2026-06-16 17:22:46 +06:00
|
|
|
|
using Ease.NetCore.DataAccess;
|
2026-06-15 18:26:58 +06:00
|
|
|
|
using Ease.NetCore.DataAccess.SQL;
|
|
|
|
|
|
using Microsoft.Data.SqlClient;
|
|
|
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Global;
|
|
|
|
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Objects.Systems;
|
|
|
|
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Requests.Integrations;
|
|
|
|
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Responses.Integrations;
|
|
|
|
|
|
using OnlineSalesAutoCrop.CoreAPI.Services.Contracts.Auth;
|
|
|
|
|
|
using System;
|
|
|
|
|
|
using System.Data;
|
|
|
|
|
|
using System.Security.Cryptography;
|
|
|
|
|
|
using System.Text;
|
|
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
|
|
|
|
|
|
namespace OnlineSalesAutoCrop.CoreAPI.Services.Services.Auth;
|
|
|
|
|
|
|
|
|
|
|
|
public class RefreshTokenService : IRefreshTokenService
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly AppSettings _settings;
|
|
|
|
|
|
public RefreshTokenService(IOptions<AppSettings> settings)
|
|
|
|
|
|
{
|
|
|
|
|
|
_settings = settings.Value;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public async Task<bool> AddAsync(InsertRefreshTokenRequest refreshToken)
|
|
|
|
|
|
{
|
|
|
|
|
|
bool returnValue = false;
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using TransactionContext tc = await TransactionContext.BeginAsync(_settings.DefaultConnection.ConnectionNode, true);
|
2026-06-16 15:18:22 +06:00
|
|
|
|
AddAsync(tc, refreshToken);
|
2026-06-15 18:26:58 +06:00
|
|
|
|
|
|
|
|
|
|
tc.End();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return returnValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-06-16 15:18:22 +06:00
|
|
|
|
private bool AddAsync( TransactionContext tc, InsertRefreshTokenRequest refreshToken)
|
2026-06-15 18:26:58 +06:00
|
|
|
|
{
|
|
|
|
|
|
bool returnValue = false;
|
|
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
SqlParameter[] p =
|
|
|
|
|
|
[
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@UserId", pType: SqlDbType.VarChar, pValue: refreshToken.UserId),
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@TokenHash", pType: SqlDbType.VarChar, pValue: refreshToken.TokenHash),
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@IpAddress", pType: SqlDbType.VarChar, pValue: refreshToken.IpAddress),
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@CreatedAt", pType: SqlDbType.DateTime, pValue: DateTime.Now),
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@ExpiredAt", pType: SqlDbType.DateTime, pValue: DateTime.Now.AddMinutes(_settings.RefreshTokenDuration)),
|
|
|
|
|
|
];
|
2026-06-16 15:18:22 +06:00
|
|
|
|
_ = tc.ExecuteNonQuerySp(spName: "dbo.InsertRefreshToken", parameterValues: p);
|
2026-06-15 18:26:58 +06:00
|
|
|
|
|
|
|
|
|
|
returnValue = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return returnValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public async Task<RefreshTokenResponse> GetByTokenHashAsync(string tokenHash)
|
|
|
|
|
|
{
|
|
|
|
|
|
RefreshTokenResponse response = new();
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using TransactionContext tc = await TransactionContext.BeginAsync(_settings.DefaultConnection.ConnectionNode);
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2026-06-16 11:36:11 +06:00
|
|
|
|
await GetByTokenHashAsync(tc, tokenHash);
|
2026-06-15 18:26:58 +06:00
|
|
|
|
tc.End();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ie)
