This document details the Authorization Service, a microservice in the space trader elite-style backend. Its purpose is to handle user authentication, including registration, login, and the management of JWT and refresh tokens.
The Auth Service relies on two primary data models to manage user data and sessions.
Represents a user account in the system.
User.cs namespace AuthService.Models { public class User { public int Id { get; set; } public string Username { get; set; } = default!; public string PasswordHash { get; set; } = default!; public string Role { get; set; } = "User"; public ICollectionRefreshTokens { get; set; } = new List (); } }
Fields:
Id: A unique identifier for the user.Username: The user's unique username.PasswordHash: The securely hashed password using BCrypt.Role: The user's role, with a default value of "User".RefreshTokens: A collection of associated refresh tokens.Used to generate new JWTs without requiring the user to re-enter their credentials.
RefreshToken.cs
namespace AuthService.Models
{
public class RefreshToken
{
public int Id { get; set; }
public string Token { get; set; } = default!;
public DateTime ExpiresAt { get; set; }
public int UserId { get; set; }
public User User { get; set; } = default!;
}
}
Fields:
Id: Unique identifier for the refresh token.Token: The unique refresh token string.ExpiresAt: The expiration date and time of the token.UserId: The foreign key to the associated user.User: The navigation property to the user object.All endpoints are defined within the AuthController and are prefixed with /api/Auth.
/api/Auth/register
Registers a new user with a username, password, and role.
{
"username": "newuser",
"password": "securepassword123",
"role": "User"
}{ "Message": "User registered successfully" } { "Message": "Username already taken" } if the username is not unique./api/Auth/login
Authenticates a user and issues a new JWT and a refresh token.
{
"username": "existinguser",
"password": "securepassword123"
}{ "Message": "Invalid credentials" } if the username or password is incorrect./api/Auth/delete
Deletes a user account and all associated refresh tokens.
{
"username": "userToDelete"
}{ "Message": "User deleted successfully" }./api/Auth/refresh
Exchanges an old, unexpired refresh token for a new JWT and a new refresh token.
{
"refreshToken": "old_refresh_token_string"
}{ "Message": "Invalid or expired refresh token" }.The core logic of the service is managed by the AuthServiceLogic class.
BCrypt.Net-Next library before being stored.The appsettings.json file contains all the necessary configuration settings.
appsettings.json
{
"Jwt": {
"Key": "super-secure-secret-key-change-me-super-secure-secret-key-change-me",
"Issuer": "AuthService",
"Audience": "ClientApp",
"ExpiresInMinutes": 15,
"RefreshTokenExpiresInDays": 7
},
"ConnectionStrings": {
"DatabaseConnection": "Server=auth_db_server;Username=auth_db_user;Password=auth_db_password;Database=auth_db"
}
}
The database connection string and JWT parameters are defined here. The ApiGateway and AuthService share the same JWT configuration (Key, Issuer, Audience) to ensure that tokens issued by the auth service can be validated by the gateway.
Key dependencies are managed in the AuthService.csproj file.
BCrypt.Net-Next: For secure password hashing.Microsoft.AspNetCore.Authentication.JwtBearer: For handling JWT authentication.Npgsql.EntityFrameworkCore.PostgreSQL: To interact with a PostgreSQL database.Microsoft.EntityFrameworkCore.Design: For managing database migrations.The service is containerized using a multi-stage Dockerfile. The final image is based on a lightweight ASP.NET runtime image, which is optimized for deployment.