Implemented redis cache for permission and jwt checking

Author: foyzulkarim

client/src/App.js

@@ -38,7 +38,8 @@ export const Navigation = () => {
   let history = useHistory();
 
   const logOut = () => {
-    dispatch({ type: Constants.LOGOUT_REQUEST });
+    let data = { jti: userContext.jti };
+    dispatch({ type: Constants.LOGOUT_REQUEST, payload: data });
   }
 
   let login = () => {

client/src/constants/index.js

@@ -3,6 +3,7 @@ export const Constants = {
     LOGIN_SUCCESS: 'LOGIN_REQUEST_SUCCESS',
     LOGIN_FAILURE: 'LOGIN_REQUEST_FAILURE',
     LOGOUT_REQUEST: 'LOGOUT_REQUEST',
+    LOGOUT_REQUEST_SUCCESS: 'LOGOUT_REQUEST_SUCCESS',
     PERMISSION_SUCCESS: 'PERMISSION_SUCCESS',
 
     REGISTER_REQUEST: 'REGISTER_REQUEST',

client/src/reducers/userReducer.js

@@ -7,7 +7,8 @@ const initialState = {
     isRegistered: false,
     error: null,
     role: null,
-    resources: null
+    resources: null,
+    jti: null
 }
 
 const getUser = (state, data) => {
@@ -17,7 +18,8 @@ const getUser = (state, data) => {
         user: { username: data.userName },
         token: data.access_token,
         role: data.role,
-        resources: data.resources
+        resources: data.resources,
+        jti: data.jti
     };
 }
 
@@ -35,7 +37,7 @@ export default (state = initialState, action) => {
         //     role: data.role,
         //     resources: data.resources
         // };
-        case Constants.LOGOUT_REQUEST:
+        case Constants.LOGOUT_REQUEST_SUCCESS:
             localStorage.removeItem('data');
             return {
                 isAuthenticated: initialState.isAuthenticated,

client/src/sagas/api.js

@@ -23,6 +23,7 @@ axios.interceptors.response.use(function (response) {
         localStorage.removeItem('data');
         window.location = '/login';
     } else {
+        window.location = '/';
         return Promise.reject(error.response);
     }
 });
@@ -69,6 +70,11 @@ export const login = (data) => {
     return axios.post(`${AuthUrl}/api/token`, data);
 }
 
+export const logout = (data) => {
+    console.log("logout api call ->", data);
+    return axios.post(`${AuthUrl}/api/logout`, data);
+}
+
 export const register = (data) => {
     console.log("register api call ->", data);
     return axios.post(`${AuthUrl}/api/user/register`, data);

client/src/sagas/loginSaga.js

@@ -0,0 +1,49 @@
+import { call, put, takeEvery } from "redux-saga/effects";
+import * as api from './api';
+import { Constants } from "../constants";
+
+export function* login({ payload }) {
+    try {
+        let output = yield call(api.login, payload);
+        yield put({ type: 'LOGIN_REQUEST_SUCCESS', payload: output });
+    } catch (error) {
+        console.log('login error', error);
+    }
+}
+
+function* watchLogin() {
+    yield takeEvery('LOGIN_REQUEST', login);
+}
+
+export function* logout({ payload }) {
+    try {
+        let output = yield call(api.logout, payload);
+        yield put({ type: 'LOGOUT_REQUEST_SUCCESS', payload: output });
+    } catch (error) {
+        console.log('login error', error);
+    }
+}
+
+function* watchLogout() {
+    yield takeEvery('LOGOUT_REQUEST', logout);
+}
+
+export function* register({ payload }) {
+    try {
+        let output = yield call(api.register, payload);
+        yield put({ type: Constants.REGISTER_SUCCESS, payload: output });
+    } catch (error) {
+        console.log('register error', error);
+        yield put({ type: Constants.REGISTER_FAILURE, payload: error });
+    }
+}
+
+function* watchRegister() {
+    yield takeEvery(Constants.REGISTER_REQUEST, register);
+}
+
+export default [
+    watchLogin(),
+    watchLogout(),
+    watchRegister()
+];

client/src/sagas/postSaga.js

@@ -97,41 +97,12 @@ function* watchFetchComments() {
     yield takeEvery('FETCH_COMMENTS', fetchComments);
 }
 
