Merge pull request #2 from Invoices-Manager/dev_01

Schecher1 · web-flow · commit 952899d3c80d · 2023-06-08T14:04:06.000+02:00
Dev 01
diff --git a/Controllers/v01/UserController.cs b/Controllers/v01/UserController.cs
@@ -1,4 +1,6 @@
-﻿namespace Invoices_Manager_API.Controllers.v01
+﻿using Invoices_Manager_API.Security;
+
+namespace Invoices_Manager_API.Controllers.v01
 {
     [ApiController]
     [Route("api/v01/[controller]")]
@@ -183,6 +185,13 @@ public async Task<IActionResult> Login([FromBody] LoginModel newLogin)
             //create the login
             LoginModel successfulLogin = LoginCore.LoginUser(newLogin, user, _config);
 
+            //add it to the user 
+            user.Logins.Add(successfulLogin);
+
+            //save the jwt for the response and hash the model for the db
+            string jwt = successfulLogin.Token;
+            successfulLogin.Token = Hasher.GetSHA512Hash(jwt);
+
             //save the token
             user.Logins.Add(successfulLogin);
             await _db.SaveChangesAsync();
@@ -193,7 +202,7 @@ public async Task<IActionResult> Login([FromBody] LoginModel newLogin)
             //return the token
             return new OkObjectResult(ResponseMgr.CreateResponse(200, traceId, "The login was successful",
                 new Dictionary<string, object>{
-                    { "token", successfulLogin.Token },
+                    { "token", jwt },
                     { "creationDate", successfulLogin.CreationDate },
                     { "userName", successfulLogin.Username }
                 }
diff --git a/Filters/AuthFilter.cs b/Filters/AuthFilter.cs
@@ -1,6 +1,7 @@
 ﻿using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.AspNetCore.Mvc;
 using Invoices_Manager_API.Classes;
+using Invoices_Manager_API.Security;
 
 namespace Invoices_Manager_API.Filters
 {
@@ -25,8 +26,15 @@ public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionE
             //get the bearerToken from the header
             var bearerToken = potentialBearerToken.FirstOrDefault();
 
+            //check if (for whatever reason) the token is null
+            if (bearerToken is null)
+            {
+                context.Result = new UnauthorizedObjectResult(ResponseMgr.CreateResponse(401, Guid.NewGuid(), "Your bearerToken is not valid! Get a new one!"));
+                return;
+            }
+
             //check if this bearerToken is in the db
-            if (!_db.Logins.Any(x => x.Token == bearerToken))
+            if (!_db.Logins.Any(x => x.Token == Hasher.GetSHA512Hash(bearerToken)))
             {
                 context.Result = new UnauthorizedObjectResult(ResponseMgr.CreateResponse(401, Guid.NewGuid(), "Your bearerToken is not valid! Get a new one!"));
                 return;
diff --git a/Invoices-Manager-API.csproj b/Invoices-Manager-API.csproj
@@ -5,6 +5,8 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <RootNamespace>Invoices_Manager_API</RootNamespace>
+    <FileVersion>1.0.1.0</FileVersion>
+    <AssemblyVersion>1.0.1.0</AssemblyVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -34,4 +36,6 @@
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.27.0" />
   </ItemGroup>
 
+  <ProjectExtensions><VisualStudio><UserProperties properties_4launchsettings_1json__JsonSchema="" /></VisualStudio></ProjectExtensions>
+
 </Project>
diff --git a/Program.cs b/Program.cs
@@ -36,7 +36,7 @@
             ValidateIssuerSigningKey = true,
             ValidIssuer = builder.Configuration["Jwt:Issuer"],
             ValidAudience = builder.Configuration["Jwt:Audience"],
-            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("asdasdasdasddsa"))
+            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:SymmetricSecurityKey"]))
         };
     });
 
diff --git a/Properties/launchSettings.json b/Properties/launchSettings.json
@@ -14,7 +14,7 @@
       "dotnetRunMessages": true,
       "launchBrowser": false,
       "launchUrl": "weatherforecast",
-      "applicationUrl": "https://localhost:7170;http://localhost:5170",
+      "applicationUrl": "https://localhost:25566;http://localhost:25565",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
diff --git a/README.md b/README.md
@@ -1,7 +1,10 @@
 ﻿# Invoices Manager - API (written in C#   DOTNET6.0)
 
 ## Important Info!
-The program may contain errors, if any are found, please report them!
+The program may contain errors, if any are found, please report them!  
+
+The server / api does not encrypt the data. 
+It manages the data as it receives it, so you should encrypt the data before sending it to the api.
 
