GetUsersAsync()
 
         return Ok(appUsersWithRoles);
     }
+
+    [HttpPost]
+    [Authorize]
+    public async Task<IActionResult> Logout()
+    {
+        var token = Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
+        var result = await _identityService.Logout(token);
+        if (!result.Succeed)
+        {
+            return BadRequest(Errors.New(nameof(Logout), result.Message));
+        }
+
+        return Ok("Logged out successfully!");
+    }
 }
diff --git a/src/Web/Identity/RequiresClaimAttribute.cs b/src/Web/Identity/RequiresClaimAttribute.cs
@@ -19,6 +19,12 @@ public void OnAuthorization(AuthorizationFilterContext context)
     {
         var user = context.HttpContext.User;
 
+        if (user.Identity is { IsAuthenticated: false })
+        {
+            context.Result = new UnauthorizedResult();
+            return;
+        }
+
         var hasRequiredRole = _roles.Any(role => user.HasClaim(_claimName, role));
 
         if (!hasRequiredRole)

diff --git a/src/Web/Middleware/TokenValidationMiddleware.cs b/src/Web/Middleware/TokenValidationMiddleware.cs
@@ -0,0 +1,35 @@
+using Application.Interfaces;
+
+namespace Web.Middleware;
+
+public class TokenValidationMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly IServiceProvider _serviceProvider;
+
+    public TokenValidationMiddleware(RequestDelegate next, IServiceProvider serviceProvider)
+    {
+        _next = next;
+        _serviceProvider = serviceProvider;
+    }
+
+    public async Task InvokeAsync(HttpContext context)
+    {
+        // Create a scope to resolve scoped services
+        using var scope = _serviceProvider.CreateScope();
+        var tokenService = scope.ServiceProvider.GetRequiredService<ITokenService>();
+
+        var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
+        if (authHeader != null && authHeader.StartsWith("Bearer "))
+        {
+            var token = authHeader.Substring("Bearer ".Length).Trim();
+            if (await tokenService.IsTokenInvalidatedAsync(token))
+            {
+                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                return;
+            }
+        }
+
+        await _next(context);
+    }
+}
diff --git a/src/Web/Services/JwtGeneratorService.cs → src/Web/Services/TokenService.cs b/src/Web/Services/JwtGeneratorService.cs → src/Web/Services/TokenService.cs
@@ -1,45 +1,60 @@
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
-using Application.Interfaces;
-using Domain.Entities;
-using Microsoft.IdentityModel.Tokens;
-using Web.Identity;
-
-namespace Web.Services;
-
-public class JwtGeneratorService : IJwtGenerator
-{
-    private readonly IConfiguration _configuration;
-    private readonly SymmetricSecurityKey _symmetricSecurityKey;
-    public JwtGeneratorService(IConfiguration configuration)
-    {
-        _configuration = configuration;
-        _symmetricSecurityKey = new SymmetricSecurityKey(
-            System.Text.Encoding.UTF8.GetBytes(_configuration["JwtSettings:Key"])
-        );
-    }
-    public string GenerateToken(AppUser user, string role)
-    {
-        var claims = new List<Claim>
-        {
-            new Claim(JwtRegisteredClaimNames.Sub, user.Email),
-            new Claim(Claims.UserId, user.Id),
-            new Claim(Claims.Role, role)
-        };
-
-        var credentials = new SigningCredentials(_symmetricSecurityKey, SecurityAlgorithms.HmacSha512Signature);
-
-        var tokenDescriptor = new SecurityTokenDescriptor
-        {
-            Subject = new ClaimsIdentity(claims),
-            Expires = DateTime.Now.AddHours(8),
-            SigningCredentials = credentials,
-            Issuer = _configuration["JwtSettings:Issuer"],
-            Audience = _configuration["JwtSettings:Audience"]
-        };
-
-        var tokenHandler = new JwtSecurityTokenHandler();
-        var token = tokenHandler.CreateToken(tokenDescriptor);
-        return tokenHandler.WriteToken(token);
-    }
+using System.Collections.Concurrent;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using Application.Interfaces;
+using Domain.Entities;
+using Microsoft.IdentityModel.Tokens;
+using Web.Identity;
+
+namespace Web.Services;
+
+public class TokenService : ITokenService
+{
+    private readonly IConfiguration _configuration;
+    private readonly SymmetricSecurityKey _symmetricSecurityKey;
+    private static readonly ConcurrentDictionary<string, DateTime> _invalidatedTokens = new();
+
+    public TokenService(IConfiguration configuration)
+    {
+        _configuration = configuration;
+        _symmetricSecurityKey = new SymmetricSecurityKey(
+            System.Text.Encoding.UTF8.GetBytes(_configuration["JwtSettings:Key"])
+        );
+    }
+
+    public string GenerateToken(AppUser user, string role)
+    {
+        var claims = new List<Claim>
+        {
+            new Claim(JwtRegisteredClaimNames.Sub, user.Email),
+            new Claim(Claims.UserId, user.Id),
+            new Claim(Claims.Role, role)
+        };
+
+        var credentials = new SigningCredentials(_symmetricSecurityKey, SecurityAlgorithms.HmacSha512Signature);
+
+        var tokenDescriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(claims),
+            Expires = DateTime.Now.AddHours(8),
+            SigningCredentials = credentials,
+            Issuer = _configuration["JwtSettings:Issuer"],
+            Audience = _configuration["JwtSettings:Audience"]
+        };
+
+        var tokenHandler = new JwtSecurityTokenHandler();
+        var token = tokenHandler.CreateToken(tokenDescriptor);
+        return tokenHandler.WriteToken(token);
+    }
+
+    public Task<bool> IsTokenInvalidatedAsync(string token)
+    {
+        return Task.FromResult(_invalidatedTokens.ContainsKey(token));
+    }
+
+    public Task AddInvalidatedTokenAsync(string token)
+    {
+        _invalidatedTokens[token] = DateTime.UtcNow;
+        return Task.CompletedTask;
+    }
 }
diff --git a/src/Web/Startup/MiddlewareExtensions.cs b/src/Web/Startup/MiddlewareExtensions.cs
@@ -1,4 +1,6 @@
-namespace Web.Startup;
+using Web.Middleware;
+
+namespace Web.Startup;
 
