Authorize API

src/GameIdeas/Client/GameIdeas.BlazorApp/App.razor

@@ -1,5 +1,7 @@
 @using GameIdeas.BlazorApp.Layouts
+@using Microsoft.AspNetCore.Components.Authorization
 
+<CascadingAuthenticationState>
     <Router AppAssembly="@typeof(App).Assembly">
         <Found Context="routeData">
             <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
@@ -12,3 +14,5 @@
             </LayoutView>
         </NotFound>
     </Router>
+</CascadingAuthenticationState>
+

src/GameIdeas/Client/GameIdeas.BlazorApp/Helpers/GameHelper.cs

@@ -1,12 +1,26 @@
 using GameIdeas.Shared.Dto;
+using Microsoft.AspNetCore.Components.Authorization;
+using System.Security.Claims;
 
 namespace GameIdeas.BlazorApp.Helpers;
 
 public static class GameHelper
 {
-    public static void WriteTrackingDto(GameDetailDto game)
+    public static void WriteTrackingDto(GameDetailDto game, AuthenticationState authState)
     {
-        game.CreationUserId = 100000;
+        if (authState == null)
+        {
+            throw new ArgumentNullException(nameof(authState), "Authentication state missing");
+        }
+
+        var userId = authState.User.FindFirstValue(ClaimTypes.Sid);
+
+        if (userId == null)
+        {
+            throw new ArgumentNullException(nameof(authState), "user state missing");
+        }
+
+        game.CreationUserId = userId;
         game.CreationDate = DateTime.Now;
     }
 

src/GameIdeas/Client/GameIdeas.BlazorApp/Pages/Games/Components/GameCreationForm.razor.cs

@@ -5,8 +5,10 @@ using GameIdeas.BlazorApp.Shared.Components.Select.Models;
 using GameIdeas.BlazorApp.Shared.Components.Slider;
 using GameIdeas.Shared.Dto;
 using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Forms;
 using Microsoft.JSInterop;
+using System.Security.Claims;
 
 namespace GameIdeas.BlazorApp.Pages.Games.Components;
 
@@ -14,6 +16,7 @@ public partial class GameCreationForm
 {
     [Inject] private IJSRuntime Js { get; set; } = default!;
     [Inject] private IGameGateway GameGateway { get; set; } = default!;
+    [Inject] private AuthenticationStateProvider AuthenticationState { get; set; } = default!;
     [CascadingParameter] private Popup? Popup { get; set; }
     [Parameter] public CategoriesDto? Categories { get; set; }
     [Parameter] public EventCallback OnSubmit { get; set; }
@@ -33,7 +36,6 @@ public partial class GameCreationForm
     protected override async Task OnAfterRenderAsync(bool firstRender)
     {
         await Js.InvokeVoidAsync("resizeGameForm");
-
     }
 
     private void HandleOnCancel()
@@ -52,7 +54,9 @@ public partial class GameCreationForm
         {
             IsLoading = true;
 
-            GameHelper.WriteTrackingDto(GameDto);
+            var authState = await AuthenticationState.GetAuthenticationStateAsync();
+            GameHelper.WriteTrackingDto(GameDto, authState);
+
             var gameId = await GameGateway.CreateGame(GameDto);
 
             if (gameId != 0)
@@ -68,6 +72,7 @@ public partial class GameCreationForm
         finally
         {
             IsLoading = false;
+            StateHasChanged();
         }
     }
 }

src/GameIdeas/Client/GameIdeas.BlazorApp/Pages/Games/Header/GameHeader.razor

@@ -4,6 +4,8 @@
 @using GameIdeas.BlazorApp.Shared.Components.Select.Models
 @using GameIdeas.BlazorApp.Shared.Models
 @using GameIdeas.Resources
+@using GameIdeas.Shared.Constants
+@using Microsoft.AspNetCore.Components.Authorization
 
 @inherits ComponentBase
 
@@ -15,7 +17,8 @@
     @ChildContent
 
     <div class="account-add-container">
-        <div class="add-container">
+        <AuthorizeView Roles="@GlobalConstants.ADMIN_MEMBER">
+            <Authorized>
                 <div class="add-buttons">
                     <div class="first-button button">
                         <svg class="button-icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
@@ -31,7 +34,9 @@
                         </div>
                     </Select>
                 </div>
-        </div>
+            </Authorized>
+        </AuthorizeView>
+
         <UserMenu />
     </div>
 </div>

src/GameIdeas/Client/GameIdeas.BlazorApp/Pages/Games/Header/GameHeader.razor.css

@@ -29,15 +29,12 @@
     align-items: flex-end;
 }
 
-.add-container {
-    margin-right: 40px;
-}
-
 .add-buttons {
     display: flex;
     flex-direction: row;
     background: var(--violet);
     border-radius: var(--small-radius);
+    margin-right: 40px;
 }
 
