133 lines
3.6 KiB
C#
133 lines
3.6 KiB
C#
using Emberend.Database;
|
|
using Emberend.Helpers;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using System.Security.Claims;
|
|
using System.Text.Json;
|
|
|
|
namespace Emberend.Endpoints;
|
|
|
|
public static class UserAccess
|
|
{
|
|
public static void MapUserAccessEndpoints(this IEndpointRouteBuilder routes)
|
|
{
|
|
MapPostLogin(routes);
|
|
MapPostRegister(routes);
|
|
MapPostLogout(routes);
|
|
|
|
|
|
MapGetUserById(routes);
|
|
}
|
|
|
|
private static void MapPostLogin(IEndpointRouteBuilder routes)
|
|
{
|
|
routes.MapPost("/login", async (LoginDto dto, AppDbContext db, HttpContext context) =>
|
|
{
|
|
var user = await db.Users
|
|
.AsNoTracking()
|
|
.FirstOrDefaultAsync(u => u.Email == dto.Email);
|
|
|
|
if (user is null)
|
|
{
|
|
context.Response.StatusCode = 401;
|
|
await context.Response.WriteAsync("");
|
|
return;
|
|
}
|
|
|
|
var hash = PasswordHasher.Hash(dto.Password, user.Salt);
|
|
|
|
|
|
var claims = new[]
|
|
{
|
|
new Claim(ClaimTypes.NameIdentifier, user.Id),
|
|
new Claim(ClaimTypes.Email, user.Email)
|
|
};
|
|
|
|
var identity = new ClaimsIdentity(claims, "auth");
|
|
await context.SignInAsync("auth", new ClaimsPrincipal(identity));
|
|
|
|
|
|
var loginResponse = new
|
|
{
|
|
user.Id,
|
|
user.Email,
|
|
user.Name,
|
|
user.ProfilePicture
|
|
};
|
|
|
|
context.Response.ContentType = "application/json";
|
|
context.Response.StatusCode = 200;
|
|
|
|
await context.Response.WriteAsync(JsonSerializer.Serialize(loginResponse));
|
|
return;
|
|
});
|
|
}
|
|
|
|
private static void MapPostRegister(IEndpointRouteBuilder routes)
|
|
{
|
|
routes.MapPost("/register", async (HttpContext context, RegisterDto dto, AppDbContext db) =>
|
|
{
|
|
if (dto.Password.Length < 6)
|
|
{
|
|
context.Response.StatusCode = 400;
|
|
return;
|
|
}
|
|
|
|
if (await db.Users.AsNoTracking().AnyAsync(u => u.Email == dto.Email))
|
|
{
|
|
context.Response.StatusCode = 409;
|
|
return;
|
|
}
|
|
|
|
var salt = PasswordHasher.NewSalt();
|
|
var hash = PasswordHasher.Hash(dto.Password, salt);
|
|
|
|
var user = new User
|
|
{
|
|
Id = Guid.NewGuid().ToString(),
|
|
Email = dto.Email,
|
|
Name = "",
|
|
PasswordHash = hash,
|
|
Salt = salt,
|
|
ProfilePicture = ""
|
|
};
|
|
|
|
db.Users.Add(user);
|
|
await db.SaveChangesAsync();
|
|
|
|
context.Response.ContentType = "application/json";
|
|
context.Response.StatusCode = 200;
|
|
return;
|
|
});
|
|
}
|
|
|
|
|
|
private static void MapPostLogout(IEndpointRouteBuilder routes)
|
|
{
|
|
routes.MapPost("/logout", async (HttpContext context) =>
|
|
{
|
|
await context.SignOutAsync("auth");
|
|
|
|
context.Response.StatusCode = 200;
|
|
await context.Response.WriteAsync("");
|
|
});
|
|
}
|
|
|
|
|
|
|
|
private static void MapGetUserById(IEndpointRouteBuilder routes)
|
|
{
|
|
routes.MapGet("/user/{id}", async context =>
|
|
{
|
|
var id = context.Request.RouteValues["id"];
|
|
//Dodaj null check ^
|
|
|
|
await context.Response.WriteAsync($"User: {id}");
|
|
});
|
|
}
|
|
}
|
|
|