3 files changed, 95 insertions, 11 deletions
diff --git a/server/src/Services/ForgotPasswordService.cs b/server/src/Services/ForgotPasswordService.cs
index de38b29..e6b6acf 100644
--- a/server/src/Services/ForgotPasswordService.cs
+++ b/server/src/Services/ForgotPasswordService.cs
@@ -1,16 +1,18 @@
+using Microsoft.Extensions.Options;
+
 namespace IOL.GreatOffice.Api.Services;
 
 public class ForgotPasswordService
 {
 	private readonly AppDbContext _context;
 	private readonly MailService _mailService;
-	private readonly IConfiguration _configuration;
+	private readonly IOptions<AppConfiguration> _configuration;
 	private readonly ILogger<ForgotPasswordService> _logger;
 
 
 	public ForgotPasswordService(
 			AppDbContext context,
-			IConfiguration configuration,
+			IOptions<AppConfiguration> configuration,
 			ILogger<ForgotPasswordService> logger,
 			MailService mailService
 	) {
@@ -57,9 +59,9 @@ public class ForgotPasswordService
 		var request = new ForgotPasswordRequest(user);
 		_context.ForgotPasswordRequests.Add(request);
 		await _context.SaveChangesAsync(cancellationToken);
-		var accountsUrl = _configuration.GetValue<string>(AppEnvironmentVariables.ACCOUNTS_URL);
-		var emailFromAddress = _configuration.GetValue<string>(AppEnvironmentVariables.EMAIL_FROM_ADDRESS);
-		var emailFromDisplayName = _configuration.GetValue<string>(AppEnvironmentVariables.EMAIL_FROM_DISPLAY_NAME);
+		var portalUrl = _configuration.Value.PORTAL_URL;
+		var emailFromAddress = _configuration.Value.EMAIL_FROM_ADDRESS;
+		var emailFromDisplayName = _configuration.Value.EMAIL_FROM_DISPLAY_NAME;
 		var zonedExpirationDate = TimeZoneInfo.ConvertTimeBySystemTimeZoneId(request.ExpirationDate, requestTz.Id);
 		var message = new MailMessage {
 				From = new MailAddress(emailFromAddress, emailFromDisplayName),
@@ -72,7 +74,7 @@ Hi {user.Username}
 
 Go to the following link to set a new password.
 
-{accountsUrl}/#/reset-password?id={request.Id}
+{portalUrl}/#/reset-password?id={request.Id}
 
 The link expires at {zonedExpirationDate:yyyy-MM-dd hh:mm}.
 If you did not request a password reset, no action is required.
diff --git a/server/src/Services/MailService.cs b/server/src/Services/MailService.cs
index b271de4..d773303 100644
--- a/server/src/Services/MailService.cs
+++ b/server/src/Services/MailService.cs
@@ -1,3 +1,5 @@
+using Microsoft.Extensions.Options;
+
 namespace IOL.GreatOffice.Api.Services;
 
 public class MailService
@@ -13,12 +15,12 @@ public class MailService
 	/// </summary>
 	/// <param name="configuration"></param>
 	/// <param name="logger"></param>
-	public MailService(IConfiguration configuration, ILogger<MailService> logger) {
+	public MailService(IOptions<AppConfiguration> configuration, ILogger<MailService> logger) {
 		_logger = logger;
-		_emailHost = configuration.GetValue<string>(AppEnvironmentVariables.SMTP_HOST);
-		_emailPort = configuration.GetValue<int>(AppEnvironmentVariables.SMTP_PORT);
-		_emailUser = configuration.GetValue<string>(AppEnvironmentVariables.SMTP_USER);
-		_emailPassword = configuration.GetValue<string>(AppEnvironmentVariables.SMTP_PASSWORD);
+		_emailHost = configuration.Value.SMTP_HOST;
+		_emailPort = Convert.ToInt32(configuration.Value.SMTP_PORT);
+		_emailUser = configuration.Value.SMTP_USER;
+		_emailPassword = configuration.Value.SMTP_PASSWORD;
 	}
 
 	/// <summary>
diff --git a/server/src/Services/VaultService.cs b/server/src/Services/VaultService.cs
new file mode 100644
index 0000000..388f8d4
--- /dev/null
+++ b/server/src/Services/VaultService.cs
@@ -0,0 +1,80 @@
+namespace IOL.GreatOffice.Api.Services;
+
+public class VaultService
+{
+	private readonly HttpClient _client;
+
+	public VaultService(HttpClient client, IConfiguration configuration) {
+		var token = configuration.GetValue<string>("VAULT_TOKEN");
+		var vaultUrl = configuration.GetValue<string>("VAULT_URL");
+		if (token.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_TOKEN is empty");
+		if (vaultUrl.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_URL is empty");
+		client.DefaultRequestHeaders.Add("X-Vault-Token", token);
+		client.BaseAddress = new Uri(vaultUrl);
+		_client = client;
+	}
+
+	public async Task<GetSecretResponse<T>> GetSecretAsync<T>(string path) {
+		return await _client.GetFromJsonAsync<GetSecretResponse<T>>("/v1/kv/data/" + path);
+	}
+
+	public async Task<RenewTokenResponse> RenewTokenAsync<T>(string token) {
+		var response = await _client.PostAsJsonAsync("v1/auth/token/renew",
+													 new {
+															 Token = token
+													 });
+		if (response.IsSuccessStatusCode) {
+			return await response.Content.ReadFromJsonAsync<RenewTokenResponse>();
+		}
+
+		return default;
+	}
+
+	public class RenewTokenResponse
+	{
+		public Guid RequestId { get; set; }
+		public string LeaseId { get; set; }
+		public bool Renewable { get; set; }
+		public long LeaseDuration { get; set; }
+		public object Data { get; set; }
+		public object WrapInfo { get; set; }
+		public List<string> Warnings { get; set; }
+		public Auth Auth { get; set; }
+	}
+
+	public class Auth
+	{
+		public string ClientToken { get; set; }
+		public string Accessor { get; set; }
+		public List<string> Policies { get; set; }
+		public List<string> TokenPolicies { get; set; }
+		public object Metadata { get; set; }
+		public long LeaseDuration { get; set; }
+		public bool Renewable { get; set; }
+		public string EntityId { get; set; }
+		public string TokenType { get; set; }
+		public bool Orphan { get; set; }
+		public object MfaRequirement { get; set; }
+		public long NumUses { get; set; }
+	}
+
+	public class GetSecretResponse<T>
+	{
+		public VaultSecret<T> Data { get; set; }
+	}
+
+	public class VaultSecret<T>
+	{
+		public T Data { get; set; }
+		public VaultSecretMetadata Metadata { get; set; }
+	}
+
+	public class VaultSecretMetadata
+	{
+		public DateTimeOffset CreatedTime { get; set; }
+		public object CustomMetadata { get; set; }
+		public string DeletionTime { get; set; }
+		public bool Destroyed { get; set; }
+		public long Version { get; set; }
+	}
+}