 .button {

src/GameIdeas/Client/GameIdeas.BlazorApp/Pages/User/UserMenu.razor

@@ -12,8 +12,7 @@
         @if (ContentVisile)
         {
             <div class="content">
-                <CascadingAuthenticationState>
+                <AuthorizeView Roles="@GlobalConstants.ADMIN_MEMBER">
-                    <AuthorizeView Roles="@($"{GlobalConstants.ADMINISTRATOR}, {GlobalConstants.MEMBER}")">
                     <Authorized>
                         <div class="menu-element">
                             @ResourcesKey.CategoriesManager
@@ -41,7 +40,6 @@
                         <Login AuthGateway="AuthGateway" />
                     </NotAuthorized>
                 </AuthorizeView>
-                </CascadingAuthenticationState>
             </div>
         }
     </div>

src/GameIdeas/Client/GameIdeas.BlazorApp/Services/HttpClientService.cs

@@ -3,10 +3,15 @@ using System.Net.Http.Headers;
 using System.Text.Json.Serialization;
 using System.Text.Json;
 using System.Text;
+using Blazored.LocalStorage;
+using GameIdeas.Shared.Constants;
 
 namespace GameIdeas.BlazorApp.Services;
 
-public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFactory loggerFactory) : IHttpClientService
+public class HttpClientService(
+    IHttpClientFactory httpClientFactory, 
+    ILoggerFactory loggerFactory,
+    ILocalStorageService localStorage) : IHttpClientService
 {
     private readonly HttpClient httpClient = httpClientFactory.CreateClient("GameIdeas.WebAPI");
     private readonly ILogger<HttpClientService> logger = loggerFactory.CreateLogger<HttpClientService>();
@@ -25,6 +30,8 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<T?> PostAsync<T>(string url, object data)
     {
+        await SetAuthorizationHeader();
+
         var jsonContent = JsonSerializer.Serialize(data, _optionsCamelCase);
         var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
         var response = await httpClient.PostAsync(url, content);
@@ -32,8 +39,11 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
         return await GetResultValue<T>(response, ResourcesKey.ErrorWhenPostingData);
     }
 
+
     public async Task<T?> PutAsync<T>(string url, object data)
     {
+        await SetAuthorizationHeader();
+
         var jsonContent = JsonSerializer.Serialize(data, _optionsCamelCase);
         var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
         var response = await httpClient.PutAsync(url, content);
@@ -43,6 +53,7 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<T?> DeleteAsync<T>(string? url)
     {
+        await SetAuthorizationHeader();
         var response = await httpClient.DeleteAsync(url);
 
         return await GetResultValue<T>(response, ResourcesKey.ErrorWhenDeletingData);
@@ -50,6 +61,7 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<T?> FetchDataAsync<T>(string? url)
     {
+        await SetAuthorizationHeader();
         var response = await httpClient.GetAsync(url);
 
         return await GetResultValue<T>(response, ResourcesKey.ErrorWhenFetchingData);
@@ -57,6 +69,7 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<byte[]?> FetchBytesAsync(string? url)
     {
+        await SetAuthorizationHeader();
         var response = await httpClient.GetAsync(url);
 
         if (response.IsSuccessStatusCode)
@@ -71,6 +84,7 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<Stream?> FetchStreamAsync(string? url)
     {
+        await SetAuthorizationHeader();
         var response = await httpClient.GetAsync(url);
 
         if (response.IsSuccessStatusCode)
@@ -84,6 +98,8 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
 
     public async Task<T?> PostFileAsync<T>(string? url, Stream fileStream, string fileName, string contentType)
     {
+        await SetAuthorizationHeader();
+
         using var content = new MultipartFormDataContent();
 
         var streamContent = new StreamContent(fileStream);
@@ -122,4 +138,11 @@ public class HttpClientService(IHttpClientFactory httpClientFactory, ILoggerFact
         throw new HttpRequestException(
             $"{errorMessage} + StatusCode: {response.StatusCode} + Reason: {response.ReasonPhrase}");
     }
+
+    private async Task SetAuthorizationHeader()
+    {
+        var token = await localStorage.GetItemAsStringAsync(GlobalConstants.LS_AUTH_STORAGE_KEY);
+        httpClient.DefaultRequestHeaders.Authorization =
+            new AuthenticationHeaderValue("bearer", token);
+    }
 }

src/GameIdeas/Client/GameIdeas.BlazorApp/Services/JwtAuthenticationStateProvider.cs

@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Components.Authorization;
 using System.Security.Claims;
 using System.IdentityModel.Tokens.Jwt;
+using GameIdeas.Shared.Constants;
 
 namespace GameIdeas.BlazorApp.Services;
 
