Signal R + custom token

Author: fdonnet

UbikLink.AppHost/Program.cs

@@ -19,6 +19,7 @@
 var authTokenStoreKey = builder.AddParameter("auth-token-store-key", secret: true);
 var authRegisterAuthorizationKey = builder.AddParameter("auth-register-authorization-key", secret: true);
 var emailActivationEnable = builder.AddParameter("email-activation-enable", secret: false);
+var hubSignSecureKey = builder.AddParameter("hub-signtoken-key", secret: true);
 
 //Postgres (local)
 var db = builder.AddPostgres("ubiklink-postgres", postgresUsername, postgresPassword)
@@ -56,12 +57,21 @@
     .WithEnvironment("Messaging__RabbitUser", rabbitUser)
     .WithEnvironment("Messaging__RabbitPassword", rabbitPassword)
     .WithEnvironment("AuthRegister__Key", authRegisterAuthorizationKey)
+    .WithEnvironment("AuthRegister__HubSignSecureKey", hubSignSecureKey)
     .WithEnvironment("AuthRegister__EmailActivationActivated", emailActivationEnable)
     .WithReference(securityDB)
     .WaitFor(securityDB)
     .WithReference(rabbitmq)
     .WithReference(serviceBus);
 
+//Hub
+var hub = builder.AddProject<Projects.UbikLink_Commander>("ubiklink-commander")
+    .WithEnvironment("AuthRegister__HubSignSecureKey", hubSignSecureKey)
+    .WithReference(securityDB)
+    .WaitFor(securityDB)
+    .WithReference(rabbitmq)
+    .WithReference(serviceBus);
+
 //Proxy
 var proxy = builder.AddProject<Projects.UbikLink_Proxy>("ubiklink-proxy")
     .WithEnvironment("Proxy__Token",securitytoken)
@@ -76,8 +86,10 @@
     .WithReference(cache)
     .WithReference(serviceBus)
     .WithReference(rabbitmq)
+    .WithReference(hub)
     .WaitFor(cache)
     .WaitFor(securityApi)
+    .WaitFor(hub)
     .WaitFor(keycloak);
 
 //.WithReference(rabbitmq)
@@ -105,6 +117,7 @@
     .WithEnvironment("Messaging__RabbitUser", rabbitUser)
     .WithEnvironment("Messaging__RabbitPassword", rabbitPassword);
 
+
 //Add npm sevltekit project (not work with fnm.... because of path)
 //builder.AddNpmApp("svelte-ui", "../svelte-link-ui","dev")
 //    .WithEnvironment("BROWSER", "none")

UbikLink.AppHost/UbikLink.AppHost.csproj

@@ -23,6 +23,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\UbikLink.Commander\UbikLink.Commander.csproj" />
     <ProjectReference Include="..\UbikLink.Proxy\UbikLink.Proxy.csproj" />
     <ProjectReference Include="..\UbikLink.Security.Api\UbikLink.Security.Api.csproj" />
     <ProjectReference Include="..\UbikLink.Security.UI\UbikLink.Security.UI.csproj" />

UbikLink.AppHost/appsettings.json

@@ -34,5 +34,6 @@
   "Parameters:keycloak-password": "admin",
   "Parameters:auth-token-store-key": "Ye6Y36ocA4SaGqYzd0HgmqMhVaM2jlkE",
   "Parameters:auth-register-authorization-key": "Ye6Y36oddddcA4SaGqYzd0HgmqMhVaM2jlkE",
-  "Parameters:email-activation-enable": "false"
+  "Parameters:email-activation-enable": "false",
+  "Parameters:hub-signtoken-key": "0YksXysNolWIH4K0dRzhZm/pv/q+TDVUujmCIsm/nlI="
 }

UbikLink.Commander/Program.cs

@@ -0,0 +1,89 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using UbikLink.Commander.Test;
+using UbikLink.Common.Api;
+using UbikLink.Common.Auth;
+
+//var SecurityKey = new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(32));
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.AddServiceDefaults();
+
+// Add services to the container.
+// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
+//builder.Services.AddOpenApi();
+builder.Services.AddSignalR();
+builder.Services.AddCors();
+
+var keys = new AuthRegisterAuthKey();
+builder.Configuration.GetSection(AuthRegisterAuthKey.Position).Bind(keys);
+var SecurityKey = new SymmetricSecurityKey(Convert.FromBase64String(keys.HubSignSecureKey));
+
+
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.TokenValidationParameters =
+        new TokenValidationParameters
+        {
+            LifetimeValidator = (before, expires, token, parameters) => expires > DateTime.UtcNow,
+            ValidateAudience = false,
+            ValidateIssuer = false,
+            ValidateActor = false,
+            ValidateLifetime = true,
+            IssuerSigningKey = SecurityKey
+        };
+
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                var accessToken = context.Request.Query["access_token"];
+
+                if (!string.IsNullOrEmpty(accessToken))
+                {
+                    context.Token = context.Request.Query["access_token"];
+                }
+                return Task.CompletedTask;
+            }
+        };
+    });
+
+builder.Services.AddAuthorizationBuilder()
+    .AddPolicy(JwtBearerDefaults.AuthenticationScheme, policy =>
+    {
+        policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme);
+        policy.RequireClaim(ClaimTypes.NameIdentifier);
+        policy.RequireClaim(ClaimTypes.UserData);
+    });
+
+
+var app = builder.Build();
+
+app.MapDefaultEndpoints();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    //app.MapOpenApi();
+}
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.UseCors(x => x
+           .AllowAnyMethod()
+           .AllowAnyHeader()
+           .SetIsOriginAllowed(origin => true)
+           .AllowCredentials());
+
+app.MapHub<ChatHub>("/chat");
+
+//app.UseHttpsRedirection();
+
+
+app.Run();

UbikLink.Commander/Properties/launchSettings.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "http://localhost:5122",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "https://localhost:7036;http://localhost:5122",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

UbikLink.Commander/Test/ChatHub.cs

@@ -0,0 +1,40 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.SignalR;
+using System.Security.Claims;
+
+namespace UbikLink.Commander.Test
+{
+    [Authorize]
+    public class ChatHub : Hub<IChatClient>
+    {
+        public override Task OnConnectedAsync()
+        {
+            var userId = Context.User?.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
+            var tenantId = Context.User?.Claims.FirstOrDefault(c => c.Type == ClaimTypes.UserData)?.Value;
+
+            if (userId == null || tenantId == null)
+            {
+                Context.Abort();
+                return Task.CompletedTask;
+            }
+
+            return base.OnConnectedAsync();
+        }
+
+        public override Task OnDisconnectedAsync(Exception? exception)
+        {
+            return base.OnDisconnectedAsync(exception);
+        }
+
+        public async Task SendMessage(string user, string message)
+        {
+            await Clients.All.ReceiveMessage(user,message);
+        }
+    }
+
+    public interface IChatClient
+    {
+        Task ReceiveMessage(string user, string message);
+    }
+}

UbikLink.Commander/UbikLink.Commander.csproj

@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\UbikLink.Common\UbikLink.Common.csproj" />
+    <ProjectReference Include="..\UbikLink.ServiceDefaults\UbikLink.ServiceDefaults.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Folder Include="Auth\" />
+  </ItemGroup>
+
+</Project>

UbikLink.Commander/UbikLink.Commander.http

@@ -0,0 +1,6 @@
+@UbikLink.Commander_HostAddress = http://localhost:5122
+
+GET {{UbikLink.Commander_HostAddress}}/weatherforecast/
+Accept: application/json
+
+###

UbikLink.Commander/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

UbikLink.Commander/appsettings.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}