First Commit

JobTrackerApi/Services/TokenService.cs

@@ -0,0 +1,73 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using JobTrackerApi.Models;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Configuration;
+using Microsoft.IdentityModel.Tokens;
+
+namespace JobTrackerApi.Services;
+
+public interface ITokenService
+{
+    Task<string> CreateAccessTokenAsync(ApplicationUser user, CancellationToken cancellationToken = default);
+}
+
+public sealed class TokenService : ITokenService
+{
+    private readonly IConfiguration _cfg;
+    private readonly UserManager<ApplicationUser> _users;
+
+    public TokenService(IConfiguration cfg, UserManager<ApplicationUser> users)
+    {
+        _cfg = cfg;
+        _users = users;
+    }
+
+    public async Task<string> CreateAccessTokenAsync(ApplicationUser user, CancellationToken cancellationToken = default)
+    {
+        var jwtKey = (_cfg["Auth:JwtKey"] ?? "").Trim();
+        if (string.IsNullOrWhiteSpace(jwtKey))
+        {
+            throw new InvalidOperationException("Auth:JwtKey is not configured.");
+        }
+
+        var issuer = (_cfg["Auth:JwtIssuer"] ?? "JobTrackerApi").Trim();
+        var audience = (_cfg["Auth:JwtAudience"] ?? "job-tracker-ui").Trim();
+
+        var minutes = _cfg.GetValue("Auth:JwtExpiresMinutes", 60 * 12);
+        if (minutes < 5) minutes = 5;
+        if (minutes > 60 * 24 * 30) minutes = 60 * 24 * 30;
+
+        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey));
+        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
+
+        var roles = await _users.GetRolesAsync(user);
+
+        var claims = new List<Claim>
+        {
+            new(ClaimTypes.NameIdentifier, user.Id),
+        };
+
+        if (!string.IsNullOrWhiteSpace(user.Email))
+            claims.Add(new Claim(ClaimTypes.Email, user.Email));
+        if (!string.IsNullOrWhiteSpace(user.UserName))
+            claims.Add(new Claim(ClaimTypes.Name, user.UserName));
+
+        foreach (var r in roles)
+            claims.Add(new Claim(ClaimTypes.Role, r));
+
+        var now = DateTime.UtcNow;
+
+        var token = new JwtSecurityToken(
+            issuer: issuer,
+            audience: audience,
+            claims: claims,
+            notBefore: now.AddSeconds(-5),
+            expires: now.AddMinutes(minutes),
+            signingCredentials: creds
+        );
+
+        return new JwtSecurityTokenHandler().WriteToken(token);
+    }
+}