feat(api): .NET 10 multi-tenant REST API

Full backend implementation: - Multi-tenant cafe/restaurant management (menus, orders, tables, staff) - POS order flow with ZarinPal and Snappfood payment integration - OTP authentication via Kavenegar SMS - QR digital menu with public discover/finder endpoints - Customer loyalty, coupons, CRM - PostgreSQL via EF Core, Redis for caching/sessions - Background jobs, webhook handlers - Full migration history Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-05-27 21:33:48 +03:30
parent 03376b3ea1
commit ef15fd6247
472 changed files with 120358 additions and 0 deletions
@@ -0,0 +1,61 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using Meezi.Core.Constants;
+using Meezi.Core.Entities;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Meezi.Admin.API.Services;
+
+public interface IAdminJwtTokenService
+{
+    string CreateAdminAccessToken(SystemAdmin admin);
+    string CreateRefreshToken();
+    DateTime GetAccessTokenExpiry();
+}
+
+public class AdminJwtTokenService : IAdminJwtTokenService
+{
+    private readonly IConfiguration _configuration;
+
+    public AdminJwtTokenService(IConfiguration configuration) => _configuration = configuration;
+
+    public string CreateAdminAccessToken(SystemAdmin admin)
+    {
+        var key = _configuration["Jwt:Key"] ?? throw new InvalidOperationException("Jwt:Key is not configured.");
+        var issuer = _configuration["Jwt:Issuer"] ?? "meezi";
+        var audience = _configuration["Jwt:Audience"] ?? "meezi-admin";
+        var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7);
+
+        var claims = new List<Claim>
+        {
+            new(JwtRegisteredClaimNames.Sub, admin.Id),
+            new(ClaimTypes.Role, "SystemAdmin"),
+            new(MeeziClaimTypes.Role, "SystemAdmin"),
+            new(MeeziClaimTypes.Actor, MeeziActorKinds.SystemAdmin),
+            new(MeeziClaimTypes.Language, "fa"),
+            new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N"))
+        };
+
+        var credentials = new SigningCredentials(
+            new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
+            SecurityAlgorithms.HmacSha256);
+
+        var token = new JwtSecurityToken(
+            issuer,
+            audience,
+            claims,
+            expires: DateTime.UtcNow.AddDays(expiryDays),
+            signingCredentials: credentials);
+
+        return new JwtSecurityTokenHandler().WriteToken(token);
+    }
+
+    public string CreateRefreshToken() => Guid.NewGuid().ToString("N") + Guid.NewGuid().ToString("N");
+
+    public DateTime GetAccessTokenExpiry()
+    {
+        var expiryDays = _configuration.GetValue("Jwt:AccessTokenExpiryDays", 7);
+        return DateTime.UtcNow.AddDays(expiryDays);
+    }
+}