|
|
|
|
|
|
{
|
|
|
|
|
|
tc?.HandleError();
|
|
|
|
|
|
|
|
|
|
|
|
throw DBCustomError.GenerateCustomError(ie);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-06-16 11:36:11 +06:00
|
|
|
|
private async Task<RefreshTokenResponse> GetByTokenHashAsync(TransactionContext tc, string tokenHash)
|
|
|
|
|
|
{
|
|
|
|
|
|
RefreshTokenResponse response = new();
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
SqlParameter[] p =
|
|
|
|
|
|
[
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@RefreshToken", pType: SqlDbType.VarChar, pValue: tokenHash),
|
|
|
|
|
|
];
|
|
|
|
|
|
using (IDataReader dr = await tc.ExecuteReaderSpAsync("dbo.GetRefreshTokenByTokenHash", parameterValues: p))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (dr.Read())
|
|
|
|
|
|
{
|
|
|
|
|
|
response.UserId = dr.GetString(0);
|
|
|
|
|
|
response.TokenHash = dr.GetString(1);
|
|
|
|
|
|
response.IpAddress = dr.GetString(2);
|
|
|
|
|
|
response.ExpiredAt = dr.GetDateTime(3);
|
|
|
|
|
|
response.RevokedAt = dr.IsDBNull(4) ? null : dr.GetDateTime(4);
|
|
|
|
|
|
}
|
|
|
|
|
|
dr.Close();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-06-15 18:26:58 +06:00
|
|
|
|
public async Task<bool> RevokeAllForUserAsync(int userId)
|
|
|
|
|
|
{
|
|
|
|
|
|
bool returnValue = false;
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using TransactionContext tc = await TransactionContext.BeginAsync(_settings.DefaultConnection.ConnectionNode, true);
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
SqlParameter[] p =
|
|
|
|
|
|
[
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@UserId", pType: SqlDbType.Int, pValue: userId)
|
|
|
|
|
|
];
|
|
|
|
|
|
_ = await tc.ExecuteNonQuerySpAsync(spName: "dbo.RevokedAllRefreshToken", parameterValues: p);
|
|
|
|
|
|
|
|
|
|
|
|
returnValue = true;
|
|
|
|
|
|
|
|
|
|
|
|
tc.End();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ie)
|
|
|
|
|
|
{
|
|
|
|
|
|
tc?.HandleError();
|
|
|
|
|
|
|
|
|
|
|
|
throw DBCustomError.GenerateCustomError(ie);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return returnValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task<bool> RevokeAsync(RevokedRefreshTokenRequest token)
|
|
|
|
|
|
{
|
|
|
|
|
|
bool returnValue = false;
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using TransactionContext tc = await TransactionContext.BeginAsync(_settings.DefaultConnection.ConnectionNode, true);
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2026-06-16 15:18:22 +06:00
|
|
|
|
returnValue = RevokeAsync(tc, token);
|
2026-06-15 18:26:58 +06:00
|
|
|
|
|
|
|
|
|
|
tc.End();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ie)
|
|
|
|
|
|
{
|
|
|
|
|
|
tc?.HandleError();
|
|
|
|
|
|
|
|
|
|
|
|
throw DBCustomError.GenerateCustomError(ie);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return returnValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-06-16 15:18:22 +06:00
|
|
|
|
private bool RevokeAsync(TransactionContext tc, RevokedRefreshTokenRequest token)
|
2026-06-16 11:36:11 +06:00
|
|
|
|
{
|
|
|
|
|
|
bool returnValue = false;
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
SqlParameter[] p =
|
|
|
|
|
|
[
|
|
|
|
|
|
SqlHelperExtension.CreateInParam(pName: "@RefreshToken", pType: SqlDbType.NVarChar, pValue: token.RefreshToken)
|
|
|
|
|
|
];
|
2026-06-16 15:18:22 +06:00
|
|
|
|
_ = tc.ExecuteNonQuerySp(spName: "dbo.RevokedAllRefreshToken", parameterValues: p);
|
2026-06-16 11:36:11 +06:00
