From a6fef1929c3fe851810d2df0865e0cb7bfd65424 Mon Sep 17 00:00:00 2001 From: john Date: Tue, 20 May 2025 09:20:50 +0200 Subject: [PATCH] add username and userid cookies --- .../Auth/SessionAuthenticationHandler.cs | 11 +++++---- Femto.Api/Controllers/Auth/AuthController.cs | 4 ++-- .../Sessions/HttpContextSessionExtensions.cs | 23 ++++++++++++++++--- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/Femto.Api/Auth/SessionAuthenticationHandler.cs b/Femto.Api/Auth/SessionAuthenticationHandler.cs index c9c3685..01ec20e 100644 --- a/Femto.Api/Auth/SessionAuthenticationHandler.cs +++ b/Femto.Api/Auth/SessionAuthenticationHandler.cs @@ -38,15 +38,18 @@ internal class SessionAuthenticationHandler( }; claims.AddRange( - result.User.Roles - .Select(role => new Claim(ClaimTypes.Role, role.ToString())) + result.User.Roles.Select(role => new Claim(ClaimTypes.Role, role.ToString())) ); var identity = new ClaimsIdentity(claims, this.Scheme.Name); var principal = new ClaimsPrincipal(identity); - this.Context.SetSession(result.Session, cookieOptions.Value); - currentUserContext.CurrentUser = new CurrentUser(result.User.Id, result.User.Username, result.Session.SessionId); + this.Context.SetSession(result.Session, result.User, cookieOptions.Value); + currentUserContext.CurrentUser = new CurrentUser( + result.User.Id, + result.User.Username, + result.Session.SessionId + ); return AuthenticateResult.Success( new AuthenticationTicket(principal, this.Scheme.Name) diff --git a/Femto.Api/Controllers/Auth/AuthController.cs b/Femto.Api/Controllers/Auth/AuthController.cs index bb6af57..953926d 100644 --- a/Femto.Api/Controllers/Auth/AuthController.cs +++ b/Femto.Api/Controllers/Auth/AuthController.cs @@ -28,7 +28,7 @@ public class AuthController( { var result = await authModule.Command(new LoginCommand(request.Username, request.Password)); - HttpContext.SetSession(result.Session, cookieSettings.Value); + HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); return new LoginResponse( result.User.Id, @@ -44,7 +44,7 @@ public class AuthController( new RegisterCommand(request.Username, request.Password, request.SignupCode) ); - HttpContext.SetSession(result.Session, cookieSettings.Value); + HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); return new RegisterResponse( result.User.Id, diff --git a/Femto.Api/Sessions/HttpContextSessionExtensions.cs b/Femto.Api/Sessions/HttpContextSessionExtensions.cs index 832fd93..4de3e92 100644 --- a/Femto.Api/Sessions/HttpContextSessionExtensions.cs +++ b/Femto.Api/Sessions/HttpContextSessionExtensions.cs @@ -8,24 +8,41 @@ internal static class HttpContextSessionExtensions public static void SetSession( this HttpContext httpContext, Session session, + UserInfo user, CookieSettings cookieSettings ) { + + var secure = cookieSettings.Secure; + var sameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified; + var expires = session.Expires; + httpContext.Response.Cookies.Append( "session", session.SessionId, new CookieOptions { HttpOnly = true, + Secure = secure, + SameSite = sameSite, + Expires = expires, + } + ); + + httpContext.Response.Cookies.Append( + "uid", + user.Id.ToString(), + new CookieOptions + { Secure = cookieSettings.Secure, SameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified, Expires = session.Expires, } ); - + httpContext.Response.Cookies.Append( - "hasSession", - "true", + "uname", + user.Username, new CookieOptions { Secure = cookieSettings.Secure,