Controllers/LoginController.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

using HyperBooru.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Cryptography.KeyDerivation;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;

namespace HyperBooru.Controllers;

[ApiController]
[Route("/")]
public class LoginController : Controller {
    private IHttpContextAccessor httpContextAccessor;
    private ISecurityService     securityService;

    public LoginController(
        IHttpContextAccessor httpContextAccessor,
        ISecurityService securityService) {

        this.httpContextAccessor = httpContextAccessor;
        this.securityService     = securityService;
    }

    [HttpPost("Login")]
    public async Task<IActionResult> Login(
        [FromForm] string username,
        [FromForm] string password) {

        var user = securityService.GetUser(username);
        if(user is null)
            return StatusCode(403);

        if(!securityService.ValidatePassword(user, password))
            return StatusCode(403);

        var claims = new Claim[] {
            new Claim(ClaimTypes.Name, user.Name),
            new Claim("SID", user.Sid.ToString())
        };

        var claimsIdentity = new ClaimsIdentity(
            claims,
            CookieAuthenticationDefaults.AuthenticationScheme);

        var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

        await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal);
        return Ok();
    }

    [HttpPost("Logout")]
    public async Task Logout() =>
        await httpContextAccessor.HttpContext!.SignOutAsync();
}