@@ -9,7 +10,7 @@ public class JwtAuthenticationStateProvider(ILocalStorageService localStorage) :
 {
     public override async Task<AuthenticationState> GetAuthenticationStateAsync()
     {
-        var savedToken = await localStorage.GetItemAsStringAsync("authToken");
+        var savedToken = await localStorage.GetItemAsStringAsync(GlobalConstants.LS_AUTH_STORAGE_KEY);
 
         if (!string.IsNullOrWhiteSpace(savedToken)) 
         {
@@ -23,7 +24,7 @@ public class JwtAuthenticationStateProvider(ILocalStorageService localStorage) :
             }
             catch
             {
-                await localStorage.RemoveItemAsync("authToken");
+                await localStorage.RemoveItemAsync(GlobalConstants.LS_AUTH_STORAGE_KEY);
             }
         }
 
@@ -32,14 +33,14 @@ public class JwtAuthenticationStateProvider(ILocalStorageService localStorage) :
 
     public async Task NotifyUserAuthenticationAsync(string token)
     {
-        await localStorage.SetItemAsStringAsync("authToken", token);
+        await localStorage.SetItemAsStringAsync(GlobalConstants.LS_AUTH_STORAGE_KEY, token);
 
         NotifyAuthenticationStateChanged(GetAuthenticationStateAsync());
     }
 
     public async Task NotifyUserLogoutAsync()
     {
-        await localStorage.RemoveItemAsync("authToken");
+        await localStorage.RemoveItemAsync(GlobalConstants.LS_AUTH_STORAGE_KEY);
 
         var nobody = new ClaimsPrincipal(new ClaimsIdentity());
         NotifyAuthenticationStateChanged(Task.FromResult(new AuthenticationState(nobody)));

src/GameIdeas/GameIdeas.Shared/Constants/GlobalConstants.cs

@@ -6,11 +6,14 @@ public class GlobalConstants
     public readonly static Guid ADMINISTRATOR_USER_ID = Guid.Parse("{2AB56FCB-0CDE-4DAE-AC9C-FC7635B0D18A}");
     public readonly static Guid MEMBER_ID = Guid.Parse("{BCE14DEA-1748-4A76-8485-ADEE83DF5EFD}");
 
-    public readonly static string ADMINISTRATOR = "Administrateur";
+    public const string ADMINISTRATOR = "Administrateur";
-    public readonly static string MEMBER = "Membre";
+    public const string MEMBER = "Membre";
+    public const string ADMIN_MEMBER = $"{ADMINISTRATOR}, {MEMBER}"; 
 
-    public readonly static int JWT_DURATION_HOUR = 12;
+    public const int JWT_DURATION_HOUR = 12;
 
-    public readonly static int NUMBER_PER_PAGE = 50;
+    public const int NUMBER_PER_PAGE = 50;
+
+    public const string LS_AUTH_STORAGE_KEY = "authToken";
 }
     

src/GameIdeas/GameIdeas.Shared/Dto/GameDetailDto.cs

@@ -6,9 +6,9 @@ public class GameDetailDto
     public string? Title { get; set; }
     public DateTime? ReleaseDate { get; set; }
     public DateTime? CreationDate { get; set; }
-    public int CreationUserId { get; set; }
+    public string CreationUserId { get; set; } = string.Empty;
     public DateTime? ModificationDate { get; set; }
-    public int? ModificationUserId { get; set; }
+    public string? ModificationUserId { get; set; }
     public double? StorageSpace { get; set; }
     public string? Description { get; set; }
     public int Interest { get; set; } = 3;

src/GameIdeas/Server/GameIdeas.WebAPI/Controllers/GameController.cs

@@ -1,5 +1,7 @@
-using GameIdeas.Shared.Dto;
+using GameIdeas.Shared.Constants;
+using GameIdeas.Shared.Dto;
 using GameIdeas.WebAPI.Services.Games;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace GameIdeas.WebAPI.Controllers;
@@ -42,6 +44,7 @@ public class GameController(
         }
     }
 
+    [Authorize(Roles = GlobalConstants.ADMIN_MEMBER)]
     [HttpPost("Create")]
     public async Task<ActionResult<int>> CreateGame([FromBody] GameDetailDto game)
     {
@@ -57,6 +60,7 @@ public class GameController(
         }
     }
 
+    [Authorize(Roles = GlobalConstants.ADMIN_MEMBER)]
     [HttpPut("Update")]
     public async Task<ActionResult<int>> UpdateGame([FromBody] GameDetailDto game)
     {
@@ -72,6 +76,7 @@ public class GameController(
         }   
     }
 
+    [Authorize(Roles = GlobalConstants.ADMIN_MEMBER)]
     [HttpDelete("Delete/{id:int}")]
     public async Task<ActionResult<bool>> DeleteGame(int id)
     {

src/GameIdeas/Server/GameIdeas.WebAPI/Services/Users/UserService.cs

@@ -28,6 +28,7 @@ public class UserService(UserManager<User> userManager) : IUserService
         List<Claim> authClaims =
         [
             new Claim(ClaimTypes.Name, user.UserName ?? string.Empty),
+            new Claim(ClaimTypes.Sid, user.Id),
             new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
         ];