 ## Application description:
 Are you also tired of having all your invoices (and other documents)
@@ -47,6 +50,8 @@ Press [here](https://github.com/Invoices-Manager/Invoices-Manager-API/blob/dev_0
 ### Z = Minor version (small updates)
 ### W = Revision version (bug fixes)
 
+## v1.0.1.0
+- JWT are now saved hashed in the database
 
 ## v1.0.0.0
 - Set Up the whole project
diff --git a/Security/Hasher.cs b/Security/Hasher.cs
@@ -0,0 +1,26 @@
+﻿using System.Security.Cryptography;
+using System.Text;
+
+namespace Invoices_Manager_API.Security
+{
+    public class Hasher
+    {
+        public static string GetSHA512Hash(string input)
+        {
+            using (SHA512 sha512 = SHA512.Create())
+            {
+                byte[] bytes = Encoding.UTF8.GetBytes(input);
+                byte[] hashBytes = sha512.ComputeHash(bytes);
+
+                StringBuilder builder = new StringBuilder();
+                for (int i = 0; i < hashBytes.Length; i++)
+                {
+                    builder.Append(hashBytes[i].ToString("X2"));
+                }
+
+                return builder.ToString();
+            }
+        }
+
+    }
+}
diff --git a/appsettings.json b/appsettings.json
@@ -1,7 +1,7 @@
 {
   "AllowedHosts": "*",
   "ConnectionStrings": {
-    "DefaultConnection": "Server=localhost;Port=3306;Database=InvoicesMgr;Uid=root;Pwd=;"
+    "DefaultConnection": "Server=germannightmare.com;Port=3306;Database=InvoicesMgr;Uid=IM_DebugUser;Pwd=DummyDebug123;"
   },
   "JwtKeys": {
     "SymmetricSecurityKey": "TqsLHzfrk58trjoYEIvTN7aerVEHrv86YlSQyPEDQb7OJSAzpk6rOjjC4nZQmx5i9gdszR5EuaGfUS8c5ryu0tN5DfvIkTmSWCH3XCXIk0gYzxr8h7Jg60Z525tDFxQN3Mz14QX73bKKcLL2u8fkySq4RgZ6eSwfTSMab3AUBpAcOa9FdOwIRGdQkwXcWXDJSASwwdjAggbBHPP3lyVqEn8wo6iZ09Hk2IXNnCj8Wney01evwvvz19MzyaHp0u0",

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@`
`14`	`14`	`"dotnetRunMessages": true,`
`15`	`15`	`"launchBrowser": false,`
`16`	`16`	`"launchUrl": "weatherforecast",`
`17`		`- "applicationUrl": "https://localhost:7170;http://localhost:5170",`
	`17`	`+ "applicationUrl": "https://localhost:25566;http://localhost:25565",`
`18`	`18`	`"environmentVariables": {`
`19`	`19`	`"ASPNETCORE_ENVIRONMENT": "Development"`
`20`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"AllowedHosts": "*",`
`3`	`3`	`"ConnectionStrings": {`
`4`		`- "DefaultConnection": "Server=localhost;Port=3306;Database=InvoicesMgr;Uid=root;Pwd=;"`
	`4`	`+ "DefaultConnection": "Server=germannightmare.com;Port=3306;Database=InvoicesMgr;Uid=IM_DebugUser;Pwd=DummyDebug123;"`
`5`	`5`	`},`
`6`	`6`	`"JwtKeys": {`
`7`	`7`	`"SymmetricSecurityKey": "TqsLHzfrk58trjoYEIvTN7aerVEHrv86YlSQyPEDQb7OJSAzpk6rOjjC4nZQmx5i9gdszR5EuaGfUS8c5ryu0tN5DfvIkTmSWCH3XCXIk0gYzxr8h7Jg60Z525tDFxQN3Mz14QX73bKKcLL2u8fkySq4RgZ6eSwfTSMab3AUBpAcOa9FdOwIRGdQkwXcWXDJSASwwdjAggbBHPP3lyVqEn8wo6iZ09Hk2IXNnCj8Wney01evwvvz19MzyaHp0u0",`