-export function* login({ payload }) {
-    try {
-        let output = yield call(api.login, payload);
-        yield put({ type: 'LOGIN_REQUEST_SUCCESS', payload: output });
-    } catch (error) {
-        console.log('login error', error);
-    }
-}
-
-function* watchLogin() {
-    yield takeEvery('LOGIN_REQUEST', login);
-}
-
-export function* register({ payload }) {
-    try {
-        let output = yield call(api.register, payload);
-        yield put({ type: Constants.REGISTER_SUCCESS, payload: output });
-    } catch (error) {
-        console.log('register error', error);
-        yield put({ type: Constants.REGISTER_FAILURE, payload: error });
-    }
-}
-
-function* watchRegister() {
-    yield takeEvery(Constants.REGISTER_REQUEST, register);
-}
-
 export default [
     watchAddPost(),
     watchEditPost(),
     watchDeletePost(),
     watchFetchPosts(),
     watchFetchPostDetail(),
     watchAddComment(),
-    watchFetchComments(),
-    watchLogin(),
-    watchRegister()
+    watchFetchComments()
 ];

client/src/sagas/sagas.js

@@ -1,10 +1,11 @@
 import { all } from "redux-saga/effects";
 import posts from "./postSaga";
+import logins from "./loginSaga";
 import resources from "./resourceSaga";
 import roles from "./roleSaga";
 import permissions from "./permissionSaga";
 
 export default function* rootSaga() {
-    let allSagas = [...posts, ...resources, ...roles, ...permissions];
+    let allSagas = [...posts, ...logins, ...resources, ...roles, ...permissions];
     yield all(allSagas);
 };

server/AuthWebApplication/AuthWebApplication/Controllers/ApplicationUserTokensController.cs