|
|
|
|
|
|
|
|
|
|
returnValue = true;
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return returnValue;
|
|
|
|
|
|
}
|
|
|
|
|
|
public async Task<GenerateRefreshTokenResponse> GenerateRefreshToken(GenerateRefreshTokenRequest request)
|
2026-06-15 18:26:58 +06:00
|
|
|
|
{
|
2026-06-16 11:36:11 +06:00
|
|
|
|
GenerateRefreshTokenResponse refreshTokenResponse = new();
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using TransactionContext tc = await TransactionContext.BeginAsync(_settings.DefaultConnection.ConnectionNode, true);
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
var tokenHash = HashToken(request.RawRefreshToken);
|
|
|
|
|
|
|
|
|
|
|
|
var storedToken = await GetByTokenHashAsync(tc, tokenHash);
|
|
|
|
|
|
|
2026-06-16 15:18:22 +06:00
|
|
|
|
if (storedToken.UserId is not null && !storedToken.IsActive)
|
2026-06-16 11:36:11 +06:00
|
|
|
|
throw new UnauthorizedAccessException("Refresh token has expired or been revoked.");
|
|
|
|
|
|
|
|
|
|
|
|
// Rotate: revoke old token, issue new one
|
2026-06-16 15:18:22 +06:00
|
|
|
|
RevokeAsync(tc,new RevokedRefreshTokenRequest() { RefreshToken = storedToken.TokenHash });
|
2026-06-16 11:36:11 +06:00
|
|
|
|
|
|
|
|
|
|
refreshTokenResponse= await IssueTokensAsync(tc,request.User, request.IpAddress);
|
|
|
|
|
|
|
|
|
|
|
|
tc.End();
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ie)
|
|
|
|
|
|
{
|
|
|
|
|
|
tc?.HandleError();
|
|
|
|
|
|
|
|
|
|
|
|
throw DBCustomError.GenerateCustomError(ie);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidOperationException(e.Message, e);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return refreshTokenResponse;
|
2026-06-15 18:26:58 +06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ----- private helpers -----
|
|
|
|
|
|
|
2026-06-16 11:36:11 +06:00
|
|
|
|
private async Task<GenerateRefreshTokenResponse> IssueTokensAsync(TransactionContext tc, User user, string ipAddress)
|
2026-06-15 18:26:58 +06:00
|
|
|
|
{
|
2026-06-16 11:36:11 +06:00
|
|
|
|
string rawRefreshToken = GenerateRowToken();
|
2026-06-15 18:26:58 +06:00
|
|
|
|
var refreshToken = new InsertRefreshTokenRequest
|
|
|
|
|
|
{
|
|
|
|
|
|
UserId = user.UserId,
|
2026-06-16 11:36:11 +06:00
|
|
|
|
TokenHash = HashToken(rawRefreshToken),
|
2026-06-15 18:26:58 +06:00
|
|
|
|
IpAddress = ipAddress,
|
|
|
|
|
|
CreatedAt = DateTime.UtcNow,
|
|
|
|
|
|
ExpiresAt = DateTime.UtcNow.AddDays(_settings.RefreshTokenDuration)
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2026-06-16 15:18:22 +06:00
|
|
|
|
AddAsync(tc,refreshToken);
|
2026-06-15 18:26:58 +06:00
|
|
|
|
|
2026-06-16 11:36:11 +06:00
|
|
|
|
return new GenerateRefreshTokenResponse
|
2026-06-15 18:26:58 +06:00
|
|
|
|
{
|
|
|
|
|
|
RefreshToken = rawRefreshToken,
|
2026-06-16 11:36:11 +06:00
|
|
|
|
ExpireTime = DateTime.UtcNow.AddMinutes(_settings.RefreshTokenDuration)
|
2026-06-15 18:26:58 +06:00
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private static string HashToken(string token)
|
|
|
|
|
|
{
|
|
|
|
|
|
var bytes = SHA256.HashData(Encoding.UTF8.GetBytes(token));
|
|
|
|
|
|
return Convert.ToBase64String(bytes);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private string GenerateRowToken()
|
|
|
|
|
|
{
|
|
|
|
|
|
var bytes = new byte[64];
|
|
|
|
|
|
using var rng = RandomNumberGenerator.Create();
|
|
|
|
|
|
rng.GetBytes(bytes);
|
|
|
|
|
|
return Convert.ToBase64String(bytes);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
