refresh user

Femto.Api/Controllers/Auth/AuthController.cs

@@ -1,9 +1,12 @@
 using Femto.Api.Auth;
 using Femto.Api.Sessions;
+using Femto.Common;
 using Femto.Modules.Auth.Application;
+using Femto.Modules.Auth.Application.Dto;
 using Femto.Modules.Auth.Application.Interface.CreateSignupCode;
 using Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
 using Femto.Modules.Auth.Application.Interface.Login;
+using Femto.Modules.Auth.Application.Interface.RefreshUserSession;
 using Femto.Modules.Auth.Application.Interface.Register;
 using Femto.Modules.Auth.Contracts;
 using Microsoft.AspNetCore.Authorization;
@@ -14,8 +17,11 @@ namespace Femto.Api.Controllers.Auth;
 
 [ApiController]
 [Route("auth")]
-public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings)
-    : ControllerBase
+public class AuthController(
+    IAuthModule authModule,
+    IOptions<CookieSettings> cookieSettings,
+    ICurrentUserContext currentUserContext
+) : ControllerBase
 {
     [HttpPost("login")]
     public async Task<ActionResult<LoginResponse>> Login([FromBody] LoginRequest request)
@@ -24,7 +30,11 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo
 
         HttpContext.SetSession(result.Session, cookieSettings.Value);
 
-        return new LoginResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
+        return new LoginResponse(
+            result.User.Id,
+            result.User.Username,
+            result.User.Roles.Any(r => r == Role.SuperUser)
+        );
     }
 
     [HttpPost("register")]
@@ -36,16 +46,49 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo
 
         HttpContext.SetSession(result.Session, cookieSettings.Value);
 
-        return new RegisterResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
+        return new RegisterResponse(
+            result.User.Id,
+            result.User.Username,
+            result.User.Roles.Any(r => r == Role.SuperUser)
+        );
     }
 
     [HttpDelete("session")]
     public async Task<ActionResult> DeleteSession()
     {
-        HttpContext.Response.Cookies.Delete("session");
+        HttpContext.DeleteSession();
         return Ok(new { });
     }
 
+    [HttpGet("user/{userId}")]
+    [Authorize]
+    public async Task<ActionResult<RefreshUserResult>> RefreshUser(
+        Guid userId,
+        CancellationToken cancellationToken
+    )
+    {
+        var currentUser = currentUserContext.CurrentUser!;
+
+        try
+        {
+            var result = await authModule.Command(
+                new RefreshUserSessionCommand(userId, currentUser),
+                cancellationToken
+            );
+
+            return new RefreshUserResult(
+                result.User.Id,
+                result.User.Username,
+                result.User.Roles.Any(r => r == Role.SuperUser)
+            );
+        }
+        catch (Exception)
+        {
+            HttpContext.DeleteSession();
+            return this.Forbid();
+        }
+    }
+
     [HttpPost("signup-codes")]
     [Authorize(Roles = "SuperUser")]
     public async Task<ActionResult> CreateSignupCode(
@@ -63,7 +106,9 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo
 
     [HttpGet("signup-codes")]
     [Authorize(Roles = "SuperUser")]
-    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(CancellationToken cancellationToken)
+    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(
+        CancellationToken cancellationToken
+    )
     {
         var codes = await authModule.Query(new GetSignupCodesQuery(), cancellationToken);
 

Femto.Api/Controllers/Auth/RefreshUserResult.cs

@@ -0,0 +1,3 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record RefreshUserResult(Guid UserId, string Username, bool IsSuperUser);