@@ -0,0 +1,136 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using AuthWebApplication.Models;
+using AuthWebApplication.Models.Db;
+using AuthWebApplication.Services;
+using Newtonsoft.Json;
+using StackExchange.Redis;
+
+namespace AuthWebApplication.Controllers
+{
+    [Route("api/[controller]")]
+    [ApiController]
+    public class ApplicationUserTokensController : ControllerBase
+    {
+        private readonly SecurityDbContext _context;
+        private readonly RedisService redisService;
+
+        public ApplicationUserTokensController(SecurityDbContext context, RedisService redisService)
+        {
+            _context = context;
+            this.redisService = redisService;
+        }
+
+        // GET: api/ApplicationUserTokens
+        [HttpGet]
+        public async Task<ActionResult<IEnumerable<ApplicationUserToken>>> GetApplicationUserTokens()
+        {
+            return await _context.ApplicationUserTokens.ToListAsync();
+        }
+
+        [HttpGet]
+        [Route("Search")]
+        public async Task<ActionResult<List<object>>> SearchTokens(string keyword)
+        {
+            var redisValues = await redisService.SearchRedisKeys(keyword);
+
+            return Ok(redisValues);
+        }
+
+        // GET: api/ApplicationUserTokens/5
+        [HttpGet("{id}")]
+        public async Task<ActionResult<ApplicationUserToken>> GetApplicationUserToken(string id)
+        {
+            var applicationUserToken = await _context.ApplicationUserTokens.FindAsync(id);
+
+            if (applicationUserToken == null)
+            {
+                return NotFound();
+            }
+
+            return applicationUserToken;
+        }
+
+        // PUT: api/ApplicationUserTokens/5
+        // To protect from overposting attacks, see https://go.microsoft.com/fwlink/?linkid=2123754
+        [HttpPut("{id}")]
+        public async Task<IActionResult> PutApplicationUserToken(string id, ApplicationUserToken applicationUserToken)
+        {
+            if (id != applicationUserToken.UserId)
+            {
+                return BadRequest();
+            }
+
+            _context.Entry(applicationUserToken).State = EntityState.Modified;
+
+            try
+            {
+                await _context.SaveChangesAsync();
+            }
+            catch (DbUpdateConcurrencyException)
+            {
+                if (!ApplicationUserTokenExists(id))
+                {
+                    return NotFound();
+                }
+                else
+                {
+                    throw;
+                }
+            }
+
+            return NoContent();
+        }
+
+        // POST: api/ApplicationUserTokens
+        // To protect from overposting attacks, see https://go.microsoft.com/fwlink/?linkid=2123754
+        [HttpPost]
+        public async Task<ActionResult<ApplicationUserToken>> PostApplicationUserToken(ApplicationUserToken applicationUserToken)
+        {
+            _context.ApplicationUserTokens.Add(applicationUserToken);
+            try
+            {
+                await _context.SaveChangesAsync();
+            }
+            catch (DbUpdateException)
+            {
+                if (ApplicationUserTokenExists(applicationUserToken.UserId))
+                {
+                    return Conflict();
+                }
+                else
+                {
+                    throw;
+                }
+            }
+
+            return CreatedAtAction("GetApplicationUserToken", new { id = applicationUserToken.UserId }, applicationUserToken);
+        }
+
+        // DELETE: api/ApplicationUserTokens/5
+        [HttpDelete("{id}")]
+        public async Task<IActionResult> DeleteApplicationUserToken(string id)
+        {
+            var applicationUserToken = await _context.ApplicationUserTokens.FindAsync(id);
+            if (applicationUserToken == null)
+            {
+                return NotFound();
+            }
+
+            _context.ApplicationUserTokens.Remove(applicationUserToken);
+            await _context.SaveChangesAsync();
+
+            return NoContent();
+        }
+
+        private bool ApplicationUserTokenExists(string id)
+        {
+            return _context.ApplicationUserTokens.Any(e => e.UserId == id);
+        }
+    }
+}

server/AuthWebApplication/AuthWebApplication/Controllers/AuthorizeTokenController.cs

@@ -2,9 +2,14 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using AuthWebApplication.Models.ViewModels;
 using AuthWebApplication.Services;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 
 namespace AuthWebApplication.Controllers
 {
@@ -19,11 +24,40 @@ public AuthorizeTokenController(RedisService redisService)
             this.redisService = redisService;
         }
 
-        public async Task<IActionResult> Get(string jti)
+        public async Task<IActionResult> Get(string userName, string jti, string resource)
         {
-            var s = await redisService.Get(jti);
-            var inValid = string.IsNullOrWhiteSpace(s);
-            return inValid ? (IActionResult) Unauthorized(jti) : Ok();
+            var inValid = string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(jti) || string.IsNullOrWhiteSpace(resource);
+            if (inValid)
+            {
+                return Unauthorized("Invalid data");
+            }
+
+            var redisValue = await redisService.Get(userName);
+            if (string.IsNullOrWhiteSpace(redisValue))
+            {
+                return Unauthorized(userName);
+            }
+
+            var dbValue = (dynamic)JsonConvert.DeserializeObject(redisValue);
+            var jtiArray = ((dbValue as dynamic).jtis as dynamic) as JArray;
+            var list = jtiArray.ToObject<List<string>>();
+            var validJti = list.Exists(x => x == jti);
+
+            if (!validJti)
+            {
+                return Unauthorized(jti);
+            }
+
+            var permissionViewModels = JsonConvert.DeserializeObject<List<ApplicationPermissionViewModel>>(
+                ((dbValue as dynamic).resources as JValue).ToString());
+            var permitted = permissionViewModels.Exists(x => x.Name == resource && Convert.ToBoolean(x.IsAllowed));
+
+            if (!permitted)
+            {
+                return Forbid("Bearer");
+            }
+
+            return Ok();
         }
     }
 }