login & logout

2026-01-20 19:05:17 +01:00 · 2026-01-20 19:05:17 +01:00 · 68aca1d823
commit 68aca1d823
parent d97b62fc9d
2 changed files with 88 additions and 9 deletions
--- a/Endpoints/UserAccess.cs
+++ b/Endpoints/UserAccess.cs
@ -1,5 +1,12 @@
-using Microsoft.AspNetCore.Builder;
+using Emberend.Database;
+using Emberend.Helpers;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.EntityFrameworkCore;
+using System.Security.Claims;
+using System.Text.Json;

 namespace Emberend.Endpoints;

@ -7,27 +14,83 @@ public static class UserAccess
 {
    public static void MapUserAccessEndpoints(this IEndpointRouteBuilder routes)
    {
-        MapGetLogin(routes);
+        MapPostLogin(routes);
+        MapPostRegister(routes);
+        MapPostLogout(routes);
+
+
        MapGetUserById(routes);
-        MapGetRegister(routes);
    }

-    private static void MapGetLogin(IEndpointRouteBuilder routes)
+    private static void MapPostLogin(IEndpointRouteBuilder routes)
    {
-        routes.MapGet("/login", async context =>
+        routes.MapPost("/login", async (LoginDto dto, AppDbContext db, HttpContext context) =>
        {
-            await context.Response.WriteAsync("/login");
+            var user = await db.Users
+                .AsNoTracking()
+                .FirstOrDefaultAsync(u => u.Email == dto.Email);
+
+            if (user is null)
+            {
+                context.Response.StatusCode = 401;
+                await context.Response.WriteAsync("");
+                return;
+            }
+
+            var hash = PasswordHasher.Hash(dto.Password, user.Salt);
+            
+
+            var claims = new[]
+            {
+                new Claim(ClaimTypes.NameIdentifier, user.Id),
+                new Claim(ClaimTypes.Email, user.Email)
+            };
+
+            var identity = new ClaimsIdentity(claims, "auth");
+            await context.SignInAsync("auth", new ClaimsPrincipal(identity));
+
+
+            var loginResponse = new
+            {
+                user.Id,
+                user.Email,
+                user.Name,
+                user.ProfilePicture
+            };
+
+            context.Response.ContentType = "application/json";
+            context.Response.StatusCode = 200;
+
+            await context.Response.WriteAsync(JsonSerializer.Serialize(loginResponse));
+            return;
        });
    }

-    private static void MapGetRegister(IEndpointRouteBuilder routes)
+    private static void MapPostRegister(IEndpointRouteBuilder routes)
    {
-        routes.MapGet("/register", async context =>
+        routes.MapPost("/logout", async (HttpContext context) =>
        {
-            await context.Response.WriteAsync("/register");
+            await context.SignOutAsync("auth");
+
+            context.Response.StatusCode = 200;
+            await context.Response.WriteAsync("");
        });
    }

+
+    private static void MapPostLogout(IEndpointRouteBuilder routes)
+    {
+        routes.MapPost("/logout", async (HttpContext context) =>
+        {
+            await context.SignOutAsync("auth");
+
+            context.Response.StatusCode = 200;
+            await context.Response.WriteAsync("");
+        });
+    }
+
+
+
    private static void MapGetUserById(IEndpointRouteBuilder routes)
    {
        routes.MapGet("/user/{id}", async context =>
--- a/Helpers/PasswordHelper.cs
+++ b/Helpers/PasswordHelper.cs
@ -0,0 +1,16 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Emberend.Helpers;
+
+static class PasswordHasher
+{
+    public static string Hash(string password, string salt)
+    {
+        var bytes = Encoding.UTF8.GetBytes(password + salt);
+        return Convert.ToHexString(SHA256.HashData(bytes));
+    }
+
+    public static string NewSalt() =>
+        Convert.ToHexString(RandomNumberGenerator.GetBytes(16));
+}