misc

2025-05-18 22:22:20 +02:00 · 2025-05-18 22:22:20 +02:00 · d7e0c59559
commit d7e0c59559
parent fbc6f562e3
31 changed files with 249 additions and 57 deletions
--- a/Femto.Api/Auth/SessionAuthenticationHandler.cs
+++ b/Femto.Api/Auth/SessionAuthenticationHandler.cs
@ -3,10 +3,11 @@ using System.Text.Encodings.Web;
 using Femto.Api.Sessions;
 using Femto.Common;
 using Femto.Modules.Auth.Application;
-using Femto.Modules.Auth.Application.Commands.ValidateSession;
+using Femto.Modules.Auth.Application.Interface.ValidateSession;
 using Femto.Modules.Auth.Errors;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
+using Microsoft.OpenApi.Extensions;

 namespace Femto.Api.Auth;

@ -27,20 +28,25 @@ internal class SessionAuthenticationHandler(

        try
        {
-            var result = await authModule.PostCommand(new ValidateSessionCommand(sessionId));
+            var result = await authModule.Command(new ValidateSessionCommand(sessionId));

            var claims = new List<Claim>
            {
-                new(ClaimTypes.Name, result.Username),
-                new("sub", result.UserId.ToString()),
-                new("user_id", result.UserId.ToString()),
+                new(ClaimTypes.Name, result.User.Username),
+                new("sub", result.User.Id.ToString()),
+                new("user_id", result.User.Id.ToString()),
            };

+            claims.AddRange(
+                result.User.Roles
+                    .Select(role => new Claim(ClaimTypes.Role, role.ToString()))
+            );
+
            var identity = new ClaimsIdentity(claims, this.Scheme.Name);
            var principal = new ClaimsPrincipal(identity);

            this.Context.SetSession(result.Session, cookieOptions.Value);
-            currentUserContext.CurrentUser = new CurrentUser(result.UserId, result.Username);
+            currentUserContext.CurrentUser = new CurrentUser(result.User.Id, result.User.Username);

            return AuthenticateResult.Success(
                new AuthenticationTicket(principal, this.Scheme.Name)
--- a/Femto.Api/Controllers/Auth/AuthController.cs
+++ b/Femto.Api/Controllers/Auth/AuthController.cs
@ -1,8 +1,12 @@
 using Femto.Api.Auth;
 using Femto.Api.Sessions;
 using Femto.Modules.Auth.Application;
-using Femto.Modules.Auth.Application.Commands.Login;
-using Femto.Modules.Auth.Application.Commands.Register;
+using Femto.Modules.Auth.Application.Interface.CreateSignupCode;
+using Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
+using Femto.Modules.Auth.Application.Interface.Login;
+using Femto.Modules.Auth.Application.Interface.Register;
+using Femto.Modules.Auth.Contracts;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;

@ -10,30 +14,29 @@ namespace Femto.Api.Controllers.Auth;

 [ApiController]
 [Route("auth")]
-public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings) : ControllerBase
+public class AuthController(IAuthModule authModule, IOptions<CookieSettings> cookieSettings)
+    : ControllerBase
 {
    [HttpPost("login")]
    public async Task<ActionResult<LoginResponse>> Login([FromBody] LoginRequest request)
    {
-        var result = await authModule.PostCommand(
-            new LoginCommand(request.Username, request.Password)
-        );
+        var result = await authModule.Command(new LoginCommand(request.Username, request.Password));

        HttpContext.SetSession(result.Session, cookieSettings.Value);

-        return new LoginResponse(result.UserId, result.Username);
+        return new LoginResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
    }

    [HttpPost("register")]
    public async Task<ActionResult<RegisterResponse>> Register([FromBody] RegisterRequest request)
    {
-        var result = await authModule.PostCommand(
+        var result = await authModule.Command(
            new RegisterCommand(request.Username, request.Password, request.SignupCode)
        );

        HttpContext.SetSession(result.Session, cookieSettings.Value);

-        return new RegisterResponse(result.UserId, result.Username);
+        return new RegisterResponse(result.User.Id, result.User.Username, result.User.Roles.Any(r => r == Role.SuperUser));
    }

