Add helpers for JWT authentication

Author: Krzysztof-Cieslak

paket.dependencies

@@ -9,6 +9,7 @@ nuget Microsoft.AspNetCore.StaticFiles
 nuget Microsoft.Extensions.Caching.Memory
 nuget Microsoft.AspNetCore.Rewrite
 nuget Microsoft.AspNetCore.Cors
+nuget Microsoft.AspNetCore.Authentication.JwtBearer
 
 nuget Giraffe
 

paket.lock

@@ -11,6 +11,8 @@ open Microsoft.Extensions.Logging
 open System.IO
 open Microsoft.AspNetCore.Rewrite
 open Microsoft.AspNetCore.Cors.Infrastructure
+open Microsoft.AspNetCore.Authentication.JwtBearer
+open Microsoft.IdentityModel.Tokens
 
 type ApplicationState = {
   Router: HttpHandler option
@@ -149,6 +151,30 @@ module Application =
           ServicesConfig = service::state.ServicesConfig
           AppConfigs = middleware::state.AppConfigs
       }
+    [<CustomOperation("use_jwt_authentication")>]    
+    member __.UseJWTAuth(state: ApplicationState, secret: string, issuer : string) = 
+      let middleware (app : IApplicationBuilder) = 
+        app.UseAuthentication() 
+
+      let service (s : IServiceCollection) =
+        s.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+         .AddJwtBearer(fun opt -> 
+            let tvp = TokenValidationParameters()
+            tvp.ValidateActor <- true
+            tvp.ValidateAudience <- true
+            tvp.ValidateLifetime <- true
+            tvp.ValidateIssuerSigningKey <- true
+            tvp.ValidIssuer <- issuer
+            tvp.ValidAudience <- issuer
+            tvp.IssuerSigningKey <- SymmetricSecurityKey(Text.Encoding.UTF8.GetBytes secret)
+            opt.TokenValidationParameters <- tvp
+         ) |> ignore 
+        s 
+
+      { state with
+          ServicesConfig = service::state.ServicesConfig
+          AppConfigs = middleware::state.AppConfigs
+      } 
 
   let application = ApplicationBuilder()
 

src/Saturn/Application.fs

@@ -6,6 +6,7 @@ open Giraffe.Tasks
 open Giraffe.HttpHandlers
 open Giraffe.HttpStatusCodeHandlers
 
+
 module ControllerHelpers =
 
   [<RequireQualifiedAccess>]
@@ -176,4 +177,21 @@ module ControllerHelpers =
       ServerErrors.SERVICE_UNAVAILABLE res (fun c -> task {return Some c}) ctx
 
     let gatewayTimeout (ctx: HttpContext) res =
-      ServerErrors.GATEWAY_TIMEOUT res (fun c -> task {return Some c}) ctx
+      ServerErrors.GATEWAY_TIMEOUT res (fun c -> task {return Some c}) ctx
+
+  [<RequireQualifiedAccess>]  
+  module Authentication =
+    open System
+    open System.Text
+    open Microsoft.IdentityModel.Tokens
+    open System.IdentityModel.Tokens.Jwt
+    
+
+    let generateToken (secret : string, algorithm) issuer expires claims = 
+      let expires = Nullable(expires)
+      let notBefore = Nullable(DateTime.UtcNow)
+      let securityKey = SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret))
+      let signingCredentials = SigningCredentials(key = securityKey, algorithm = algorithm)
+
+      let token = JwtSecurityToken(issuer, issuer, claims, notBefore, expires, signingCredentials )
+      JwtSecurityTokenHandler().WriteToken token 

src/Saturn/ControllerHelpers.fs

@@ -195,6 +195,6 @@ module Pipeline =
     ctx.Items.["RequestId"] <- reqId
     setHttpHeader "x-request-id" reqId nxt ctx
 
-  ///TODO: force SSL connections - https://github.com/elixir-plug/plug/blob/v1.4.3/lib/plug/ssl.ex#L1
-  let ssl : HttpHandler = succeed
-
+  ///Requires authentication with JWT token using default authentication scheme
+  let jwtAuthentication : HttpHandler = 
+    requiresAuthentication (challenge Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)

src/Saturn/Pipelines.fs

@@ -6,4 +6,5 @@ Microsoft.AspNetCore.StaticFiles
 Microsoft.AspNetCore.ResponseCompression
 Microsoft.Extensions.Caching.Memory
 Microsoft.AspNetCore.Rewrite
-Microsoft.AspNetCore.Cors
+Microsoft.AspNetCore.Cors
+Microsoft.AspNetCore.Authentication.JwtBearer