Skip to content

Authorization #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
milanmitreski merged 4 commits into from
Oct 14, 2025
Merged

Authorization #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b04b228
Authentication and authorization enabled on all microservices. Relate…
milanmitreski Oct 13, 2025
c80e9cb
Nutrition Service authorization roles changed. Relates to #119.
milanmitreski Oct 13, 2025
f1c06e9
VideoTrainingService authorization roles changed. Relates to #119.
milanmitreski Oct 13, 2025
a88ed66
AnalyticsService integrated in authorization. Relates to #119.
milanmitreski Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Fitness/Backend/Services/AnalyticsService/AnalyticsService.API/AnalyticsService.API.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
<PackageReference Include="AutoMapper" Version="14.0.0" />
<PackageReference Include="MassTransit" Version="8.3.5-develop.2187" />
<PackageReference Include="MassTransit.RabbitMQ" Version="8.3.5-develop.2187" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.10"/>
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2"/>
</ItemGroup>
Expand Down
11 changes: 6 additions & 5 deletions ...Backend/Services/AnalyticsService/AnalyticsService.API/Controllers/AnalyticsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
using AnalyticsService.Common.Entities;
using AnalyticsService.Common.Repositories;
using AutoMapper;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace AnalyticsService.API.Controllers;

// [Authorize]
[Authorize]
[ApiController]
[Route("api/v1/[controller]")]
public class AnalyticsController : ControllerBase
Expand All @@ -18,7 +19,7 @@ public AnalyticsController(IAnalyticsRepository repository)
}

// Individual Trainings
// [Authorize(Roles = "Admin, Trainer")]
[Authorize(Roles = "Admin, Trainer")]
[HttpGet("individual/trainer/{trainerId}")]
[ProducesResponseType(typeof(IEnumerable<IndividualTraining>), StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<IndividualTraining>>> GetIndividualTrainingsByTrainerId(string trainerId)
Expand All @@ -27,7 +28,7 @@ public async Task<ActionResult<IEnumerable<IndividualTraining>>> GetIndividualTr
return Ok(reservations);
}

// [Authorize(Roles = "Admin, Client")]
[Authorize(Roles = "Admin, Client")]
[HttpGet("individual/client/{clientId}")]
[ProducesResponseType(typeof(IEnumerable<IndividualTraining>), StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<IndividualTraining>>> GetIndividualTrainingsByClientId(string clientId)
Expand All @@ -37,7 +38,7 @@ public async Task<ActionResult<IEnumerable<IndividualTraining>>> GetIndividualTr
}

// Group Trainings
// [Authorize(Roles = "Admin, Trainer")]
[Authorize(Roles = "Admin, Trainer")]
[HttpGet("group/trainer/{trainerId}")]
[ProducesResponseType(typeof(IEnumerable<GroupTraining>), StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<GroupTraining>>> GetGroupTrainingsByTrainerId(string trainerId)
Expand All @@ -46,7 +47,7 @@ public async Task<ActionResult<IEnumerable<GroupTraining>>> GetGroupTrainingsByT
return Ok(reservations);
}

// [Authorize(Roles = "Admin, Client")]
[Authorize(Roles = "Admin, Client")]
[HttpGet("group/client/{clientId}")]
[ProducesResponseType(typeof(IEnumerable<GroupTraining>), StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<GroupTraining>>> GetGroupTrainingsByClientId(string clientId)
Expand Down
31 changes: 31 additions & 0 deletions Fitness/Backend/Services/AnalyticsService/AnalyticsService.API/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
using System.Reflection;
using System.Text;
using AnalyticsService.API.EventBusConsumers;
using AnalyticsService.Common.Extensions;
using EventBus.Messages.Constants;
using MassTransit;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;

var builder = WebApplication.CreateBuilder(args);

Expand Down Expand Up @@ -48,6 +51,29 @@
});
});

var jwtSettings = builder.Configuration.GetSection("JwtSettings");
var secretKey = jwtSettings.GetValue<string>("secretKey");

builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,

ValidIssuer = jwtSettings.GetSection("validIssuer").Value,
ValidAudience = jwtSettings.GetSection("validAudience").Value,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey))
};
});

var app = builder.Build();

