From 5bb8f98f2f9ae40d8127cd3d50ec778713a45fa4 Mon Sep 17 00:00:00 2001 From: "vianney.jourdy" Date: Tue, 27 May 2025 17:27:49 +0200 Subject: [PATCH] change port for identify svc + add auth in catalog svc --- src/CatalogService/CatalogService.csproj | 1 + .../Controllers/ExercicesController.cs | 15 ++++++++++++++- src/CatalogService/Program.cs | 12 ++++++++++-- src/IdentitySvc/Properties/launchSettings.json | 2 +- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/CatalogService/CatalogService.csproj b/src/CatalogService/CatalogService.csproj index c36fcf9..ef3b228 100644 --- a/src/CatalogService/CatalogService.csproj +++ b/src/CatalogService/CatalogService.csproj @@ -13,6 +13,7 @@ + all runtime; build; native; contentfiles; analyzers; buildtransitive diff --git a/src/CatalogService/Controllers/ExercicesController.cs b/src/CatalogService/Controllers/ExercicesController.cs index deb6456..c45a807 100644 --- a/src/CatalogService/Controllers/ExercicesController.cs +++ b/src/CatalogService/Controllers/ExercicesController.cs @@ -2,6 +2,7 @@ using AutoMapper; using CatalogService.Data; using CatalogService.DTOs; using CatalogService.Entities; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Shared.DTOs; @@ -20,19 +21,25 @@ public class ExercicesController : ControllerBase _context = context; _mapper = mapper; } - + + [Authorize] [HttpPost] public async Task Create([FromBody] CreateExerciceTemplateDto dto) { + if (User.Identity.Name != "admin") return Forbid(); + var exercice = _mapper.Map(dto); _context.Exercices.Add(exercice); await _context.SaveChangesAsync(); return CreatedAtAction(nameof(GetById), new { id = exercice.Id }, _mapper.Map(exercice)); } + [Authorize] [HttpPut("{id}")] public async Task Update(string id, [FromBody] UpdateExerciceTemplateDto dto) { + if (User.Identity.Name != "admin") return Forbid(); + var exercice = await _context.Exercices.FindAsync(id); if (exercice == null) return NotFound(); @@ -42,9 +49,12 @@ public class ExercicesController : ControllerBase return NoContent(); } + [Authorize] [HttpDelete("{id}")] public async Task Delete(string id) { + if (User.Identity.Name != "admin") return Forbid(); + var exercice = await _context.Exercices.FindAsync(id); if (exercice == null) return NotFound(); @@ -53,9 +63,12 @@ public class ExercicesController : ControllerBase return NoContent(); } + [Authorize] [HttpGet("{id}")] public async Task> GetById(string id) { + if (User.Identity.Name != "admin") return Forbid(); + var exercice = await _context.Exercices.FindAsync(id); if (exercice == null) return NotFound(); diff --git a/src/CatalogService/Program.cs b/src/CatalogService/Program.cs index d702251..a541e54 100644 --- a/src/CatalogService/Program.cs +++ b/src/CatalogService/Program.cs @@ -1,4 +1,5 @@ using CatalogService.Data; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; var builder = WebApplication.CreateBuilder(args); @@ -11,10 +12,17 @@ builder.Services.AddDbContext(opt => }); builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); - +builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(options => + { + options.Authority = builder.Configuration["IdentityServiceUrl"]; + options.RequireHttpsMetadata = false; + options.TokenValidationParameters.ValidateAudience = false; + options.TokenValidationParameters.NameClaimType = "username"; + }); var app = builder.Build(); - +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/src/IdentitySvc/Properties/launchSettings.json b/src/IdentitySvc/Properties/launchSettings.json index bc14166..574583b 100644 --- a/src/IdentitySvc/Properties/launchSettings.json +++ b/src/IdentitySvc/Properties/launchSettings.json @@ -6,7 +6,7 @@ "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" }, - "applicationUrl": "http://localhost:5001" + "applicationUrl": "http://localhost:7003" } } } \ No newline at end of file