136 lines
3.9 KiB
C#
136 lines
3.9 KiB
C#
using Femto.Api.Auth;
|
|
using Femto.Api.Sessions;
|
|
using Femto.Common;
|
|
using Femto.Modules.Auth.Application.Interface.CreateSignupCode;
|
|
using Femto.Modules.Auth.Application.Interface.GetSignupCodesQuery;
|
|
using Femto.Modules.Auth.Application.Interface.Register;
|
|
using Femto.Modules.Auth.Application.Services;
|
|
using Femto.Modules.Auth.Contracts;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace Femto.Api.Controllers.Auth;
|
|
|
|
[ApiController]
|
|
[Route("auth")]
|
|
public class AuthController(
|
|
IAuthModule authModule,
|
|
IOptions<CookieSettings> cookieSettings,
|
|
ICurrentUserContext currentUserContext,
|
|
ILogger<AuthController> logger,
|
|
IAuthService authService
|
|
) : ControllerBase
|
|
{
|
|
[HttpPost("login")]
|
|
public async Task<ActionResult<LoginResponse>> Login(
|
|
[FromBody] LoginRequest request,
|
|
CancellationToken cancellationToken
|
|
)
|
|
{
|
|
var user = await authService.GetUserWithCredentials(
|
|
request.Username,
|
|
request.Password,
|
|
cancellationToken
|
|
);
|
|
|
|
if (user is null)
|
|
return Forbid();
|
|
|
|
var session = await authService.CreateStrongSession(user.Id);
|
|
|
|
HttpContext.SetSession(session, user);
|
|
|
|
return new LoginResponse(user.Id, user.Username, user.Roles.Any(r => r == Role.SuperUser));
|
|
}
|
|
|
|
[HttpPost("register")]
|
|
public async Task<ActionResult<RegisterResponse>> Register([FromBody] RegisterRequest request)
|
|
{
|
|
var user = await authModule.Command(
|
|
new RegisterCommand(request.Username, request.Password, request.SignupCode)
|
|
);
|
|
|
|
var session = await authService.CreateStrongSession(user.Id);
|
|
|
|
HttpContext.SetSession(session, user);
|
|
return new RegisterResponse(
|
|
user.Id,
|
|
user.Username,
|
|
user.Roles.Any(r => r == Role.SuperUser)
|
|
);
|
|
}
|
|
|
|
[HttpDelete("session")]
|
|
public async Task<ActionResult> DeleteSession()
|
|
{
|
|
var (sessionId, userId) = HttpContext.GetSessionInfo();
|
|
|
|
if (sessionId is not null)
|
|
{
|
|
await authService.DeleteSession(sessionId);
|
|
HttpContext.DeleteSession();
|
|
}
|
|
|
|
return Ok(new { });
|
|
}
|
|
|
|
[HttpGet("user/{userId}")]
|
|
[Authorize]
|
|
public async Task<ActionResult<GetUserInfoResult>> GetUserInfo(
|
|
Guid userId,
|
|
CancellationToken cancellationToken
|
|
)
|
|
{
|
|
var currentUser = currentUserContext.CurrentUser;
|
|
|
|
if (currentUser is null || currentUser.Id != userId)
|
|
return this.BadRequest();
|
|
|
|
var user = await authService.GetUserWithId(userId, cancellationToken);
|
|
|
|
if (user is null)
|
|
return this.BadRequest();
|
|
|
|
return new GetUserInfoResult(
|
|
user.Id,
|
|
user.Username,
|
|
user.Roles.Any(r => r == Role.SuperUser)
|
|
);
|
|
}
|
|
|
|
[HttpPost("signup-codes")]
|
|
[Authorize(Roles = "SuperUser")]
|
|
public async Task<ActionResult> CreateSignupCode(
|
|
[FromBody] CreateSignupCodeRequest request,
|
|
CancellationToken cancellationToken
|
|
)
|
|
{
|
|
await authModule.Command(
|
|
new CreateSignupCodeCommand(request.Code, request.Email, request.Name),
|
|
cancellationToken
|
|
);
|
|
|
|
return Ok(new { });
|
|
}
|
|
|
|
[HttpGet("signup-codes")]
|
|
[Authorize(Roles = "SuperUser")]
|
|
public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(
|
|
CancellationToken cancellationToken
|
|
)
|
|
{
|
|
var codes = await authModule.Query(new GetSignupCodesQuery(), cancellationToken);
|
|
|
|
return new ListSignupCodesResult(
|
|
codes.Select(c => new SignupCodeDto(
|
|
c.Code,
|
|
c.Email,
|
|
c.Name,
|
|
c.RedeemedByUserId,
|
|
c.RedeemedByUsername,
|
|
c.ExpiresOn
|
|
))
|
|
);
|
|
}
|
|
}
|