An advanced API for a web platform offering online courses built with .NET 8. It incorporates RESTful architecture, JWT authentication with refresh tokens, role-based access control, SQL Server integration, OTP-based password recovery, robust logging, middleware for error handling, and Blazor for UI services.

• JWT Authentication: Secure authentication using JWT with role and permission validation.
• Refresh Tokens: Implemented refresh tokens stored in the database for secure session handling.
• AuthController: Supports login and JWT token refresh functionality.
• Role & Permission Management: Dynamically retrieves user roles and permissions from the database and includes them in the JWT token.
• Password Hashing: Utilizes BCrypt for secure password storage.
• Configuration: JWT authentication and authorization setup in Program.cs.

• Implemented repositories for managing users, roles, permissions, and refresh tokens.
• Added migrations to create database tables for:
  • Users
  • Roles
  • Permissions
  • RefreshTokens

• EmailService: Sends OTP codes for password recovery.
• MailKit Integration: Secure email handling with MailKit, using configuration from .env.
• Removed hardcoded credentials, improving security by leveraging environment variables for email configuration.

• Response Compression: Optimized API response size with compression.
• ProblemDetails Middleware: Standardized error responses across the API for better client-side error handling.
• Logging: Integrated logging using Serilog for API request tracing and error reporting.

• Blazor WebAssembly: Utilized Blazor for the front-end interface of the online courses platform.
• LocalStorage Service: Handles token management (authToken, refreshToken) using Blazored.LocalStorage with conflict resolution for custom local storage.

• JWT authentication added with role and permission validation.
• Refresh token implementation with database storage and validation.
• AuthController supports login and token refresh.
• JWT token generation includes dynamic roles and permissions retrieved from the database.
• Added repositories for users, roles, permissions, and refresh tokens.
• Password hashing using BCrypt for secure authentication.
• Configured JWT authentication and authorization in Program.cs.
• Migrations added for creating the necessary tables.

• Implemented EmailService to send OTP codes for password reset.
• Moved sensitive SMTP configuration (host, port, email, password) to .env.
• Improved security by removing hardcoded email credentials and using .env configuration.
• Integrated MailKit for secure email handling based on environment variables.

• Regenerated developer certificate for local development.
• Updated Program.cs to include improved response compression and middleware for problem details.
• Added dependency injection for IEmailService and IPasswordResetService.

• Implemented a custom LocalStorageService for handling token storage.
• Resolved conflicts between the project's ILocalStorageService and Blazored.LocalStorage.
• Added operations to save, retrieve, and remove tokens in local storage.

• Added authentication check and redirection to /login in App.razor.
• Updated MainLayout.razor to conditionally show the NavMenu based on authentication status.
• Ensured unauthenticated users are redirected when accessing protected routes.
• Simplified layout handling for public pages like /login, /register, and /forgot-password.

• Added a loading screen while checking authentication status with the token in LocalStorage.
• Fixed redirection flow to prevent incorrect login redirection.
• Adjusted logic for handling protected and public routes.
• Corrected MainLayout so the NavBar only appears for authenticated users.
• Consolidated authentication checks to avoid redundancy.
• Verified that public pages load correctly and protected routes require valid authentication.

1. Clone the repository:

   git clone https://github.com/your-repo/online-courses-platform.git