// Configure the HTTP request pipeline.
Expand All @@ -59,6 +85,11 @@

app.UseCors("CorsPolicy");

app.UseRouting();
app.UseHttpsRedirection();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();
app.Run();
9 changes: 9 additions & 0 deletions Fitness/Backend/Services/AnalyticsService/AnalyticsService.API/appsettings.Development.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,14 @@
},
"DatabaseSettings": {
"ConnectionString": "mongodb://localhost:27017"
},
"EventBusSettings": {
"HostAddress": "amqp://guest:guest@localhost:5672"
},
"JwtSettings": {
"validIssuer": "Fitness Identity",
"validAudience": "Fitness",
"secretKey": "MyVeryVerySecretMessageForSecretKey",
"expires": 15
}
}
1 change: 1 addition & 0 deletions Fitness/Backend/Services/ChatService/ChatService.API/ChatService.API.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
<PackageReference Include="MassTransit" Version="8.2.4" />
<PackageReference Include="MassTransit.AspNetCore" Version="7.3.1" />
<PackageReference Include="MassTransit.RabbitMQ" Version="8.2.4" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.0" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.0">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
Expand Down
14 changes: 9 additions & 5 deletions Fitness/Backend/Services/ChatService/ChatService.API/Controllers/ChatController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
using ChatService.API.Models;
using ChatService.API.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace ChatService.API.Controllers;

//TO DO AUTHORIZATION AND AUTHENTICATION

[Authorize]
[ApiController]
[Route("api/v1/[controller]")]
public class ChatController : ControllerBase
Expand All @@ -17,7 +17,7 @@ public ChatController(IChatService chatService)
_chatService = chatService;
}


[Authorize(Roles = "Admin, Trainer, Client")]
[HttpGet("sessions/{userId}/my-sessions-summary")]
public async Task<IActionResult> GetBasicInfoForSessions(string userId)
{
Expand All @@ -30,7 +30,7 @@ public async Task<IActionResult> GetBasicInfoForSessions(string userId)
return Ok(basicInfo);
}


[Authorize(Roles = "Trainer, Client")]
[HttpPost("sessions/messages")]
public async Task<IActionResult> AddMessageToSession([FromQuery] string trainerId, [FromQuery] string clientId, [FromBody] string content, [FromQuery] string senderType)
{
Expand All @@ -45,6 +45,7 @@ public async Task<IActionResult> AddMessageToSession([FromQuery] string trainerI
}
}

[Authorize(Roles = "Trainer, Client")]
[HttpGet("sessions/messages")]
public async Task<IActionResult> GetMessagesFromSession([FromQuery] string trainerId, [FromQuery] string clientId)
{
Expand All @@ -65,7 +66,7 @@ public async Task<IActionResult> GetMessagesFromSession([FromQuery] string train
return Ok(messages);
}


[Authorize(Roles = "Client")]
[HttpPost("sessions")]
public async Task<IActionResult> CreateChatSession([FromQuery] string trainerId, [FromQuery] string clientId)
{
Expand All @@ -80,13 +81,15 @@ public async Task<IActionResult> CreateChatSession([FromQuery] string trainerId,
}
}

[Authorize(Roles = "Admin, Trainer, Client")]
[HttpGet("sessions")]
public async Task<IActionResult> GetChatSession([FromQuery] string trainerId, [FromQuery] string clientId)
{
var session = await _chatService.GetChatSessionAsync(trainerId, clientId);
return session != null ? Ok(session) : NotFound(new { Message = "Chat session not found." });
}

[Authorize(Roles = "Admin")]
[HttpDelete("sessions")]
public async Task<IActionResult> DeleteChatSession([FromQuery] string trainerId, [FromQuery] string clientId)
{
Expand All @@ -95,6 +98,7 @@ public async Task<IActionResult> DeleteChatSession([FromQuery] string trainerId,
: NotFound(new { Message = "Session not found or already deleted." });
}

[Authorize(Roles = "Client")]
[HttpPost("sessions/extend")]
public async Task<IActionResult> ExtendChatSession([FromQuery] string trainerId, [FromQuery] string clientId)
{
Expand Down
37 changes: 33 additions & 4 deletions Fitness/Backend/Services/ChatService/ChatService.API/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
using System.Text;
using ChatService.API.Data;
using ChatService.API.Middleware;
using ChatService.API.Models;
Expand All @@ -10,6 +11,8 @@
using ConsulConfig.Settings;
using EventBus.Messages.Events;
using MassTransit;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;

var builder = WebApplication.CreateBuilder(args);

Expand Down Expand Up @@ -70,8 +73,33 @@
});
});

var jwtSettings = builder.Configuration.GetSection("JwtSettings");
var secretKey = jwtSettings.GetValue<string>("secretKey");

builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,

ValidIssuer = jwtSettings.GetSection("validIssuer").Value,
ValidAudience = jwtSettings.GetSection("validAudience").Value,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey))
};
});

var app = builder.Build();

app.UseCors("AllowAll");

app.Lifetime.ApplicationStarted.Register(() =>
{
var consulClient = app.Services.GetRequiredService<IConsulClient>();
Expand All @@ -93,8 +121,6 @@
consulClient.Agent.ServiceDeregister(consulConfig.ServiceId).Wait();
});



// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
Expand All @@ -103,11 +129,14 @@
}

app.UseRouting();
app.UseCors("AllowAll");
app.UseHttpsRedirection();

app.UseAuthentication();
app.UseAuthorization();

// app.UseHttpsRedirection();
app.UseWebSockets();
app.UseMiddleware<WebSocketMiddleware>();

app.MapControllers();

app.Run();
8 changes: 6 additions & 2 deletions Fitness/Backend/Services/ChatService/ChatService.API/appsettings.Development.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,17 @@
"ChatSessionsCollection": "ChatSessions",
"MessagesCollection": "Messages"
},
"JwtSettings": {
"validIssuer": "Fitness Identity",
"validAudience": "Fitness",
"secretKey": "MyVeryVerySecretMessageForSecretKey",
"expires": 15
},
"ConsulConfig": {
"Address": "http://consul:8500",
"ServiceName": "ChatService.API",
"ServiceId": "ChatService.API-1",
"ServiceAddress": "chatservice.api",
"ServicePort": 8080
}


}
18 changes: 9 additions & 9 deletions Fitness/Backend/Services/ClientService/ClientService.API/Controllers/ClientController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

namespace ClientService.API.Controllers
{
// [Authorize]
[Authorize]
[ApiController]
[Route("api/v1/[controller]")]
public class ClientController:ControllerBase
Expand All @@ -21,7 +21,7 @@ public ClientController(IRepository repository, IMapper mapper)
_mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
}

// [Authorize(Roles = "Admin, Trainer")]
[Authorize(Roles = "Admin, Trainer")]
[HttpGet]
[ProducesResponseType(typeof(IEnumerable<Client>), StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<Client>>> GetClients()
Expand All @@ -30,7 +30,7 @@ public async Task<ActionResult<IEnumerable<Client>>> GetClients()
return Ok(clients);
}

// [Authorize(Roles = "Admin, Trainer, Client")]
[Authorize(Roles = "Admin, Trainer, Client")]
[HttpGet("{id}", Name = "GetClient")]
[ProducesResponseType(typeof(IEnumerable<Client>), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
Expand All @@ -46,7 +46,7 @@ public async Task<ActionResult<Client>> GetClientById(string id)

// TODO("Dodati GetClientsByIds - mozda gRPC!!!")

// [Authorize(Roles = "Admin, Trainer, Client")]
[Authorize(Roles = "Admin, Trainer, Client")]
[Route("[action]/{name}")]
[HttpGet]
[ProducesResponseType(typeof(IEnumerable<Client>), StatusCodes.Status200OK)]
Expand All @@ -56,7 +56,7 @@ public async Task<ActionResult<IEnumerable<Client>>> GetClientsByName(string nam
return Ok(results);
}

// [Authorize(Roles = "Admin, Trainer, Client")]
[Authorize(Roles = "Admin, Trainer, Client")]
[Route("[action]/{surname}")]
[HttpGet]
[ProducesResponseType(typeof(IEnumerable<Client>), StatusCodes.Status200OK)]
Expand All @@ -66,7 +66,7 @@ public async Task<ActionResult<IEnumerable<Client>>> GetClientsBySurname(string
return Ok(results);
}

// [Authorize(Roles = "Admin, Trainer, Client")]
[Authorize(Roles = "Admin, Trainer, Client")]
[Route("[action]/{email}")]
[HttpGet]
[ProducesResponseType(typeof(Client), StatusCodes.Status200OK)]
Expand All @@ -84,23 +84,23 @@ public async Task<ActionResult<Client>> CreateClient([FromBody] Client client)
return CreatedAtRoute("GetClient", new { id = client.Id }, client);

}
// [Authorize(Roles = "Admin, Client")]
[Authorize(Roles = "Admin, Client")]
[HttpPut]
[ProducesResponseType(typeof(Client), StatusCodes.Status200OK)]
public async Task<IActionResult> UpdateClient([FromBody] Client client)
{
return Ok(await _repository.UpdateClient(client));
}

// [Authorize(Roles = "Admin")]
[Authorize(Roles = "Admin")]
[HttpDelete("{id}", Name = "DeleteClient")]
[ProducesResponseType(typeof(Client), StatusCodes.Status200OK)]
public async Task<IActionResult> DeleteClient(string id)
{
return Ok(await _repository.DeleteClient(id));
}

// [Authorize(Roles = "Admin")]
[Authorize(Roles = "Admin")]
[Route("[action]")]
[HttpDelete]
[ProducesResponseType(typeof(Client), StatusCodes.Status200OK)]
Expand Down
Loading