 public static class MiddlewareExtensions
 {
@@ -12,8 +14,12 @@ public static WebApplication UseMiddlewareServices(this WebApplication app)
 
         app.UseHttpsRedirection();
         app.UseCors("AllowSpecificOrigins");
+
+        app.UseMiddleware<TokenValidationMiddleware>();
+
         app.UseAuthentication();
         app.UseAuthorization();
+
         app.MapControllers();
 
         return app;

diff --git a/src/Web/Startup/ServiceExtensions.DI.cs b/src/Web/Startup/ServiceExtensions.DI.cs
@@ -11,7 +11,7 @@ public static partial class ServiceExtensions
 {
     public static void AddApplicationServices(this IServiceCollection services)
     {
-        services.AddScoped<IJwtGenerator, JwtGeneratorService>();
+        services.AddScoped<ITokenService, TokenService>();
         services.AddScoped<IRoleManagerRepository, RoleManagerRepository>();
         services.AddScoped<IUserManagerRepository, UserManagerRepository>();
         services.AddScoped<IIdentityService, IdentityService>();

diff --git a/test/Application.UnitTests/Services/DomainService/IdentityServiceTests.cs b/test/Application.UnitTests/Services/DomainService/IdentityServiceTests.cs
@@ -18,15 +18,15 @@ public class IdentityServiceTests
 {
     private readonly IUserManagerRepository _userManagerRepository;
     private readonly IRoleManagerRepository _roleManagerRepository;
-    private readonly IJwtGenerator _jwtGenerator;
+    private readonly ITokenService _tokenService;
     private readonly IdentityService _identityService;
 
     public IdentityServiceTests()
     {
         _userManagerRepository = Substitute.For<IUserManagerRepository>();
         _roleManagerRepository = Substitute.For<IRoleManagerRepository>();
-        _jwtGenerator = Substitute.For<IJwtGenerator>();
-        _identityService = new IdentityService(_userManagerRepository, _roleManagerRepository, _jwtGenerator);
+        _tokenService = Substitute.For<ITokenService>();
+        _identityService = new IdentityService(_userManagerRepository, _roleManagerRepository, _tokenService);
     }
 
     // Signup Tests
@@ -230,7 +230,7 @@ public async Task Login_WhenLoginSucceeds_ReturnsSuccessResult()
             .Returns(Task.FromResult(true));
         _userManagerRepository.GetRoleAsync(appUser)
             .Returns(Task.FromResult(role));
-        _jwtGenerator.GenerateToken(appUser, role)
+        _tokenService.GenerateToken(appUser, role)
             .Returns(token);
 
         // Act