MireaBackend/Endpoint/Controllers/V1/SecurityController.cs

using Asp.Versioning;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Mirea.Api.Dto.Common;
using Mirea.Api.Endpoint.Common.Attributes;
using Mirea.Api.Endpoint.Common.Exceptions;
using Mirea.Api.Endpoint.Common.MapperDto;
using Mirea.Api.Endpoint.Configuration.Model;
using QRCoder;
using System;
using System.Drawing;

namespace Mirea.Api.Endpoint.Controllers.V1;

[ApiVersion("1.0")]
public class SecurityController(IOptionsSnapshot<GeneralConfig> generalConfig) : BaseController
{
    /// <summary>
    /// Generates an SVG QR code for TOTP setup with customizable colors and size.
    /// </summary>
    /// <param name="totpKey">The TOTP secret key to embed in the QR code.</param>
    /// <param name="label">The label to display with the QR code (usually username or email).</param>
    /// <param name="backgroundColor">Background color for the QR code in hex format (e.g., "#FFFFFF" for white). Defaults to transparent.</param>
    /// <param name="foregroundColor">Foreground color for the QR code in hex format (e.g., "#000000" for black), defaults to black.</param>
    /// <param name="size">The pixel size of the QR code image (width and height).</param>
    /// <param name="errorCorrectionLevel">Error correction level (low, medium, high, or very high). Valid values: L, M, Q, H.</param>
    /// <returns>An SVG string of the generated QR code.</returns>
    [HttpGet("GenerateTotpQrCode")]
    [Produces("image/svg+xml")]
    [MaintenanceModeIgnore]
    public IActionResult GenerateTotpQrCode(
        [FromQuery] string totpKey,
        [FromQuery] string label,
        [FromQuery] string? backgroundColor = null,
        [FromQuery] string foregroundColor = "#000000",
        [FromQuery] int size = 250,
        [FromQuery] string? errorCorrectionLevel = "M")
    {
        try
        {
            var bgColor = string.IsNullOrEmpty(backgroundColor) ? Color.Transparent : ColorTranslator.FromHtml(backgroundColor);
            var fgColor = ColorTranslator.FromHtml(foregroundColor);

            var eccLevel = errorCorrectionLevel?.ToUpper() switch
            {
                "L" => QRCodeGenerator.ECCLevel.L,
                "Q" => QRCodeGenerator.ECCLevel.Q,
                "H" => QRCodeGenerator.ECCLevel.H,
                _ => QRCodeGenerator.ECCLevel.M
            };

            var issuer = Uri.EscapeDataString("Mirea Schedule");

            // Generate TOTP URI (otpauth://totp/issuer:username?secret=KEY&issuer=issuer)
            var totpUri = $"otpauth://totp/{issuer}:{label}?secret={totpKey}&issuer={issuer}";

            using var qrGenerator = new QRCodeGenerator();
            var qrCodeData = qrGenerator.CreateQrCode(totpUri, eccLevel);

            using var qrCode = new SvgQRCode(qrCodeData);

            var svgImage = qrCode.GetGraphic(
                pixelsPerModule: size / 25,
                darkColorHex: $"#{fgColor.R:X2}{fgColor.G:X2}{fgColor.B:X2}",
                lightColorHex: $"#{bgColor.R:X2}{bgColor.G:X2}{bgColor.B:X2}"
            );

            return Content(svgImage, "image/svg+xml");
        }
        catch (Exception ex)
        {
            throw new ControllerArgumentException($"Failed to generate QR code: {ex.Message}");
        }
    }

    /// <summary>
    /// Retrieves the current password policy for user authentication.
    /// </summary>
    /// <returns>
    /// The current password policy
    /// </returns>
    [HttpGet("PasswordPolicy")]
    [MaintenanceModeIgnore]
    public ActionResult<PasswordPolicy> PasswordPolicy() =>
        Ok(generalConfig.Value.PasswordPolicy.ConvertToDto());
}