misc

Femto.Api/Auth/SessionAuthenticationHandler.cs

@@ -3,10 +3,11 @@ using System.Text.Encodings.Web;
 using Femto.Api.Sessions;
 using Femto.Common;
 using Femto.Modules.Auth.Application;
-using Femto.Modules.Auth.Application.Commands.ValidateSession;
+using Femto.Modules.Auth.Application.Interface.ValidateSession;
 using Femto.Modules.Auth.Errors;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
+using Microsoft.OpenApi.Extensions;
 
 namespace Femto.Api.Auth;
 
@@ -27,20 +28,25 @@ internal class SessionAuthenticationHandler(
 
         try
         {
-            var result = await authModule.PostCommand(new ValidateSessionCommand(sessionId));
+            var result = await authModule.Command(new ValidateSessionCommand(sessionId));
 
             var claims = new List<Claim>
             {
-                new(ClaimTypes.Name, result.Username),
-                new("sub", result.UserId.ToString()),
-                new("user_id", result.UserId.ToString()),
+                new(ClaimTypes.Name, result.User.Username),
+                new("sub", result.User.Id.ToString()),
+                new("user_id", result.User.Id.ToString()),
             };
 
+            claims.AddRange(
+                result.User.Roles
+                    .Select(role => new Claim(ClaimTypes.Role, role.ToString()))
+            );
+
             var identity = new ClaimsIdentity(claims, this.Scheme.Name);
             var principal = new ClaimsPrincipal(identity);
 
             this.Context.SetSession(result.Session, cookieOptions.Value);
-            currentUserContext.CurrentUser = new CurrentUser(result.UserId, result.Username);
+            currentUserContext.CurrentUser = new CurrentUser(result.User.Id, result.User.Username);
 
             return AuthenticateResult.Success(
                 new AuthenticationTicket(principal, this.Scheme.Name)

Femto.Api/Controllers/Auth/AuthController.cs

@@ -1,8 +1,12 @@
 using Femto.Api.Auth;
 using Femto.Api.Sessions;
 using Femto.Modules.Auth.Application;
-using Femto.Modules.Auth.Application.Commands.Login;
-using Femto.Modules.Auth.Application.Commands.Register;
+using Femto.Modules.Auth.Application.Interface.CreateSignupCode;
+using Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
+using Femto.Modules.Auth.Application.Interface.Login;
+using Femto.Modules.Auth.Application.Interface.Register;
+using Femto.Modules.Auth.Contracts;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 
@@ -10,30 +14,29 @@ namespace Femto.Api.Controllers.Auth;
 
 [ApiController]
 [Route("auth")]
-public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings) : ControllerBase
+public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings)
+    : ControllerBase
 {
     [HttpPost("login")]
     public async Task<ActionResult<LoginResponse>> Login([FromBody] LoginRequest request)
     {
-        var result = await authModule.PostCommand(
-            new LoginCommand(request.Username, request.Password)
-        );
+        var result = await authModule.Command(new LoginCommand(request.Username, request.Password));
 
         HttpContext.SetSession(result.Session, cookieSettings.Value);
 
-        return new LoginResponse(result.UserId, result.Username);
+        return new LoginResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
     }
 
     [HttpPost("register")]
     public async Task<ActionResult<RegisterResponse>> Register([FromBody] RegisterRequest request)
     {
-        var result = await authModule.PostCommand(
+        var result = await authModule.Command(
             new RegisterCommand(request.Username, request.Password, request.SignupCode)
         );
 
         HttpContext.SetSession(result.Session, cookieSettings.Value);
 
-        return new RegisterResponse(result.UserId, result.Username);
+        return new RegisterResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
     }
 
     [HttpDelete("session")]
@@ -42,4 +45,37 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo
         HttpContext.Response.Cookies.Delete("session");
         return Ok(new { });
     }
+
+    [HttpPost("signup-codes")]
+    [Authorize(Roles = "SuperUser")]
+    public async Task<ActionResult> CreateSignupCode(
+        [FromBody] CreateSignupCodeRequest request,
+        CancellationToken cancellationToken
+    )
+    {
+        await authModule.Command(
+            new CreateSignupCodeCommand(request.Code, request.Email, request.Name),
+            cancellationToken
+        );
+
+        return Ok(new { });
+    }
+
+    [HttpGet("signup-codes")]
+    [Authorize(Roles = "SuperUser")]
+    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(CancellationToken cancellationToken)
+    {
+        var codes = await authModule.Query(new GetSignupCodesQuery(), cancellationToken);
+
+        return new ListSignupCodesResult(
+            codes.Select(c => new SignupCodeDto(
+                c.Code,
+                c.Email,
+                c.Name,
+                c.RedeemedByUserId,
+                c.RedeemedByUsername,
+                c.ExpiresOn
+            ))
+        );
+    }
 }

Femto.Api/Controllers/Auth/CreateSignupCodeRequest.cs

@@ -0,0 +1,3 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record CreateSignupCodeRequest(string Code, string Email, string Name);

Femto.Api/Controllers/Auth/ListSignupCodesResult.cs

@@ -0,0 +1,14 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record ListSignupCodesResult(
+    IEnumerable<SignupCodeDto> SignupCodes
+);
+
+public record SignupCodeDto(
+    string Code,
+    string Email,
+    string Name,
+    Guid? RedeemingUserId,
+    string? RedeemingUsername,
+    DateTimeOffset? ExpiresOn
+);

Femto.Api/Controllers/Auth/LoginResponse.cs

@@ -1,3 +1,3 @@
 namespace Femto.Api.Controllers.Auth;
 
-public record LoginResponse(Guid UserId, string Username);
+public record LoginResponse(Guid UserId, string Username, bool IsSuperUser);

Femto.Api/Controllers/Auth/RegisterResponse.cs

@@ -1,3 +1,3 @@
 namespace Femto.Api.Controllers.Auth;
 
-public record RegisterResponse(Guid UserId, string Username);
+public record RegisterResponse(Guid UserId, string Username, bool IsSuperUser);

Femto.Api/Controllers/Media/MediaController.cs

@@ -1,9 +1,7 @@
 using Femto.Api.Controllers.Media.Dto;
 using Femto.Modules.Media.Application;
-using Femto.Modules.Media.Contracts;
 using Femto.Modules.Media.Contracts.LoadFile;
 using Femto.Modules.Media.Contracts.SaveFile;
-using MediatR;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;