refresh user

2025-05-19 09:23:20 +02:00 · 2025-05-19 09:23:20 +02:00 · 0d34774059
commit 0d34774059
parent 4e24796a5d
12 changed files with 141 additions and 32 deletions
--- a/Femto.Api/Auth/SessionAuthenticationHandler.cs
+++ b/Femto.Api/Auth/SessionAuthenticationHandler.cs
@ -46,7 +46,7 @@ internal class SessionAuthenticationHandler(
            var principal = new ClaimsPrincipal(identity);

            this.Context.SetSession(result.Session, cookieOptions.Value);
-            currentUserContext.CurrentUser = new CurrentUser(result.User.Id, result.User.Username);
+            currentUserContext.CurrentUser = new CurrentUser(result.User.Id, result.User.Username, result.Session.SessionId);

            return AuthenticateResult.Success(
                new AuthenticationTicket(principal, this.Scheme.Name)
--- a/Femto.Api/Controllers/Auth/AuthController.cs
+++ b/Femto.Api/Controllers/Auth/AuthController.cs
@ -1,9 +1,12 @@
 using Femto.Api.Auth;
 using Femto.Api.Sessions;
+using Femto.Common;
 using Femto.Modules.Auth.Application;
+using Femto.Modules.Auth.Application.Dto;
 using Femto.Modules.Auth.Application.Interface.CreateSignupCode;
 using Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
 using Femto.Modules.Auth.Application.Interface.Login;
+using Femto.Modules.Auth.Application.Interface.RefreshUserSession;
 using Femto.Modules.Auth.Application.Interface.Register;
 using Femto.Modules.Auth.Contracts;
 using Microsoft.AspNetCore.Authorization;
@ -14,8 +17,11 @@ namespace Femto.Api.Controllers.Auth;

 [ApiController]
 [Route("auth")]
-public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings)
-    : ControllerBase
+public class AuthController(
+    IAuthModule authModule,
+    IOptions<CookieSettings> cookieSettings,
+    ICurrentUserContext currentUserContext
+) : ControllerBase
 {
    [HttpPost("login")]
    public async Task<ActionResult<LoginResponse>> Login([FromBody] LoginRequest request)
@ -24,7 +30,11 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo

        HttpContext.SetSession(result.Session, cookieSettings.Value);

-        return new LoginResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
+        return new LoginResponse(
+            result.User.Id,
+            result.User.Username,
+            result.User.Roles.Any(r => r == Role.SuperUser)
+        );
    }

    [HttpPost("register")]
@ -36,16 +46,49 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo

        HttpContext.SetSession(result.Session, cookieSettings.Value);

-        return new RegisterResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
+        return new RegisterResponse(
+            result.User.Id,
+            result.User.Username,
+            result.User.Roles.Any(r => r == Role.SuperUser)
+        );
    }

    [HttpDelete("session")]
    public async Task<ActionResult> DeleteSession()
    {
-        HttpContext.Response.Cookies.Delete("session");
+        HttpContext.DeleteSession();
        return Ok(new { });
    }

+    [HttpGet("user/{userId}")]
+    [Authorize]
+    public async Task<ActionResult<RefreshUserResult>> RefreshUser(
+        Guid userId,
+        CancellationToken cancellationToken
+    )
+    {
+        var currentUser = currentUserContext.CurrentUser!;
+
+        try
+        {
+            var result = await authModule.Command(
+                new RefreshUserSessionCommand(userId, currentUser),
+                cancellationToken
+            );
+
+            return new RefreshUserResult(
+                result.User.Id,
+                result.User.Username,
+                result.User.Roles.Any(r => r == Role.SuperUser)
+            );
+        }
+        catch (Exception)
+        {
+            HttpContext.DeleteSession();
+            return this.Forbid();
+        }
+    }
+
    [HttpPost("signup-codes")]
    [Authorize(Roles = "SuperUser")]
    public async Task<ActionResult> CreateSignupCode(
@ -63,7 +106,9 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo

    [HttpGet("signup-codes")]
    [Authorize(Roles = "SuperUser")]
-    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(CancellationToken cancellationToken)
+    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(
+        CancellationToken cancellationToken
+    )
    {
        var codes = await authModule.Query(new GetSignupCodesQuery(), cancellationToken);

--- a/Femto.Api/Controllers/Auth/RefreshUserResult.cs
+++ b/Femto.Api/Controllers/Auth/RefreshUserResult.cs
@ -0,0 +1,3 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record RefreshUserResult(Guid UserId, string Username, bool IsSuperUser);
--- a/Femto.Api/Sessions/HttpContextSessionExtensions.cs
+++ b/Femto.Api/Sessions/HttpContextSessionExtensions.cs
@ -34,4 +34,10 @@ internal static class HttpContextSessionExtensions
            }
        );
    }
+
+    public static void DeleteSession(this HttpContext httpContext)
+    {
+        httpContext.Response.Cookies.Delete("session");
+        httpContext.Response.Cookies.Delete("hasSession");
+    }
 }