feat(udt-001): infrastructure (Dapper, BCrypt, JWT RS256, dispatcher)

2026-04-13 21:36:02 -03:00
parent 8c26cd3ac5
commit ca57ce33b5
9 changed files with 347 additions and 0 deletions
--- a/src/api/SIGCM2.Infrastructure/DependencyInjection.cs
+++ b/src/api/SIGCM2.Infrastructure/DependencyInjection.cs
@@ -0,0 +1,76 @@
+using System.Security.Cryptography;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using SIGCM2.Application.Abstractions;
+using SIGCM2.Application.Abstractions.Persistence;
+using SIGCM2.Application.Abstractions.Security;
+using SIGCM2.Infrastructure.Messaging;
+using SIGCM2.Infrastructure.Persistence;
+using SIGCM2.Infrastructure.Security;
+
+namespace SIGCM2.Infrastructure;
+
+public static class DependencyInjection
+{
+    public static IServiceCollection AddInfrastructure(
+        this IServiceCollection services,
+        IConfiguration configuration)
+    {
+        // Database
+        var connectionString = configuration.GetConnectionString("SqlServer")
+            ?? throw new InvalidOperationException("Missing ConnectionStrings:SqlServer");
+        services.AddSingleton(new SqlConnectionFactory(connectionString));
+        services.AddScoped<IUsuarioRepository, UsuarioRepository>();
+
+        // JWT Options — bound lazily via IOptions so tests can override via ConfigureWebHost
+        services.Configure<JwtOptions>(configuration.GetSection("Jwt"));
+        // Also expose as JwtOptions directly for convenience (resolves via IOptions<JwtOptions>)
+        services.AddSingleton<JwtOptions>(sp => sp.GetRequiredService<IOptions<JwtOptions>>().Value);
+
+        // RSA key pair — loaded lazily as singletons from the fully-resolved JwtOptions
+        services.AddSingleton<RSA>(sp =>
+        {
+            var opts = sp.GetRequiredService<JwtOptions>();
+            return RsaKeyLoader.LoadPrivateKey(opts);
+        });
+
+        services.AddSingleton<RsaSecurityKey>(sp =>
+        {
+            var opts = sp.GetRequiredService<JwtOptions>();
+            return new RsaSecurityKey(RsaKeyLoader.LoadPublicKey(opts));
+        });
+
+        services.AddScoped<IJwtService>(sp =>
+            new JwtService(sp.GetRequiredService<RSA>(), sp.GetRequiredService<JwtOptions>()));
+        services.AddScoped<IPasswordHasher, BcryptPasswordHasher>();
+
+        // Dispatcher
+        services.AddScoped<IDispatcher, Dispatcher>();
+
+        // JWT Bearer authentication
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddJwtBearer();
+
+        // Post-configure JWT Bearer — wire RSA public key + validation params from resolved options
+        services.AddOptions<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme)
+            .PostConfigure<RsaSecurityKey, JwtOptions>((jwtBearerOpts, rsaKey, jwtOpts) =>
+            {
+                jwtBearerOpts.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidateIssuerSigningKey = true,
+                    IssuerSigningKey = rsaKey,
+                    ValidateIssuer = true,
+                    ValidIssuer = jwtOpts.Issuer,
+                    ValidateAudience = true,
+                    ValidAudience = jwtOpts.Audience,
+                    ValidateLifetime = true,
+                    ClockSkew = TimeSpan.Zero
+                };
+            });
+
+        return services;
+    }
+}