1 files changed, 17 insertions, 9 deletions

diff --git a/Controllers/LoginController.cs b/Controllers/LoginController.cs
index fff3e6e..aa680a0 100644
--- a/Controllers/LoginController.cs
+++ b/Controllers/LoginController.cs
@@ -1,5 +1,7 @@
-using Microsoft.AspNetCore.Authentication;
+using HyperBooru.Services;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Cryptography.KeyDerivation;
 using Microsoft.AspNetCore.Mvc;
 using System.Security.Claims;
 
@@ -15,10 +17,20 @@ public class LoginController : Controller {
     [HttpPost("Login")]
     public async Task<IActionResult> Login(
         [FromForm] string username,
-        [FromForm] string password) {
+        [FromForm] string password,
+        HBContext db) {
+
+        var user = db.Users.FirstOrDefault(u => u.Username == username);
+        if(user is null)
+            return StatusCode(403);
+
+        var hash = UserService.HashPassword(password);
+        if(hash != user.PasswordHash)
+            return StatusCode(403);
 
         var claims = new Claim[] {
-            new Claim(ClaimTypes.NameIdentifier, username)
+            new Claim(ClaimTypes.Name, user.Username),
+            new Claim("ObjectId", user.ObjectId.ToString())
         };
 
         var claimsIdentity = new ClaimsIdentity(
@@ -27,12 +39,8 @@ public class LoginController : Controller {
 
         var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
 
-        if(username == "admin" && password == "test") {
-            await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal);
-            return Ok();
-        } else {
-            return StatusCode(403);
-        }
+        await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal);
+        return Ok();
     }
 
     [HttpPost("Logout")]