mirror of
https://github.com/GCMatters/hermes.git
synced 2026-02-04 13:40:13 +01:00
Auth endpoints
This commit is contained in:
AleksDw
@@ -1,9 +1,11 @@
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.AspNetCore.Http.HttpResults;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using WebApp.Data;
|
||||
using WebApp.DTOs;
|
||||
using WebApp.Entities;
|
||||
using WebApp.Mapping;
|
||||
|
||||
namespace WebApp.Endpoints
|
||||
{
|
||||
@@ -12,33 +14,23 @@ namespace WebApp.Endpoints
|
||||
|
||||
public static RouteGroupBuilder MapAuthEndpoints(this WebApplication app)
|
||||
{
|
||||
var group = app.MapGroup("auth")
|
||||
const string GetUserEndpointName = "GetUser";
|
||||
|
||||
var group = app.MapGroup("api/auth")
|
||||
.WithParameterValidation();
|
||||
|
||||
group.MapPost("/login", async (LoginDto dto, ApplicationDbContext context) =>
|
||||
group.MapPost("/login", async (LoginDto dto, ApplicationDbContext context, GeneralUseHelpers guh) =>
|
||||
{
|
||||
var user = await context.WebUsers.FirstOrDefaultAsync(u => u.Email == dto.Email);
|
||||
if (user == null)
|
||||
{
|
||||
return Results.Json(new {message = "Wrong email or password."}, statusCode: 401);
|
||||
}
|
||||
|
||||
string hashedPassword = HashPasswordSHA512(dto.Password);
|
||||
|
||||
if(user.Password != hashedPassword)
|
||||
if (user == null || user.Password != hashedPassword)
|
||||
{
|
||||
return Results.Json(new { message = "Wrong email or password." }, statusCode: 401);
|
||||
}
|
||||
|
||||
var token = new Token
|
||||
{
|
||||
UserId = user.UserId,
|
||||
Value = "lah-" + Guid.NewGuid().ToString(),
|
||||
ValidUntil = DateTime.UtcNow.AddDays(7),
|
||||
};
|
||||
|
||||
context.Tokens.Add(token);
|
||||
await context.SaveChangesAsync();
|
||||
var token = await guh.CreateNewToken(user.UserId);
|
||||
|
||||
return Results.Ok(new
|
||||
{
|
||||
@@ -47,6 +39,87 @@ namespace WebApp.Endpoints
|
||||
});
|
||||
});
|
||||
|
||||
group.MapPost("/logout", async (HttpContext httpContext, GeneralUseHelpers guh) =>
|
||||
{
|
||||
var token = await guh.GetTokenFromHTTPContext(httpContext);
|
||||
|
||||
if (token == null)
|
||||
{
|
||||
return Results.Json(new { message = "No valid token found." }, statusCode: 401);
|
||||
}
|
||||
|
||||
await guh.DeleteToken(token);
|
||||
|
||||
httpContext.Response.Cookies.Delete("token");
|
||||
|
||||
return Results.Ok(new { success = true });
|
||||
});
|
||||
|
||||
group.MapGet("/my_account", async (HttpContext httpContext, GeneralUseHelpers guh) =>
|
||||
{
|
||||
var token = await guh.GetTokenFromHTTPContext(httpContext);
|
||||
|
||||
if(token == null)
|
||||
{
|
||||
return Results.Json(new { message = "No valid token found." }, statusCode: 401);
|
||||
}
|
||||
|
||||
User? user = await guh.GetUserFromToken(token);
|
||||
|
||||
if(user == null)
|
||||
{
|
||||
return Results.Json(new {message = "No user found."}, statusCode: 404);
|
||||
}
|
||||
|
||||
return Results.Ok(user.ToUserSummaryDto());
|
||||
})
|
||||
.WithName(GetUserEndpointName);
|
||||
|
||||
group.MapGet("/my_events", async (HttpContext httpContext, GeneralUseHelpers guh, ApplicationDbContext context) =>
|
||||
{
|
||||
var token = await guh.GetTokenFromHTTPContext(httpContext);
|
||||
|
||||
if (token == null)
|
||||
{
|
||||
return Results.Json(new { message = "No valid token found." }, statusCode: 401);
|
||||
}
|
||||
|
||||
User? user = await guh.GetUserFromToken(token);
|
||||
|
||||
if (user == null)
|
||||
{
|
||||
return Results.Json(new { message = "No user found." }, statusCode: 404);
|
||||
}
|
||||
|
||||
if(!user.IsOrganisation)
|
||||
{
|
||||
var events = await context.EventRegistrations
|
||||
.Where(er => er.VolunteerId == user.UserId)
|
||||
.Select(er => er.Event.ToEventSummaryNoErDto())
|
||||
.ToListAsync();
|
||||
|
||||
return Results.Ok(events);
|
||||
}
|
||||
else
|
||||
{
|
||||
var org = await context.Organisations.FirstOrDefaultAsync(o => o.UserId == user.UserId);
|
||||
|
||||
if(org == null)
|
||||
{
|
||||
return Results.Json(new { message = "No organisation found for this user." }, statusCode: 404);
|
||||
}
|
||||
|
||||
var events = await context.Events
|
||||
.Where(e => e.OrganisationId == org.OrganisationId)
|
||||
.Select(e => e.ToEventSummaryDto())
|
||||
.ToListAsync();
|
||||
|
||||
return Results.Ok(events);
|
||||
}
|
||||
|
||||
|
||||
});
|
||||
|
||||
return group;
|
||||
}
|
||||
|
||||
@@ -58,7 +131,6 @@ namespace WebApp.Endpoints
|
||||
byte[] hash = sha512.ComputeHash(bytes);
|
||||
string hashstring = BitConverter.ToString(hash).Replace("-", "").ToLower();
|
||||
|
||||
Console.WriteLine($"Hashed Password: {hashstring}");
|
||||
return hashstring;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,4 +66,25 @@ public class GeneralUseHelpers
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public async Task<Token> CreateNewToken(int userId)
|
||||
{
|
||||
var token = new Token
|
||||
{
|
||||
UserId = userId,
|
||||
Value = "lah-" + Guid.NewGuid().ToString(),
|
||||
ValidUntil = DateTime.UtcNow.AddDays(7)
|
||||
};
|
||||
|
||||
_context.Tokens.Add(token);
|
||||
await _context.SaveChangesAsync();
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
public async Task DeleteToken(Token token)
|
||||
{
|
||||
_context.Tokens.Remove(token);
|
||||
await _context.SaveChangesAsync();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user