    [HttpDelete("session")]
@ -42,4 +45,37 @@ public class AuthController(IAuthModule authModule, IOptions<CookieSettings> coo
        HttpContext.Response.Cookies.Delete("session");
        return Ok(new { });
    }
+
+    [HttpPost("signup-codes")]
+    [Authorize(Roles = "SuperUser")]
+    public async Task<ActionResult> CreateSignupCode(
+        [FromBody] CreateSignupCodeRequest request,
+        CancellationToken cancellationToken
+    )
+    {
+        await authModule.Command(
+            new CreateSignupCodeCommand(request.Code, request.Email, request.Name),
+            cancellationToken
+        );
+
+        return Ok(new { });
+    }
+
+    [HttpGet("signup-codes")]
+    [Authorize(Roles = "SuperUser")]
+    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(CancellationToken cancellationToken)
+    {
+        var codes = await authModule.Query(new GetSignupCodesQuery(), cancellationToken);
+
+        return new ListSignupCodesResult(
+            codes.Select(c => new SignupCodeDto(
+                c.Code,
+                c.Email,
+                c.Name,
+                c.RedeemedByUserId,
+                c.RedeemedByUsername,
+                c.ExpiresOn
+            ))
+        );
+    }
 }
--- a/Femto.Api/Controllers/Auth/CreateSignupCodeRequest.cs
+++ b/Femto.Api/Controllers/Auth/CreateSignupCodeRequest.cs
@ -0,0 +1,3 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record CreateSignupCodeRequest(string Code, string Email, string Name);
--- a/Femto.Api/Controllers/Auth/ListSignupCodesResult.cs
+++ b/Femto.Api/Controllers/Auth/ListSignupCodesResult.cs
@ -0,0 +1,14 @@
+namespace Femto.Api.Controllers.Auth;
+
+public record ListSignupCodesResult(
+    IEnumerable<SignupCodeDto> SignupCodes
+);
+
+public record SignupCodeDto(
+    string Code,
+    string Email,
+    string Name,
+    Guid? RedeemingUserId,
+    string? RedeemingUsername,
+    DateTimeOffset? ExpiresOn
+);
--- a/Femto.Api/Controllers/Auth/LoginResponse.cs
+++ b/Femto.Api/Controllers/Auth/LoginResponse.cs
@ -1,3 +1,3 @@
 namespace Femto.Api.Controllers.Auth;

-public record LoginResponse(Guid UserId, string Username);
+public record LoginResponse(Guid UserId, string Username, bool IsSuperUser);
--- a/Femto.Api/Controllers/Auth/RegisterResponse.cs
+++ b/Femto.Api/Controllers/Auth/RegisterResponse.cs
@ -1,3 +1,3 @@
 namespace Femto.Api.Controllers.Auth;

-public record RegisterResponse(Guid UserId, string Username);
+public record RegisterResponse(Guid UserId, string Username, bool IsSuperUser);
--- a/Femto.Api/Controllers/Media/MediaController.cs
+++ b/Femto.Api/Controllers/Media/MediaController.cs
@ -1,9 +1,7 @@
 using Femto.Api.Controllers.Media.Dto;
 using Femto.Modules.Media.Application;
-using Femto.Modules.Media.Contracts;
 using Femto.Modules.Media.Contracts.LoadFile;
 using Femto.Modules.Media.Contracts.SaveFile;
-using MediatR;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

--- a/Femto.Database/Seed/TestDataSeeder.cs
+++ b/Femto.Database/Seed/TestDataSeeder.cs
@ -58,6 +58,16 @@ public static class TestDataSeeder
            (id, username, password_hash, password_salt)
            VALUES
            (@id, @username, @passwordHash, @salt);
+            
+            INSERT INTO authn.user_role
+            (user_id, role)
+            VALUES
+            (@id, 1);
+
+            INSERT INTO authn.signup_code
+            (code, recipient_email, recipient_name, expires_at, redeeming_user_id)
+            VALUES
+            ('fickli', 'me@johnbotr.is', 'john', null, null);
            """
        );
        
