Add Login Module

AMREZ.EOP.Infrastructures/Security/JwtFactory.cs

@@ -0,0 +1,51 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using AMREZ.EOP.Abstractions.Applications.Tenancy;
+using AMREZ.EOP.Abstractions.Security;
+using AMREZ.EOP.Infrastructures.Options;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace AMREZ.EOP.Infrastructures.Security;
+
+public sealed class JwtFactory : IJwtFactory
+{
+    private readonly ITenantResolver _resolver;
+    private readonly IHttpContextAccessor _http;
+
+    private const string Issuer = "amrez.eop";
+    private const string Audience = "amrez.eop.clients";
+    private const int AccessMinutes = 10;
+
+    public JwtFactory(ITenantResolver resolver, IHttpContextAccessor http)
+    {
+        _resolver = resolver;
+        _http = http;
+    }
+
+    public (string token, DateTimeOffset expiresAt) CreateAccessToken(IEnumerable<Claim> claims)
+    {
+        var http = _http.HttpContext ?? throw new InvalidOperationException("No HttpContext");
+        var tenant = _resolver.Resolve(http) ?? throw new InvalidOperationException("No tenant context");
+
+        var material = !string.IsNullOrWhiteSpace(tenant.Id) ? tenant.Id! : tenant.TenantKey!;
+        var keyBytes = SHA256.HashData(Encoding.UTF8.GetBytes(material));
+        var cred = new SigningCredentials(new SymmetricSecurityKey(keyBytes), SecurityAlgorithms.HmacSha256);
+
+        var now = DateTimeOffset.UtcNow;
+        var exp = now.AddMinutes(AccessMinutes);
+
+        var jwt = new JwtSecurityToken(
+            issuer: Issuer,
+            audience: Audience,
+            claims: claims,
+            notBefore: now.UtcDateTime,
+            expires: exp.UtcDateTime,
+            signingCredentials: cred);
+
+        return (new JwtSecurityTokenHandler().WriteToken(jwt), exp);
+    }
+}