add: autenticacao e autorizacao

2025-09-24 15:32:10 -03:00
parent f7426e16d9
commit 047c1a7ddb
6 changed files with 147 additions and 8 deletions
--- a/Program.cs
+++ b/Program.cs
@@ -4,9 +4,42 @@ using Microsoft.AspNetCore.Mvc;
 using CampusWorkshops.Api.Repositories;
 using Microsoft.EntityFrameworkCore;
 using CampusWorkshops.Api.Infrastructure.Data;
+using System.Text;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;

 var builder = WebApplication.CreateBuilder(args);

+// JWT
+var jwt = builder.Configuration.GetSection("Jwt");
+var keyBytes = Encoding.UTF8.GetBytes(jwt["Key"]!);
+
+builder.Services
+  .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+  .AddJwtBearer(options =>
+  {
+      options.TokenValidationParameters = new()
+      {
+          ValidateIssuer = true,
+          ValidateAudience = true,
+          ValidateIssuerSigningKey = true,
+          ValidIssuer = jwt["Issuer"],
+          ValidAudience = jwt["Audience"],
+          IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
+          ClockSkew = TimeSpan.FromMinutes(1) // previsível para testes
+      };
+  });
+
+builder.Services.AddAuthorization();
+
+builder.Services.AddAuthorization(options =>
+{
+    options.AddPolicy("CanWriteWorkshops", p => p.RequireRole("Instructor","Admin"));
+    options.AddPolicy("CanDeleteWorkshops", p => p.RequireRole("Admin"));
+    options.AddPolicy("CanViewAnalytics",  p => p.RequireRole("Admin"));
+});
+
 // Add services
 builder.Services.AddDbContext<WorkshopsDbContext>(options =>
    options.UseSqlite(builder.Configuration.GetConnectionString("WorkshopsDb")));
@@ -22,6 +55,37 @@ builder.Services.AddSwaggerGen(o =>
        Version = "v1",
        Description = "API para gestão de workshops do campus (MVP in-memory)."
    });
+    var bearerScheme = new OpenApiSecurityScheme
+    {
+        Name = "Authorization",
+        Description = "Cole apenas o JWT (sem 'Bearer ').",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,   // <- IMPORTANTE
+        Scheme = "bearer",                // <- minúsculo
+        BearerFormat = "JWT",
+        Reference = new OpenApiReference   // <- garante que o requirement aponte para esta definição
+        {
+            Type = ReferenceType.SecurityScheme,
+            Id = "Bearer"
+        }
+    };
+
+    o.AddSecurityDefinition("Bearer", bearerScheme);
+
+    o.AddSecurityRequirement(new OpenApiSecurityRequirement
+    {
+        {
+            new OpenApiSecurityScheme
+            {
+                Reference = new OpenApiReference
+                {
+                    Type = ReferenceType.SecurityScheme,
+                    Id = "Bearer"
+                }
+            },
+            Array.Empty<string>()
+        }
+    });
 });

 // DI
@@ -51,6 +115,9 @@ app.UseExceptionHandler(errApp =>

 app.UseHttpsRedirection();

+app.UseAuthentication();   // <-- antes
+app.UseAuthorization();    // <-- depois
+
 app.UseSwagger();
 app.UseSwaggerUI(c =>
 {