Добавил слой Infrastructure
This commit is contained in:
@@ -0,0 +1,173 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using UniVerse.Application.DTOs.Auth;
|
||||
using UniVerse.Application.DTOs.Users;
|
||||
using UniVerse.Application.Interfaces;
|
||||
using UniVerse.Application.Mappings;
|
||||
using UniVerse.Domain.Entities;
|
||||
using UniVerse.Domain.Enums;
|
||||
using UniVerse.Domain.Exceptions;
|
||||
using UniVerse.Infrastructure.Data;
|
||||
|
||||
namespace UniVerse.Infrastructure.Services;
|
||||
|
||||
public class AuthService : IAuthService
|
||||
{
|
||||
private readonly AppDbContext _db;
|
||||
private readonly IConfiguration _config;
|
||||
private readonly IGamificationService _gamification;
|
||||
|
||||
public AuthService(AppDbContext db, IConfiguration config, IGamificationService gamification)
|
||||
{
|
||||
_db = db;
|
||||
_config = config;
|
||||
_gamification = gamification;
|
||||
}
|
||||
|
||||
public async Task<AuthResponse> LoginWithMicrosoftAsync(string authorizationCode)
|
||||
{
|
||||
// Stub: in production, exchange authorizationCode with Microsoft Entra ID
|
||||
// For now, create/find a demo user
|
||||
throw new NotImplementedException(
|
||||
"Microsoft Entra ID integration not yet configured. Use /api/v1/auth/login/dev in Development mode.");
|
||||
}
|
||||
|
||||
public async Task<AuthResponse> DevLoginAsync(string email, string? displayName, UserRole role)
|
||||
{
|
||||
var user = await _db.Users.FirstOrDefaultAsync(u => u.Email == email);
|
||||
|
||||
if (user == null)
|
||||
{
|
||||
user = new User
|
||||
{
|
||||
Email = email,
|
||||
DisplayName = displayName ?? email.Split('@')[0],
|
||||
Role = role,
|
||||
IsActive = true
|
||||
};
|
||||
_db.Users.Add(user);
|
||||
await _db.SaveChangesAsync();
|
||||
|
||||
// Create profile based on role
|
||||
if (role == UserRole.Student)
|
||||
{
|
||||
_db.StudentProfiles.Add(new StudentProfile { UserId = user.Id });
|
||||
await _db.SaveChangesAsync();
|
||||
}
|
||||
else if (role == UserRole.Teacher)
|
||||
{
|
||||
_db.TeacherProfiles.Add(new TeacherProfile { UserId = user.Id });
|
||||
await _db.SaveChangesAsync();
|
||||
}
|
||||
}
|
||||
|
||||
if (!user.IsActive)
|
||||
throw new ForbiddenException("Account is deactivated.");
|
||||
|
||||
var accessToken = GenerateAccessToken(user);
|
||||
var refreshToken = await GenerateRefreshTokenAsync(user.Id);
|
||||
|
||||
return new AuthResponse(
|
||||
accessToken,
|
||||
DateTime.UtcNow.AddMinutes(GetAccessTokenExpiration()),
|
||||
user.ToAuthDto()
|
||||
);
|
||||
}
|
||||
|
||||
public async Task<AuthResponse> RefreshTokenAsync(string refreshToken)
|
||||
{
|
||||
var token = await _db.RefreshTokens
|
||||
.Include(rt => rt.User)
|
||||
.FirstOrDefaultAsync(rt => rt.Token == refreshToken);
|
||||
|
||||
if (token == null || !token.IsActive)
|
||||
throw new ForbiddenException("Invalid or expired refresh token.");
|
||||
|
||||
// Revoke old token
|
||||
token.RevokedAt = DateTime.UtcNow;
|
||||
|
||||
// Generate new tokens
|
||||
var accessToken = GenerateAccessToken(token.User);
|
||||
var newRefreshToken = await GenerateRefreshTokenAsync(token.UserId);
|
||||
|
||||
await _db.SaveChangesAsync();
|
||||
|
||||
return new AuthResponse(
|
||||
accessToken,
|
||||
DateTime.UtcNow.AddMinutes(GetAccessTokenExpiration()),
|
||||
token.User.ToAuthDto()
|
||||
);
|
||||
}
|
||||
|
||||
public async Task RevokeRefreshTokenAsync(string refreshToken)
|
||||
{
|
||||
var token = await _db.RefreshTokens.FirstOrDefaultAsync(rt => rt.Token == refreshToken);
|
||||
if (token != null && token.IsActive)
|
||||
{
|
||||
token.RevokedAt = DateTime.UtcNow;
|
||||
await _db.SaveChangesAsync();
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<UserDto> GetCurrentUserAsync(int userId)
|
||||
{
|
||||
var user = await _db.Users.FindAsync(userId)
|
||||
?? throw new NotFoundException("User", userId);
|
||||
return user.ToDto(_gamification.CalculateLevel(user.Xp));
|
||||
}
|
||||
|
||||
private string GenerateAccessToken(User user)
|
||||
{
|
||||
var key = new SymmetricSecurityKey(
|
||||
Encoding.UTF8.GetBytes(_config["Jwt:Secret"]!));
|
||||
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
||||
|
||||
var claims = new[]
|
||||
{
|
||||
new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
|
||||
new Claim(JwtRegisteredClaimNames.Email, user.Email),
|
||||
new Claim(ClaimTypes.Role, user.Role.ToString()),
|
||||
new Claim("display_name", user.DisplayName ?? "")
|
||||
};
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: _config["Jwt:Issuer"],
|
||||
audience: _config["Jwt:Audience"],
|
||||
claims: claims,
|
||||
expires: DateTime.UtcNow.AddMinutes(GetAccessTokenExpiration()),
|
||||
signingCredentials: creds
|
||||
);
|
||||
|
||||
return new JwtSecurityTokenHandler().WriteToken(token);
|
||||
}
|
||||
|
||||
private async Task<string> GenerateRefreshTokenAsync(int userId)
|
||||
{
|
||||
var randomBytes = RandomNumberGenerator.GetBytes(64);
|
||||
var tokenString = Convert.ToBase64String(randomBytes);
|
||||
|
||||
var refreshToken = new RefreshToken
|
||||
{
|
||||
UserId = userId,
|
||||
Token = tokenString,
|
||||
ExpiresAt = DateTime.UtcNow.AddDays(GetRefreshTokenExpiration()),
|
||||
CreatedAt = DateTime.UtcNow
|
||||
};
|
||||
|
||||
_db.RefreshTokens.Add(refreshToken);
|
||||
await _db.SaveChangesAsync();
|
||||
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
private int GetAccessTokenExpiration() =>
|
||||
int.Parse(_config["Jwt:AccessTokenExpirationMinutes"] ?? "30");
|
||||
|
||||
private int GetRefreshTokenExpiration() =>
|
||||
int.Parse(_config["Jwt:RefreshTokenExpirationDays"] ?? "30");
|
||||
}
|
||||
Reference in New Issue
Block a user