feat(udt-001): infrastructure (Dapper, BCrypt, JWT RS256, dispatcher)

2026-04-13 21:36:02 -03:00
parent 8c26cd3ac5
commit ca57ce33b5
9 changed files with 347 additions and 0 deletions
--- a/src/api/SIGCM2.Infrastructure/Security/JwtService.cs
+++ b/src/api/SIGCM2.Infrastructure/Security/JwtService.cs
@@ -0,0 +1,68 @@
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text.Json;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using SIGCM2.Application.Abstractions.Security;
+using SIGCM2.Domain.Entities;
+
+namespace SIGCM2.Infrastructure.Security;
+
+public sealed class JwtService : IJwtService
+{
+    private readonly RSA _rsa;
+    private readonly JwtOptions _options;
+
+    public JwtService(RSA rsa, JwtOptions options)
+    {
+        _rsa = rsa;
+        _options = options;
+    }
+
+    public string GenerateAccessToken(Usuario usuario)
+    {
+        var signingKey = new RsaSecurityKey(_rsa);
+        var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256);
+
+        var permisos = DeserializePermisos(usuario.PermisosJson);
+
+        var claims = new List<Claim>
+        {
+            new(JwtRegisteredClaimNames.Sub, usuario.Id.ToString()),
+            new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
+            new("name", usuario.Username),
+            new("rol", usuario.Rol),
+        };
+
+        // Add each permission as a separate claim
+        foreach (var permiso in permisos)
+            claims.Add(new Claim("permisos", permiso));
+
+        var now = DateTime.UtcNow;
+        var descriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(claims),
+            Issuer = _options.Issuer,
+            Audience = _options.Audience,
+            IssuedAt = now,
+            Expires = now.AddMinutes(_options.AccessTokenMinutes),
+            SigningCredentials = credentials
+        };
+
+        var handler = new JwtSecurityTokenHandler();
+        var token = handler.CreateToken(descriptor);
+        return handler.WriteToken(token);
+    }
+
+    private static string[] DeserializePermisos(string permisosJson)
+    {
+        try
+        {
+            return JsonSerializer.Deserialize<string[]>(permisosJson) ?? [];
+        }
+        catch
+        {
+            return [];
+        }
+    }
+}