--- a/Femto.Modules.Auth.Contracts/Role.cs
+++ b/Femto.Modules.Auth.Contracts/Role.cs
@ -0,0 +1,7 @@
+namespace Femto.Modules.Auth.Contracts;
+
+public enum Role
+{
+    User = 0,
+    SuperUser = 1,
+}
--- a/Femto.Modules.Auth/Application/AuthModule.cs
+++ b/Femto.Modules.Auth/Application/AuthModule.cs
@ -7,11 +7,29 @@ namespace Femto.Modules.Auth.Application;

 internal class AuthModule(IHost host) : IAuthModule
 {
-    public async Task<TResponse> PostCommand<TResponse>(ICommand<TResponse> command, CancellationToken cancellationToken = default)
+    public Task Command(ICommand command, CancellationToken cancellationToken = default)
+    {
+        using var scope = host.Services.CreateScope();
+        var mediator = scope.ServiceProvider.GetRequiredService<IMediator>();
+        return mediator.Send(command, cancellationToken);
+    }
+
+    public async Task<TResponse> Command<TResponse>(
+        ICommand<TResponse> command,
+        CancellationToken cancellationToken = default
+    )
    {
        using var scope = host.Services.CreateScope();
        var mediator = scope.ServiceProvider.GetRequiredService<IMediator>();
        var response = await mediator.Send(command, cancellationToken);
        return response;
    }
+
+    public async Task<TResponse> Query<TResponse>(IQuery<TResponse> query, CancellationToken cancellationToken = default)
+    {
+        using var scope = host.Services.CreateScope();
+        var mediator = scope.ServiceProvider.GetRequiredService<IMediator>();
+        var response = await mediator.Send(query, cancellationToken);
+        return response;
+    }
 }
--- a/Femto.Modules.Auth/Application/AuthStartup.cs
+++ b/Femto.Modules.Auth/Application/AuthStartup.cs
@ -1,4 +1,5 @@
 using Femto.Common.Infrastructure;
+using Femto.Common.Infrastructure.DbConnection;
 using Femto.Common.Infrastructure.Outbox;
 using Femto.Common.Integration;
 using Femto.Modules.Auth.Data;
@ -27,11 +28,7 @@ public static class AuthStartup

    private static void ConfigureServices(IServiceCollection services, string connectionString, IEventPublisher publisher)
    {
-        services.AddDbContext<AuthContext>(builder =>
-        {
-            builder.UseNpgsql(connectionString);
-            builder.UseSnakeCaseNamingConvention();
-        });
+        services.AddTransient<IDbConnectionFactory>(_ => new DbConnectionFactory(connectionString));

        services.AddQuartzHostedService(options =>
        {
@ -44,10 +41,13 @@ public static class AuthStartup

        services.AddDbContext<AuthContext>(builder =>
        {
-            builder.UseNpgsql();
+            builder.UseNpgsql(connectionString);
            builder.UseSnakeCaseNamingConvention();
-            var loggerFactory = LoggerFactory.Create(b => { });
-            builder.UseLoggerFactory(loggerFactory);
+            // var loggerFactory = LoggerFactory.Create(b => { });
+            // builder.UseLoggerFactory(loggerFactory);
+            // #if DEBUG
+            // builder.EnableSensitiveDataLogging();
+            // #endif
        });

        services.ConfigureDomainServices<AuthContext>();
--- a/Femto.Modules.Auth/Application/Dto/LoginResult.cs
+++ b/Femto.Modules.Auth/Application/Dto/LoginResult.cs
@ -1,3 +1,3 @@
 namespace Femto.Modules.Auth.Application.Dto;

-public record LoginResult(Session Session, Guid UserId, string Username);
+public record LoginResult(Session Session, UserInfo User);
--- a/Femto.Modules.Auth/Application/Dto/RegisterResult.cs
+++ b/Femto.Modules.Auth/Application/Dto/RegisterResult.cs
@ -1,3 +1,3 @@
 namespace Femto.Modules.Auth.Application.Dto;

-public record RegisterResult(Session Session, Guid UserId, string Username);
+public record RegisterResult(Session Session, UserInfo User);
--- a/Femto.Modules.Auth/Application/Dto/SignupCodeDto.cs
+++ b/Femto.Modules.Auth/Application/Dto/SignupCodeDto.cs
@ -0,0 +1,10 @@
+namespace Femto.Modules.Auth.Application.Dto;
+
+public record SignupCodeDto(
+    string Code,
+    string Email,
+    string Name,
+    Guid? RedeemedByUserId,
+    string? RedeemedByUsername,
+    DateTimeOffset? ExpiresOn
+);
--- a/Femto.Modules.Auth/Application/Dto/UserInfo.cs
+++ b/Femto.Modules.Auth/Application/Dto/UserInfo.cs
@ -0,0 +1,10 @@
+using Femto.Modules.Auth.Contracts;
+using Femto.Modules.Auth.Models;
+
+namespace Femto.Modules.Auth.Application.Dto;
+
+public record UserInfo(Guid Id, string Username, ICollection<Role> Roles)
+{
+    internal UserInfo(UserIdentity user)
+        : this(user.Id, user.Username, user.Roles.Select(r => r.Role).ToList()) { }
+};
--- a/Femto.Modules.Auth/Application/Dto/ValidateSessionResult.cs
+++ b/Femto.Modules.Auth/Application/Dto/ValidateSessionResult.cs
@ -1,3 +1,3 @@
 namespace Femto.Modules.Auth.Application.Dto;

