using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using T120B165_ImgBoard.Dtos; using T120B165_ImgBoard.Models; using T120B165_ImgBoard.Services; namespace T120B165_ImgBoard.Controllers; [ApiController] [Route("api/auth")] public class AuthController(UserManager userManager, ITokenService tokenService): ControllerBase { [HttpPost("register")] public async Task> Register(RegisterDto dto) { var user = new User { UserName = dto.UserName, Email = dto.Email, }; var result = await userManager.CreateAsync(user, dto.Password); await userManager.AddToRoleAsync(user, UserRoles.Regular); if (!result.Succeeded) { return BadRequest(result.Errors); } return Ok(user); } [HttpPost("login")] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] public async Task> Login(LoginDto dto) { var user = await userManager.FindByEmailAsync(dto.Email); if (user == null || !await userManager.CheckPasswordAsync(user, dto.Password)) return Unauthorized(); var accessToken = await tokenService.GenerateJwtToken(user); var refreshToken = await tokenService.GenerateRefreshToken(user); return Ok(new TokenDto(AccessToken: accessToken, RefreshToken: refreshToken)); } [HttpPost("refresh")] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] public async Task> Refresh(RefreshDto dto) { var token = await tokenService.GetRefreshTokenByValue(dto.RefreshToken); if (token == null) return Unauthorized(); var user = token.User; await tokenService.InvalidateRefreshToken(token); var accessToken = await tokenService.GenerateJwtToken(user); var newRefreshToken = await tokenService.GenerateRefreshToken(user); return Ok(new TokenDto(AccessToken: accessToken, RefreshToken: newRefreshToken)); } }