change port for identify svc + add auth in catalog svc

src/CatalogService/CatalogService.csproj

@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.16" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.15">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

src/CatalogService/Controllers/ExercicesController.cs

@@ -2,6 +2,7 @@ using AutoMapper;
 using CatalogService.Data;
 using CatalogService.DTOs;
 using CatalogService.Entities;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using Shared.DTOs;
@@ -20,19 +21,25 @@ public class ExercicesController : ControllerBase
         _context = context;
         _mapper = mapper;
     }
-
+    
+    [Authorize]
     [HttpPost]
     public async Task<IActionResult> Create([FromBody] CreateExerciceTemplateDto dto)
     {
+        if (User.Identity.Name != "admin") return Forbid();
+        
         var exercice = _mapper.Map<Exercice>(dto);
         _context.Exercices.Add(exercice);
         await _context.SaveChangesAsync();
         return CreatedAtAction(nameof(GetById), new { id = exercice.Id }, _mapper.Map<ExerciceTemplateDto>(exercice));
     }
 
+    [Authorize]
     [HttpPut("{id}")]
     public async Task<IActionResult> Update(string id, [FromBody] UpdateExerciceTemplateDto dto)
     {
+        if (User.Identity.Name != "admin") return Forbid();
+        
         var exercice = await _context.Exercices.FindAsync(id);
         if (exercice == null) return NotFound();
 
@@ -42,9 +49,12 @@ public class ExercicesController : ControllerBase
         return NoContent();
     }
 
+    [Authorize]
     [HttpDelete("{id}")]
     public async Task<IActionResult> Delete(string id)
     {
+        if (User.Identity.Name != "admin") return Forbid();
+        
         var exercice = await _context.Exercices.FindAsync(id);
         if (exercice == null) return NotFound();
 
@@ -53,9 +63,12 @@ public class ExercicesController : ControllerBase
         return NoContent();
     }
 
+    [Authorize]
     [HttpGet("{id}")]
     public async Task<ActionResult<ExerciceTemplateDto>> GetById(string id)
     {
+        if (User.Identity.Name != "admin") return Forbid();
+        
         var exercice = await _context.Exercices.FindAsync(id);
         if (exercice == null) return NotFound();
 

src/CatalogService/Program.cs

@@ -1,4 +1,5 @@
 using CatalogService.Data;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -11,10 +12,17 @@ builder.Services.AddDbContext<CatalogDbContext>(opt =>
 
 });
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
-
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.Authority = builder.Configuration["IdentityServiceUrl"];
+        options.RequireHttpsMetadata = false;
+        options.TokenValidationParameters.ValidateAudience = false;
+        options.TokenValidationParameters.NameClaimType = "username";
+    });
 
 var app = builder.Build();
-
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

src/IdentitySvc/Properties/launchSettings.json

@@ -6,7 +6,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "http://localhost:5001"
+      "applicationUrl": "http://localhost:7003"
     }
   }
 }