-public record ValidateSessionResult(Session Session, Guid UserId, string Username);
+public record ValidateSessionResult(Session Session, UserInfo User);
--- a/Femto.Modules.Auth/Application/IAuthModule.cs
+++ b/Femto.Modules.Auth/Application/IAuthModule.cs
@ -4,5 +4,7 @@ namespace Femto.Modules.Auth.Application;

 public interface IAuthModule
 {
-    Task<TResponse> PostCommand<TResponse>(ICommand<TResponse> command, CancellationToken cancellationToken = default);
+    Task Command(ICommand command, CancellationToken cancellationToken = default);
+    Task<TResponse> Command<TResponse>(ICommand<TResponse> command, CancellationToken cancellationToken = default);
+    Task<TResponse> Query<TResponse>(IQuery<TResponse> query, CancellationToken cancellationToken = default);
 }
--- a/Femto.Modules.Auth/Application/Interface/CreateSignupCode/CreateSignupCodeCommand.cs
+++ b/Femto.Modules.Auth/Application/Interface/CreateSignupCode/CreateSignupCodeCommand.cs
@ -1,5 +1,5 @@
 using Femto.Common.Domain;

-namespace Femto.Modules.Auth.Application.Commands.CreateSignupCode;
+namespace Femto.Modules.Auth.Application.Interface.CreateSignupCode;

 public record CreateSignupCodeCommand(string Code, string RecipientEmail, string RecipientName): ICommand;
--- a/Femto.Modules.Auth/Application/Interface/CreateSignupCode/CreateSignupCodeCommandHandler.cs
+++ b/Femto.Modules.Auth/Application/Interface/CreateSignupCode/CreateSignupCodeCommandHandler.cs
@ -2,7 +2,7 @@ using Femto.Common.Domain;
 using Femto.Modules.Auth.Data;
 using Femto.Modules.Auth.Models;

-namespace Femto.Modules.Auth.Application.Commands.CreateSignupCode;
+namespace Femto.Modules.Auth.Application.Interface.CreateSignupCode;

 internal class CreateSignupCodeCommandHandler(AuthContext context) : ICommandHandler<CreateSignupCodeCommand>
 {
--- a/Femto.Modules.Auth/Application/Interface/GetSignupCodesQuery/GetSignupCodesQuery.cs
+++ b/Femto.Modules.Auth/Application/Interface/GetSignupCodesQuery/GetSignupCodesQuery.cs
@ -0,0 +1,6 @@
+using Femto.Common.Domain;
+using Femto.Modules.Auth.Application.Dto;
+
+namespace Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
+
+public record GetSignupCodesQuery: IQuery<ICollection<SignupCodeDto>>;
--- a/Femto.Modules.Auth/Application/Interface/GetSignupCodesQuery/GetSignupCodesQueryHandler.cs
+++ b/Femto.Modules.Auth/Application/Interface/GetSignupCodesQuery/GetSignupCodesQueryHandler.cs
@ -0,0 +1,55 @@
+using Dapper;
+using Femto.Common.Domain;
+using Femto.Common.Infrastructure.DbConnection;
+using Femto.Modules.Auth.Application.Dto;
+
+namespace Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
+
+public class GetSignupCodesQueryHandler(IDbConnectionFactory connectionFactory)
+    : IQueryHandler<GetSignupCodesQuery, ICollection<SignupCodeDto>>
+{
+    public async Task<ICollection<SignupCodeDto>> Handle(
+        GetSignupCodesQuery request,
+        CancellationToken cancellationToken
+    )
+    {
+        using var conn = connectionFactory.GetConnection();
+
+        // lang=sql
+        const string sql = """
+            SELECT 
+                sc.code as Code,
+                sc.recipient_email as Email,
+                sc.recipient_name as Name,
+                sc.redeeming_user_id as RedeemedByUserId,
+                u.username as RedeemedByUsername,
+                sc.expires_at as ExpiresOn
+            FROM authn.signup_code sc
+            LEFT JOIN authn.user_identity u ON u.id = sc.redeeming_user_id
+            ORDER BY sc.created_at DESC
+            """;
+
+        var result = await conn.QueryAsync<QueryResultRow>(sql);
+
+        return result
+            .Select(row => new SignupCodeDto(
+                row.Code,
+                row.Email,
+                row.Name,
+                row.RedeemedByUserId,
+                row.RedeemedByUsername,
+                row.ExpiresOn
+            ))
+            .ToList();
+    }
+
+    private class QueryResultRow
+    {
+        public string Code { get; set; }
+        public string Email { get; set; }
+        public string Name { get; set; }
+        public Guid? RedeemedByUserId { get; set; }
+        public string? RedeemedByUsername { get; set; }
+        public DateTimeOffset ExpiresOn { get; set; }
+    }
+}
--- a/Femto.Modules.Auth/Application/Interface/Login/LoginCommand.cs
+++ b/Femto.Modules.Auth/Application/Interface/Login/LoginCommand.cs
@ -1,6 +1,6 @@
 using Femto.Common.Domain;
 using Femto.Modules.Auth.Application.Dto;

