wip session auth

Femto.Api/Auth/SessionAuthenticationHandler.cs

@@ -1,8 +1,10 @@
 using System.Security.Claims;
 using System.Text.Encodings.Web;
+using System.Text.Json;
 using Femto.Api.Sessions;
 using Femto.Common;
 using Femto.Modules.Auth.Application;
+using Femto.Modules.Auth.Application.Dto;
 using Femto.Modules.Auth.Application.Interface.ValidateSession;
 using Femto.Modules.Auth.Errors;
 using Microsoft.AspNetCore.Authentication;
@@ -25,29 +27,42 @@ internal class SessionAuthenticationHandler(
         if (string.IsNullOrWhiteSpace(sessionId))
             return AuthenticateResult.NoResult();
 
+        var userJson = this.Request.Cookies["user"];
+        if (string.IsNullOrWhiteSpace(userJson))
+            return AuthenticateResult.Fail("Invalid user");
+
+        var user = JsonSerializer.Deserialize<UserInfo>(userJson);
+
+        if (user is null)
+            return AuthenticateResult.Fail("Invalid user");
+
+        var rememberMe = this.Request.Cookies["rememberme"];
+
         try
         {
-            var result = await authModule.Command(new ValidateSessionCommand(sessionId));
+            var result = await authModule.Command(
+                new ValidateSessionCommand(sessionId, user, rememberMe)
+            );
 
             var claims = new List<Claim>
             {
-                new(ClaimTypes.Name, result.User.Username),
-                new("sub", result.User.Id.ToString()),
-                new("user_id", result.User.Id.ToString()),
+                new(ClaimTypes.Name, user.Username),
+                new("sub", user.Id.ToString()),
+                new("user_id", user.Id.ToString()),
             };
 
-            claims.AddRange(
-                result.User.Roles.Select(role => new Claim(ClaimTypes.Role, role.ToString()))
-            );
+            claims.AddRange(user.Roles.Select(role => new Claim(ClaimTypes.Role, role.ToString())));
 
             var identity = new ClaimsIdentity(claims, this.Scheme.Name);
             var principal = new ClaimsPrincipal(identity);
 
-            this.Context.SetSession(result.Session, result.User, Logger);
+            this.Context.SetSession(result.SessionDto, user, Logger);
+
             currentUserContext.CurrentUser = new CurrentUser(
-                result.User.Id,
-                result.User.Username,
-                result.Session.SessionId
+                user.Id,
+                user.Username,
+                result.SessionDto.SessionId,
+                rememberMe
             );
 
             return AuthenticateResult.Success(

Femto.Api/Controllers/Auth/AuthController.cs

@@ -29,7 +29,7 @@ public class AuthController(
     {
         var result = await authModule.Command(new LoginCommand(request.Username, request.Password));
 
-        HttpContext.SetSession(result.Session, result.User, logger);
+        HttpContext.SetSession(result.SessionDto, result.User, logger);
 
         return new LoginResponse(
             result.User.Id,
@@ -45,7 +45,7 @@ public class AuthController(
             new RegisterCommand(request.Username, request.Password, request.SignupCode)
         );
 
-        HttpContext.SetSession(result.Session, result.User, logger);
+        HttpContext.SetSession(result.SessionDto, result.User, logger);
 
         return new RegisterResponse(
             result.User.Id,
@@ -57,7 +57,13 @@ public class AuthController(
     [HttpDelete("session")]
     public async Task<ActionResult> DeleteSession()
     {
+        var currentUser = currentUserContext.CurrentUser;
+
+        if (currentUser != null)
+            await authModule.Command(new DeauthenticateCommand(currentUser.Id, currentUser.SessionId, currentUser.RememberMeToken));
+        
         HttpContext.DeleteSession();
+        
         return Ok(new { });
     }
 
@@ -73,7 +79,7 @@ public class AuthController(
         try
         {
             var result = await authModule.Command(
-                new RefreshUserSessionCommand(userId, currentUser),
+                new RefreshUserCommand(userId, currentUser),
                 cancellationToken
             );
 

Femto.Api/Sessions/HttpContextSessionExtensions.cs

@@ -8,14 +8,14 @@ namespace Femto.Api.Sessions;
 
 internal static class HttpContextSessionExtensions
 {
-    public static void SetSession(this HttpContext httpContext, Session session, UserInfo user, ILogger logger)
+    public static void SetSession(this HttpContext httpContext, SessionDto sessionDto, UserInfo user, ILogger logger)
     {
         var cookieSettings = httpContext.RequestServices.GetService<IOptions<CookieSettings>>();
         
         var secure = cookieSettings?.Value.Secure ?? true;
         var sameSite = cookieSettings?.Value.SameSite ?? SameSiteMode.Strict;
         var domain = cookieSettings?.Value.Domain;
-        var expires = session.Expires;
+        var expires = sessionDto.Expires;
 
         logger.LogInformation(
             "cookie settings: Secure={Secure}, SameSite={SameSite}, domain={Domain}, Expires={Expires}",
@@ -27,7 +27,7 @@ internal static class HttpContextSessionExtensions
 
         httpContext.Response.Cookies.Append(
             "session",
-            session.SessionId,
+            sessionDto.SessionId,
             new CookieOptions
             {
                 IsEssential = true,
@@ -55,7 +55,7 @@ internal static class HttpContextSessionExtensions
                 IsEssential = true,
                 Secure = secure,
                 SameSite = sameSite,
-                Expires = session.Expires,
+                Expires = sessionDto.Expires,
             }
         );
     }