using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; using Teso_API.Models; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using FirebaseAdmin.Auth; using Teso_API.Methods; namespace Teso_API.Controllers { [Route("api/[controller]")] [ApiController] public class TokensController : ControllerBase { public IConfiguration _configuration; private readonly TESOContext _context; readonly ITokenService tokenService; public TokensController(IConfiguration config, TESOContext context, ITokenService tokenService) { _configuration = config; _context = context; this.tokenService = tokenService ?? throw new ArgumentNullException(nameof(tokenService)); } [HttpPost] public async Task> Post(UserAuth _userData) { if (_userData != null && _userData.Username != null && _userData.Password != null) { var user = await GetUser(_userData.Username, _userData.Password); if (user != null) { TesoUserDetail detail = await _context.TesoUserDetails.AsQueryable().Where(usr => usr.UserGUID == user.UserGUID).FirstOrDefaultAsync(); int friends = await _context.Relationships.AsQueryable().Where(t => t.UserGuid == user.UserGUID).CountAsync(); UserFinance finance = await _context.UserFinances.AsQueryable().Where(usr => usr.UserGUID == user.UserGUID).FirstOrDefaultAsync(); if (finance == null) { finance = new UserFinance(); finance.Gold = 0; finance.Silver = 0; } TesoUser tesouser = new TesoUser(); tesouser.userGUID = detail.UserGUID; tesouser.username = detail.Username; tesouser.firstname = detail.Firstname; tesouser.lastname = detail.Surname; tesouser.description = detail.Description; tesouser.email = detail.Email; tesouser.phonenumber = detail.Phonenumber.HasValue ? detail.Phonenumber.Value.ToString() : ""; tesouser.address = detail.Address; tesouser.thumbnail_dp = detail.ThumbnailDp; tesouser.DateOfBirth = detail.DateOfBirth; tesouser.country = detail.Country; tesouser.gender = detail.Gender; tesouser.gold = finance.Gold.ToString(); tesouser.silver = finance.Silver.ToString(); tesouser.friends = friends.ToString(); int timestamp_issued = (int)new DateTimeOffset(DateTimeOffset.UtcNow.DateTime).ToUnixTimeMilliseconds(); int timestamp_expires = (int)new DateTimeOffset(DateTimeOffset.UtcNow.DateTime.AddDays(14)).ToUnixTimeMilliseconds(); int timestamp_issuednbf = (int)new DateTimeOffset(DateTimeOffset.UtcNow.DateTime.AddMinutes(1)).ToUnixTimeMilliseconds(); //create claims details based on the user information var claims = new[] { new Claim(JwtRegisteredClaimNames.Iat, timestamp_issued.ToString()), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iss, ServerLocation.issuer), new Claim(JwtRegisteredClaimNames.Exp, timestamp_expires.ToString()), new Claim(JwtRegisteredClaimNames.Nbf, timestamp_issuednbf.ToString()), new Claim(JwtRegisteredClaimNames.Sub, user.UserGUID.ToString()), new Claim("username", user.Username.ToString()), new Claim("userGUID", user.UserGUID.ToString()), new Claim("deviceToken", _userData.DeviceToken), // new Claim("access_level",user.AccessLevel), }; //var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ServerLocation.key)); //var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); //var token = new JwtSecurityToken(ServerLocation.issuer, ServerLocation.audience, claims, expires: DateTime.UtcNow.AddDays(14), signingCredentials: signIn); string tokenwriter = this.tokenService.GenerateAccessToken(claims); Models.TokenHandler handler = new Models.TokenHandler(); handler.tokenTeso = tokenwriter; handler.user = tesouser; user.DeviceToken = _userData.DeviceToken; _context.Entry(user).State = EntityState.Modified; try { string customToken = await FirebaseAuth.DefaultInstance.CreateCustomTokenAsync(detail.UserGUID); handler.tokenFirebase = customToken; await _context.SaveChangesAsync(); } catch { } return handler; } else { return BadRequest("Invalid credentials"); } } else { return Unauthorized(); } } private async Task GetUser(string username, string password) { string pa = await _context.UserAuths.AsQueryable().Where(u => u.Username == username && u.Status == "verified").Select(u => u.Password).FirstAsync(); bool verified = passwordEncryption.Decrypt(pa) == password; if (verified) { return await _context.UserAuths.AsQueryable().FirstOrDefaultAsync(u => u.Username == username); } else { return null; } } } }