-namespace Femto.Modules.Auth.Application.Commands.Login;
+namespace Femto.Modules.Auth.Application.Interface.Login;

 public record LoginCommand(string Username, string Password) : ICommand<LoginResult>;
--- a/Femto.Modules.Auth/Application/Interface/Login/LoginCommandHandler.cs
+++ b/Femto.Modules.Auth/Application/Interface/Login/LoginCommandHandler.cs
@ -1,11 +1,9 @@
 using Femto.Common.Domain;
 using Femto.Modules.Auth.Application.Dto;
 using Femto.Modules.Auth.Data;
-using Femto.Modules.Auth.Models;
-using MediatR;
 using Microsoft.EntityFrameworkCore;

-namespace Femto.Modules.Auth.Application.Commands.Login;
+namespace Femto.Modules.Auth.Application.Interface.Login;

 internal class LoginCommandHandler(AuthContext context)
    : ICommandHandler<LoginCommand, LoginResult>
@ -25,6 +23,6 @@ internal class LoginCommandHandler(AuthContext context)
        
        var session = user.StartNewSession();

-        return new(new Session(session.Id, session.Expires), user.Id, user.Username);
+        return new(new Session(session.Id, session.Expires), new UserInfo(user));
    }
 }
--- a/Femto.Modules.Auth/Application/Interface/Register/RegisterCommand.cs
+++ b/Femto.Modules.Auth/Application/Interface/Register/RegisterCommand.cs
@ -1,6 +1,6 @@
 using Femto.Common.Domain;
 using Femto.Modules.Auth.Application.Dto;

-namespace Femto.Modules.Auth.Application.Commands.Register;
+namespace Femto.Modules.Auth.Application.Interface.Register;

 public record RegisterCommand(string Username, string Password, string SignupCode) : ICommand<RegisterResult>;
--- a/Femto.Modules.Auth/Application/Interface/Register/RegisterCommandHandler.cs
+++ b/Femto.Modules.Auth/Application/Interface/Register/RegisterCommandHandler.cs
@ -4,7 +4,7 @@ using Femto.Modules.Auth.Data;
 using Femto.Modules.Auth.Models;
 using Microsoft.EntityFrameworkCore;

-namespace Femto.Modules.Auth.Application.Commands.Register;
+namespace Femto.Modules.Auth.Application.Interface.Register;

 internal class RegisterCommandHandler(AuthContext context) : ICommandHandler<RegisterCommand, RegisterResult>
 {
@ -30,6 +30,6 @@ internal class RegisterCommandHandler(AuthContext context) : ICommandHandler<Reg
        
        code.Redeem(user.Id);
        
-        return new(new Session(session.Id, session.Expires), user.Id, user.Username);    
+        return new(new Session(session.Id, session.Expires), new UserInfo(user));    
    }
 }
--- a/Femto.Modules.Auth/Application/Interface/ValidateSession/ValidateSessionCommand.cs
+++ b/Femto.Modules.Auth/Application/Interface/ValidateSession/ValidateSessionCommand.cs
@ -1,7 +1,7 @@
 using Femto.Common.Domain;
 using Femto.Modules.Auth.Application.Dto;

