Add authentication for frontend and API (#71)

src/GeoCop.Api/Controllers/DownloadController.cs

@@ -1,4 +1,5 @@
 using GeoCop.Api.Validation;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.StaticFiles;
 using Swashbuckle.AspNetCore.Annotations;
@@ -8,6 +9,7 @@ namespace GeoCop.Api.Controllers
     /// <summary>
     /// Controller to download log files of validation jobs.
     /// </summary>
+    [AllowAnonymous]
     [ApiController]
     [Route("api/v{version:apiVersion}/[controller]")]
     public class DownloadController : ControllerBase

src/GeoCop.Api/Controllers/StatusController.cs

@@ -1,4 +1,5 @@
 using GeoCop.Api.Validation;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Swashbuckle.AspNetCore.Annotations;
 
@@ -7,6 +8,7 @@ namespace GeoCop.Api.Controllers
     /// <summary>
     /// Controller to get the status information of validation jobs.
     /// </summary>
+    [AllowAnonymous]
     [ApiController]
     [Route("api/v{version:apiVersion}/[controller]")]
     public class StatusController : Controller

src/GeoCop.Api/Controllers/UploadController.cs

@@ -1,6 +1,7 @@
 using Asp.Versioning;
 using GeoCop.Api.Contracts;
 using GeoCop.Api.Validation;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Swashbuckle.AspNetCore.Annotations;
 using System.Diagnostics.CodeAnalysis;
@@ -11,6 +12,7 @@ namespace GeoCop.Api.Controllers
     /// <summary>
     /// Controller for uploading files.
     /// </summary>
+    [AllowAnonymous]
     [ApiController]
     [Route("api/v{version:apiVersion}/[controller]")]
     public class UploadController : ControllerBase

src/GeoCop.Api/Controllers/VersionController.cs

@@ -1,11 +1,13 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using System.Reflection;
 
 namespace GeoCop.Api.Controllers
 {
     /// <summary>
     /// Constroller for Version information.
     /// </summary>
+    [AllowAnonymous]
     [Route("api/v{version:apiVersion}/[controller]")]
     [ApiController]
     public class VersionController : ControllerBase

src/GeoCop.Api/GeoCop.Api.csproj

@@ -11,7 +11,8 @@
     <PackageReference Include="Asp.Versioning.Mvc" Version="7.1.0" />
     <PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="7.1.0" />
     <PackageReference Include="Bogus" Version="34.0.2" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.12" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.14" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.14" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="7.0.11" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.11">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

src/GeoCop.Api/Program.cs

@@ -2,6 +2,9 @@
 using GeoCop.Api;
 using GeoCop.Api.Validation;
 using GeoCop.Api.Validation.Interlis;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.StaticFiles;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.OpenApi.Models;
@@ -13,12 +16,26 @@
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Services
-    .AddControllers()
+    .AddControllers(options =>
+    {
+        var policy = new AuthorizationPolicyBuilder()
+            .RequireAuthenticatedUser()
+            .Build();
+        options.Filters.Add(new AuthorizeFilter(policy));
+    })
     .AddJsonOptions(options =>
     {
         options.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter(JsonNamingPolicy.CamelCase));
     });
 
+builder.Services
+    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
+    {
+        options.Authority = builder.Configuration["Auth:Authority"];
+        options.Audience = builder.Configuration["Auth:ClientId"];
+    });
+
 builder.Services
     .AddApiVersioning(config =>
     {

src/GeoCop.Api/appsettings.Development.json

@@ -1,4 +1,8 @@
-{
+{
+  "Auth": {
+    "Authority": "https://login.microsoftonline.com/16e916d3-12c9-4353-ad04-5a4319422e03/v2.0",
+    "ClientId": "ac09549e-6cf8-40fe-91a9-25515ec71954"
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",

src/GeoCop.Api/appsettings.json

@@ -1,4 +1,4 @@
-{
+{
   "ConnectionStrings": {
     "Context": "Server=localhost;Port=5432;Database=geocop;User Id=HAPPYWALK;Password=SOMBERSPORK;"
   },

src/GeoCop.Frontend/package.json

@@ -12,6 +12,8 @@
     "predev": "node aspnetcore-https.js"
   },
   "dependencies": {
+    "@azure/msal-browser": "^3.5.0",
+    "@azure/msal-react": "^2.0.7",
     "bootstrap": "^5.3.2",
     "dayjs": "^1.11.10",
     "react": "^18.2.0",

src/GeoCop.Frontend/public/client-settings.json

@@ -1,4 +1,18 @@
 {
+  "oauth": {
+    "auth": {
+      "clientId": "ac09549e-6cf8-40fe-91a9-25515ec71954",
+      "authority": "https://login.microsoftonline.com/16e916d3-12c9-4353-ad04-5a4319422e03/",
+      "redirectUri": "/",
+      "postLogoutRedirectUri": "/",
+      "navigateToLoginRequestUrl": false
+    },
+    "cache": {
+      "cacheLocation": "sessionStorage",
+      "storeAuthStateInCookie": false
+    }
+  },
+  "authScopes": ["user.read"],
   "application": {
     "name": "geocop",
     "logo":  "/app.svg"