do sessions in memory and also fix glaring security hole

2025-06-01 23:28:00 +02:00 · 2025-06-01 23:28:00 +02:00 · f48b421500
commit f48b421500
parent 7b6c155a73
31 changed files with 441 additions and 440 deletions
--- a/Femto.Modules.Auth/Application/Services/AuthService.cs
+++ b/Femto.Modules.Auth/Application/Services/AuthService.cs
@ -0,0 +1,79 @@
+using Femto.Common.Domain;
+using Femto.Modules.Auth.Application.Dto;
+using Femto.Modules.Auth.Data;
+using Femto.Modules.Auth.Infrastructure;
+using Femto.Modules.Auth.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace Femto.Modules.Auth.Application.Services;
+
+internal class AuthService(AuthContext context, SessionStorage storage) : IAuthService
+{
+    public async Task<UserInfo?> GetUserWithCredentials(
+        string username,
+        string password,
+        CancellationToken cancellationToken = default
+    )
+    {
+        return await context
+            .Users.Where(u => u.Username == username)
+            .Select(u => new UserInfo(u.Id, u.Username, u.Roles.Select(r => r.Role).ToList()))
+            .SingleOrDefaultAsync(cancellationToken);
+    }
+
+    public Task<UserInfo?> GetUserWithId(Guid? userId, CancellationToken cancellationToken)
+    {
+        return context
+            .Users.Where(u => u.Id == userId)
+            .Select(u => new UserInfo(u.Id, u.Username, u.Roles.Select(r => r.Role).ToList()))
+            .SingleOrDefaultAsync(cancellationToken);
+    }
+
+    public async Task<Session> CreateStrongSession(Guid userId)
+    {
+        var session = new Session(userId, true);
+
+        await storage.AddSession(session);
+
+        return session;
+    }
+
+    public async Task<Session> CreateWeakSession(Guid userId)
+    {
+        var session = new Session(userId, false);
+
+        await storage.AddSession(session);
+
+        return session;
+    }
+
+    public Task<Session?> GetSession(string sessionId)
+    {
+        return storage.GetSession(sessionId);
+    }
+
+    public async Task DeleteSession(string sessionId)
+    {
+        await storage.DeleteSession(sessionId);
+    }
+
+    public async Task<LongTermSession> CreateLongTermSession(Guid userId, bool isStrong)
+    {
+        throw new NotImplementedException();
+    }
+
+    public async Task<LongTermSession> DeleteLongTermSession(string sessionId)
+    {
+        throw new NotImplementedException();
+    }
+
+    public async Task<LongTermSession> RefreshLongTermSession(string sessionId)
+    {
+        throw new NotImplementedException();
+    }
+
+    public async Task<ValidateSessionResult> ValidateLongTermSession(string sessionId)
+    {
+        throw new NotImplementedException();
+    }
+}