Set API authentication using Auth0. API endpoints require Authorized JWT

Controllers/AppUsersController.cs

@@ -1,15 +1,15 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
 using TicketManager.Models;
+using Microsoft.AspNetCore.Authorization;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/v1/[controller]")]
     [ApiController]
     public class UsersController : ControllerBase

Controllers/AssignmentsController.cs

@@ -1,8 +1,7 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@@ -10,6 +9,7 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/[controller]")]
     [ApiController]
     public class AssignmentsController : ControllerBase

Controllers/FilesController.cs

@@ -1,8 +1,7 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@@ -10,6 +9,7 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/v1/[controller]")]
     [ApiController]
     public class FilesController : ControllerBase

Controllers/HistoriesController.cs

@@ -1,8 +1,7 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@@ -10,6 +9,7 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/v1/[controller]")]
     [ApiController]
     public class HistoriesController : ControllerBase

Controllers/NotesController.cs

@@ -1,8 +1,7 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@@ -10,6 +9,7 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/v1/[controller]")]
     [ApiController]
     public class NotesController : ControllerBase

Controllers/ProjectsController.cs

@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -8,6 +9,8 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    // [Authorize(Roles = "Admin")]
+    [Authorize]
     [Produces("application/json")]
     [Route("api/v1/[controller]")]
     [ApiController]

Controllers/TicketsController.cs

@@ -1,8 +1,6 @@
-using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@@ -10,6 +8,7 @@ using TicketManager.Models;
 
 namespace TicketManager.Controllers
 {
+    [Authorize]
     [Route("api/v1/[controller]")]
     [ApiController]
     public class TicketsController : ControllerBase

README.md

@@ -41,7 +41,5 @@
 - Ensure Tickets Edits belong to Project Edits
 - Ensure Tickets Files belong to Project Files
 - Async model methods ?
-- setMembers & removeMembers from project api not working
-- Write a query class to refactor code and optimize perf on get queries (AsNoTracking)
-- repository + strategy to decouple controllers from DbContext. Easier testing
 - update assignments automatically from context
+- use PATCH instead of PUT

Scripts/cleanDevDb.sh

@@ -1,5 +0,0 @@
-rm -r Migrations
-rm app.db
-dotnet ef migrations add Migration1 
-dotnet ef database update
-dotnet run

Scripts/scaffoldControllers.sh

@@ -1,6 +0,0 @@
-rm Controllers/AppUsersController.cs
-rm Controllers/TicketsController.cs
-rm Controllers/ProjectsController.cs
-dotnet aspnet-codegenerator controller -name AppUsersController -async -api -m AppUser -dc AppDbContext -outDir Controllers  
-dotnet aspnet-codegenerator controller -name TicketsController -async -api -m Ticket -dc AppDbContext -outDir Controllers  
-dotnet aspnet-codegenerator controller -name ProjectsController -async -api -m Project -dc AppDbContext -outDir Controllers  

Startup.cs

@@ -19,6 +19,7 @@ using TicketManager.Data;
 using TicketManager.Models;
 using Microsoft.AspNetCore.Mvc.NewtonsoftJson;
 using Newtonsoft.Json;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 [assembly: ApiController]
 namespace TicketManager
@@ -32,7 +33,6 @@ namespace TicketManager
 
         public IConfiguration Configuration { get; }
 
-        // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddDbContext<AppDbContext>(options =>
@@ -40,12 +40,26 @@ namespace TicketManager
             services.AddScoped<IProjectRepository, ProjectRepository>();
             services.AddScoped<IAppUserRepository, AppUserRepository>();
             services.AddScoped<ITicketRepository, TicketRepository>();
-            services.AddControllers()
-            .AddNewtonsoftJson(options =>
+
+            services.AddAuthentication(options =>
             {
-                options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; // avoid cycle ref errors
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+            }).AddJwtBearer(options =>
+            {
+                options.Authority = "https://dev-fyjrvohx.auth0.com/";
+                options.Audience = "https://localhost:5001/api/V1/";
+                //options.Authority = $"https://{Configuration["Auth0:Domain"]}/";
+                //options.Audience = Configuration["Auth0:Audience"];
             });
 
+            services.AddControllers()
+                .AddNewtonsoftJson(options =>
+                    {
+                        options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; // avoid cycle ref errors
+                    }
+                );
+
             services.AddSpaStaticFiles(configuration =>
             {
                 configuration.RootPath = "client/build";
@@ -72,17 +86,12 @@ namespace TicketManager
             services.AddSwaggerGenNewtonsoftSupport(); // explicit opt-in - needs to be placed after AddSwaggerGen()
         }
 
-
-
-        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
         {
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
-                var repository = serviceProvider.GetRequiredService<IProjectRepository>();
-
-                // InitializeDatabaseAsync(repository).Wait()
+                // var repository = serviceProvider.GetRequiredService<IProjectRepository>();
             }
             else
             {
@@ -92,7 +101,6 @@ namespace TicketManager
             app.UseHttpsRedirection();
             app.UseDefaultFiles();
 
-
             app.UseSwagger();
 
             app.UseSwaggerUI(c =>
@@ -100,11 +108,9 @@ namespace TicketManager
                 c.SwaggerEndpoint("/swagger/v1/swagger.json", "Ticket Manager API v1");
             });
 
-
-
             app.UseSpaStaticFiles();
             app.UseRouting();
-
+            app.UseAuthentication();
             app.UseAuthorization();
 
             app.UseEndpoints(endpoints =>
@@ -124,8 +130,3 @@ namespace TicketManager
         }
     }
 }
-
-
-
-
-

TicketManager.csproj

@@ -16,6 +16,9 @@
     <ItemGroup>
     </ItemGroup>
     <ItemGroup>
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.2.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.2" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.2" />
         <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="3.1.1" />

appsettings.json

@@ -10,5 +10,9 @@
   "AllowedHosts": "*",
   "ConnectionStrings": {
     "Sqlite": "Data Source=app.db"
+  },
+  "Auth0": {
+    "Domain": "https://dev-fyjrvohx.auth0.com/",
+    "Audience": "https://localhost:5001/api/V1/"
   }
 }

client/src/react-app-env.d.ts

@@ -1 +0,0 @@
-/// <reference types="react-scripts" />