Initial commit
This commit is contained in:
100
MealPlan.Api/Controllers/AuthController.cs
Normal file
100
MealPlan.Api/Controllers/AuthController.cs
Normal file
@@ -0,0 +1,100 @@
|
||||
using System.Security.Claims;
|
||||
using MealPlan.Api.DTOs.Auth;
|
||||
using MealPlan.Api.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.RateLimiting;
|
||||
|
||||
namespace MealPlan.Api.Controllers;
|
||||
|
||||
[ApiController]
|
||||
[Route("api/auth")]
|
||||
public class AuthController : ControllerBase
|
||||
{
|
||||
private readonly IAuthService _authService;
|
||||
|
||||
public AuthController(IAuthService authService) => _authService = authService;
|
||||
|
||||
/// <summary>Creates a new user account and returns an access + refresh token pair.</summary>
|
||||
[HttpPost("register")]
|
||||
[AllowAnonymous]
|
||||
[EnableRateLimiting("login")]
|
||||
[ProducesResponseType(typeof(TokenResponseDto), StatusCodes.Status201Created)]
|
||||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||||
[ProducesResponseType(StatusCodes.Status409Conflict)]
|
||||
public async Task<IActionResult> Register([FromBody] RegisterRequestDto request, CancellationToken ct)
|
||||
{
|
||||
var result = await _authService.RegisterAsync(request, ct);
|
||||
if (!result.Succeeded)
|
||||
{
|
||||
var status = result.Error?.Contains("already exists", StringComparison.OrdinalIgnoreCase) == true
|
||||
? StatusCodes.Status409Conflict
|
||||
: StatusCodes.Status400BadRequest;
|
||||
return StatusCode(status, new { error = result.Error });
|
||||
}
|
||||
|
||||
return StatusCode(StatusCodes.Status201Created, result.Tokens);
|
||||
}
|
||||
|
||||
/// <summary>Authenticates a user and returns an access + refresh token pair.</summary>
|
||||
[HttpPost("login")]
|
||||
[AllowAnonymous]
|
||||
[EnableRateLimiting("login")]
|
||||
[ProducesResponseType(typeof(TokenResponseDto), StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
|
||||
public async Task<IActionResult> Login([FromBody] LoginRequestDto request, CancellationToken ct)
|
||||
{
|
||||
var result = await _authService.LoginAsync(request, ct);
|
||||
if (!result.Succeeded)
|
||||
{
|
||||
return Unauthorized(new { error = result.Error });
|
||||
}
|
||||
|
||||
return Ok(result.Tokens);
|
||||
}
|
||||
|
||||
/// <summary>Rotates a refresh token and issues a fresh token pair.</summary>
|
||||
[HttpPost("refresh")]
|
||||
[AllowAnonymous]
|
||||
[ProducesResponseType(typeof(TokenResponseDto), StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
|
||||
public async Task<IActionResult> Refresh([FromBody] RefreshRequestDto request, CancellationToken ct)
|
||||
{
|
||||
var result = await _authService.RefreshAsync(request.RefreshToken, ct);
|
||||
if (!result.Succeeded)
|
||||
{
|
||||
return Unauthorized(new { error = result.Error });
|
||||
}
|
||||
|
||||
return Ok(result.Tokens);
|
||||
}
|
||||
|
||||
/// <summary>Revokes the supplied refresh token. Always returns 204.</summary>
|
||||
[HttpPost("logout")]
|
||||
[AllowAnonymous]
|
||||
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
||||
public IActionResult Logout([FromBody] RefreshRequestDto request)
|
||||
{
|
||||
_authService.Logout(request.RefreshToken);
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
/// <summary>Returns the currently authenticated user's profile.</summary>
|
||||
[HttpGet("me")]
|
||||
[Authorize]
|
||||
[ProducesResponseType(typeof(UserInfoDto), StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
|
||||
public async Task<IActionResult> Me(CancellationToken ct)
|
||||
{
|
||||
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier)
|
||||
?? User.FindFirstValue("sub");
|
||||
|
||||
if (string.IsNullOrEmpty(userId))
|
||||
{
|
||||
return Unauthorized();
|
||||
}
|
||||
|
||||
var info = await _authService.GetUserInfoAsync(userId, ct);
|
||||
return info is null ? Unauthorized() : Ok(info);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user