-namespace Femto.Modules.Auth.Application.Commands.ValidateSession;
+namespace Femto.Modules.Auth.Application.Interface.ValidateSession;

 /// <summary>
 /// Validate an existing session, and then return either the current session, or a new one in case the expiry is further in the future
--- a/Femto.Modules.Auth/Application/Interface/ValidateSession/ValidateSessionCommandHandler.cs
+++ b/Femto.Modules.Auth/Application/Interface/ValidateSession/ValidateSessionCommandHandler.cs
@ -4,7 +4,7 @@ using Femto.Modules.Auth.Data;
 using Femto.Modules.Auth.Errors;
 using Microsoft.EntityFrameworkCore;

-namespace Femto.Modules.Auth.Application.Commands.ValidateSession;
+namespace Femto.Modules.Auth.Application.Interface.ValidateSession;

 internal class ValidateSessionCommandHandler(AuthContext context)
    : ICommandHandler<ValidateSessionCommand, ValidateSessionResult>
@ -28,8 +28,7 @@ internal class ValidateSessionCommandHandler(AuthContext context)

        return new ValidateSessionResult(
            new Session(session.Id, session.Expires),
-            user.Id,
-            user.Username
+            new UserInfo(user)
        );
    }
 }
--- a/Femto.Modules.Auth/Data/Configurations/UserIdentityTypeConfiguration.cs
+++ b/Femto.Modules.Auth/Data/Configurations/UserIdentityTypeConfiguration.cs
@ -9,16 +9,23 @@ internal class UserIdentityTypeConfiguration : IEntityTypeConfiguration<UserIden
    public void Configure(EntityTypeBuilder<UserIdentity> builder)
    {
        builder.ToTable("user_identity");
-        builder.OwnsOne(u => u.Password, pw =>
+        builder.OwnsOne(
+            u => u.Password,
+            pw =>
            {
-            pw.Property(p => p.Hash)
-                .HasColumnName("password_hash")
-                .IsRequired(false);
+                pw.Property(p => p.Hash).HasColumnName("password_hash").IsRequired(false);
+
+                pw.Property(p => p.Salt).HasColumnName("password_salt").IsRequired(false);
+            }
+        );

-            pw.Property(p => p.Salt)
-                .HasColumnName("password_salt")
-                .IsRequired(false);
-        });
        builder.OwnsMany(u => u.Sessions).WithOwner().HasForeignKey("user_id");
+
+        builder
+            .OwnsMany(u => u.Roles, entity =>
+            {
+                entity.WithOwner().HasForeignKey(x => x.UserId);
+                entity.HasKey(x => new { x.UserId, x.Role});
+            });
    }
 }
--- a/Femto.Modules.Auth/Femto.Modules.Auth.csproj
+++ b/Femto.Modules.Auth/Femto.Modules.Auth.csproj
@ -8,6 +8,7 @@

    <ItemGroup>
      <PackageReference Include="Autofac" Version="8.3.0" />
+      <PackageReference Include="Dapper" Version="2.1.66" />
      <PackageReference Include="EFCore.NamingConventions" Version="9.0.0" />
      <PackageReference Include="Geralt" Version="3.3.0" />
      <PackageReference Include="JetBrains.Annotations" Version="2024.3.0" />
--- a/Femto.Modules.Auth/Models/UserIdentity.cs
+++ b/Femto.Modules.Auth/Models/UserIdentity.cs
@ -16,6 +16,8 @@ internal class UserIdentity : Entity

    public ICollection<UserSession> Sessions { get; private set; } = [];
    
+    public ICollection<UserRole> Roles { get; private set; } = [];
+
    private UserIdentity() { }

    public UserIdentity(string username)
--- a/Femto.Modules.Auth/Models/UserRole.cs
+++ b/Femto.Modules.Auth/Models/UserRole.cs
@ -0,0 +1,10 @@
+using Femto.Modules.Auth.Contracts;
+
+namespace Femto.Modules.Auth.Models;
+
+internal class UserRole
+{
+    public Guid UserId { get; set; }
+    
+    public Role Role { get; set; }
+}