wip session auth

Femto.Modules.Auth/Models/UserSession.cs

@@ -1,21 +1,33 @@
+using static System.Security.Cryptography.RandomNumberGenerator;
+
 namespace Femto.Modules.Auth.Models;
 
-internal class UserSession
+internal class Session
 {
     private static TimeSpan SessionTimeout { get; } = TimeSpan.FromMinutes(30);
     private static TimeSpan ExpiryBuffer { get; } = TimeSpan.FromMinutes(5);
     public string Id { get; private set; }
+    public Guid UserId { get; private set; }
     public DateTimeOffset Expires { get; private set; }
     public bool ExpiresSoon => Expires < DateTimeOffset.UtcNow + ExpiryBuffer;
-    
-    private UserSession() {}
 
-    public static UserSession Create()
+    // true if this session was created with remember me token
+    // otherwise false
+    // required to be true to do things like change password etc.
+    public bool IsStronglyAuthenticated { get; private set; }
+    public bool ShouldRefresh => this.Expires < DateTimeOffset.UtcNow + ExpiryBuffer;
+
+    private Session() { }
+
+    public static Session Strong(Guid userId) => new(userId, true);
+
+    public static Session Weak(Guid userId) => new(userId, false);
+
+    private Session(Guid userId, bool isStrong)
     {
-        return new()
-        {
-            Id = Convert.ToBase64String(System.Security.Cryptography.RandomNumberGenerator.GetBytes(32)),
-            Expires = DateTimeOffset.UtcNow + SessionTimeout
-        };
+        this.Id = Convert.ToBase64String(GetBytes(32));
+        this.UserId = userId;
+        this.Expires = DateTimeOffset.UtcNow + SessionTimeout;
+        this.IsStronglyAuthenticated = isStrong;
     }
-}
+}