MireaBackend/Endpoint/Controllers/V1/AuthController.cs

146 lines
5.5 KiB
C#
Raw Normal View History

2024-09-18 06:00:07 +03:00
using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Mirea.Api.Dto.Common;
using Mirea.Api.Dto.Requests;
2024-11-04 02:59:51 +03:00
using Mirea.Api.Dto.Responses;
using Mirea.Api.Endpoint.Common.Attributes;
2024-08-27 22:52:07 +03:00
using Mirea.Api.Endpoint.Common.Exceptions;
using Mirea.Api.Endpoint.Common.MapperDto;
2024-07-05 01:35:19 +03:00
using Mirea.Api.Endpoint.Common.Services;
2024-10-07 02:13:35 +03:00
using Mirea.Api.Endpoint.Configuration.Model;
using Mirea.Api.Security.Common.Domain;
using Mirea.Api.Security.Services;
using System;
2024-11-04 02:39:10 +03:00
using System.Collections.Generic;
using System.Threading.Tasks;
namespace Mirea.Api.Endpoint.Controllers.V1;
[ApiVersion("1.0")]
public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, PasswordHashService passwordService) : BaseController
{
private CookieOptionsParameters GetCookieParams() =>
new()
{
2024-08-10 23:11:43 +03:00
Domain = HttpContext.GetCurrentDomain(),
Path = UrlHelper.GetSubPathWithoutFirstApiName + "api"
};
2024-11-04 03:14:42 +03:00
/// <summary>
/// Gets the list of available OAuth providers with their respective redirect URIs.
/// </summary>
/// <returns>A list of available providers.</returns>
2024-11-04 02:59:51 +03:00
[HttpGet("GetAvailableProviders")]
public ActionResult<List<AvailableProvidersResponse>> GetUrls() =>
Ok(oAuthService
.GetAvailableProviders(HttpContext, GetCookieParams(), HttpContext.GetApiUrl(Url.Action("OAuth2")!))
.ConvertToDto());
2024-11-04 03:14:42 +03:00
/// <summary>
/// Logs in a user using their username or email and password.
/// </summary>
/// <param name="request">The login request containing username/email and password.</param>
/// <returns>A TwoFactorAuthentication token if the login is successful; otherwise, a BadRequest response.</returns>
[HttpPost("Login")]
[BadRequestResponse]
2024-11-02 00:50:10 +03:00
public async Task<ActionResult<TwoFactorAuthentication>> Login([FromBody] LoginRequest request)
{
var userEntity = user.Value;
if (!userEntity.Username.Equals(request.Username, StringComparison.OrdinalIgnoreCase) &&
!userEntity.Email.Equals(request.Username, StringComparison.OrdinalIgnoreCase))
2024-11-04 03:14:17 +03:00
return Unauthorized("Authentication failed. Please check your credentials.");
var tokenResult = await auth.LoginAsync(
GetCookieParams(),
new User
{
2024-11-02 22:09:40 +03:00
Id = 1.ToString(),
Username = userEntity.Username,
Email = userEntity.Email,
PasswordHash = userEntity.PasswordHash,
Salt = userEntity.Salt,
2024-11-02 00:50:10 +03:00
TwoFactorAuthenticator = userEntity.TwoFactorAuthenticator,
2024-11-04 02:39:10 +03:00
SecondFactorToken = userEntity.Secret,
OAuthProviders = userEntity.OAuthProviders
},
HttpContext, request.Password);
return Ok(tokenResult.ConvertToDto());
}
2024-11-04 03:14:42 +03:00
/// <summary>
/// Performs two-factor authentication for the user.
/// </summary>
/// <param name="request">The request containing the method and code for two-factor authentication.</param>
/// <returns>A boolean indicating whether the two-factor authentication was successful.</returns>
[HttpPost("2FA")]
[BadRequestResponse]
2024-11-02 22:09:40 +03:00
public async Task<ActionResult<bool>> TwoFactorAuth([FromBody] TwoFactorAuthRequest request)
{
var tokenResult = await auth.LoginAsync(GetCookieParams(), HttpContext, request.Method.ConvertFromDto(), request.Code);
2024-11-02 22:09:40 +03:00
return Ok(tokenResult);
}
2024-06-28 22:55:18 +03:00
/// <summary>
/// Refreshes the authentication token using the existing refresh token.
/// </summary>
/// <returns>User's AuthRoles.</returns>
[HttpGet("ReLogin")]
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult<AuthRoles>> ReLogin()
{
await auth.RefreshTokenAsync(GetCookieParams(), HttpContext);
return Ok(AuthRoles.Admin);
}
2024-06-28 22:55:18 +03:00
/// <summary>
/// Logs the user out by clearing the refresh token and performing any necessary cleanup.
/// </summary>
/// <returns>An Ok response if the logout was successful.</returns>
[HttpGet("Logout")]
public async Task<ActionResult> Logout()
{
await auth.LogoutAsync(GetCookieParams(), HttpContext);
return Ok();
}
2024-06-28 22:55:18 +03:00
/// <summary>
/// Retrieves the role of the authenticated user.
/// </summary>
/// <returns>The role of the authenticated user.</returns>
[HttpGet("GetRole")]
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
[Authorize]
public ActionResult<AuthRoles> GetRole() => Ok(AuthRoles.Admin);
2024-08-27 22:52:07 +03:00
[HttpPost("RenewPassword")]
[ApiExplorerSettings(IgnoreApi = true)]
[Localhost]
[BadRequestResponse]
public ActionResult<string> RenewPassword([FromBody] string? password = null)
{
if (string.IsNullOrEmpty(password))
password = string.Empty;
else if (!PasswordHashService.HasPasswordInPolicySecurity(password))
throw new ControllerArgumentException("The password must be at least 8 characters long and contain at least one uppercase letter and one special character.");
while (!PasswordHashService.HasPasswordInPolicySecurity(password))
password = GeneratorKey.GenerateAlphaNumeric(16, includes: "!@#%^");
var (salt, hash) = passwordService.HashPassword(password);
var admin = user.Value;
admin.Salt = salt;
admin.PasswordHash = hash;
admin.SaveSetting();
return Ok(password);
}
}