feat(AuthController): Login-Methode für Verbraucher-APIs hinzugefügt.

2025-01-15 13:48:58 +01:00
parent 69efe28310
commit 79eaa06ed4
4 changed files with 56 additions and 16 deletions
--- a/src/DigitalData.Auth.API/Controllers/AuthController.cs
+++ b/src/DigitalData.Auth.API/Controllers/AuthController.cs
@@ -11,6 +11,8 @@ using DigitalData.UserManager.Application.Contracts;
 using DigitalData.UserManager.Application.DTOs.User;
 using DigitalData.Core.Abstractions.Application;
 using System.Net;
+using DigitalData.Auth.API.Dto;
+using DigitalData.Auth.API.Services.Contracts;

 namespace DigitalData.Auth.API.Controllers
 {
@@ -20,6 +22,8 @@ namespace DigitalData.Auth.API.Controllers
    {
        private readonly IJwtSignatureHandler<UserReadDto> _userSignatureHandler;

+        private readonly IJwtSignatureHandler<ConsumerApi> _apiSignatureHandler;
+
        private readonly AuthApiParams _apiParams;

        private readonly ICryptoFactory _cryptoFactory;
@@ -30,7 +34,9 @@ namespace DigitalData.Auth.API.Controllers

        private readonly IDirectorySearchService _dirSearchService;

-        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, ICryptoFactory cryptoFactory, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService)
+        private readonly IConsumerApiService _consumerApiService;
+
+        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, ICryptoFactory cryptoFactory, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerApiService consumerApiService, IJwtSignatureHandler<ConsumerApi> apiSignatureHandler)
        {
            _apiParams = cookieParamsOptions.Value;
            _userSignatureHandler = userSignatureHandler;
@@ -38,6 +44,8 @@ namespace DigitalData.Auth.API.Controllers
            _logger = logger;
            _userService = userService;
            _dirSearchService = dirSearchService;
+            _consumerApiService = consumerApiService;
+            _apiSignatureHandler = apiSignatureHandler;
        }

        private async Task<IActionResult> CreateTokenAsync(LogInDto login, string consumerRoute, bool cookie = true)
@@ -57,7 +65,8 @@ namespace DigitalData.Auth.API.Controllers
            if (!_apiParams.Consumers.TryGetByRoute(consumerRoute, out var consumer))
                return Unauthorized();

-            _cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor);
+            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor) || descriptor is null)
+                return StatusCode(StatusCodes.Status500InternalServerError);

            var token = _userSignatureHandler.WriteToken(uRes.Data, descriptor);

@@ -71,10 +80,32 @@ namespace DigitalData.Auth.API.Controllers
                return Ok(token);
        }

+        private async Task<IActionResult> CreateTokenAsync(ConsumerApiLogin login, bool cookie = true)
+        {          
+            if (!await _consumerApiService.VerifyAsync(login.Name, login.Password))
+                return Unauthorized();
+
+            var api = await _consumerApiService.ReadByNameAsync(login.Name);
+
+            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.DefaultConsumer.Audience, out var descriptor) || descriptor is null)
+                return StatusCode(StatusCodes.Status500InternalServerError);
+
+            var token = _apiSignatureHandler!.WriteToken(api, descriptor);
+
+            //set cookie
+            if (cookie)
+            {
+                Response.Cookies.Append(_apiParams.CookieName, token, _apiParams.DefaultConsumer.CookieOptions.Create(lifetime: descriptor.Lifetime));
+                return Ok();
+            }
+            else
+                return Ok(token);
+        }
+
        //TODO: Add role depends on group name
        [HttpPost("~/{consumerRoute}/login")]
        [AllowAnonymous]
-        public async Task<IActionResult> Login([FromBody] LogInDto login, string consumerRoute)
+        public async Task<IActionResult> Login([FromForm] LogInDto login, [FromRoute] string consumerRoute)
        {
            try
            {
@@ -87,6 +118,21 @@ namespace DigitalData.Auth.API.Controllers
            }
        }

+        [HttpPost("~/login")]
+        [AllowAnonymous]
+        public async Task<IActionResult> Login([FromForm] ConsumerApiLogin login)
+        {
+            try
+            {
+                return await CreateTokenAsync(login, true);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "{Message}", ex.Message);
+                return StatusCode(StatusCodes.Status500InternalServerError);
+            }
+        }
+
        [HttpPost("logout")]
        public IActionResult Logout()
        {