using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using UniVerse.Application.DTOs.Auth; using UniVerse.Application.Interfaces; using System.Security.Claims; namespace UniVerse.Api.Controllers; [ApiController] [Route("api/v1/auth")] public class AuthController : ControllerBase { private readonly IAuthService _auth; public AuthController(IAuthService auth) => _auth = auth; [HttpPost("login/microsoft")] public async Task> LoginMicrosoft([FromBody] LoginMicrosoftRequest request) { var result = await _auth.LoginWithMicrosoftAsync(request.AuthorizationCode); SetRefreshTokenCookie(result.RefreshToken); return Ok(result.Response); } [HttpPost("login/dev")] public async Task> DevLogin([FromBody] DevLoginRequest request) { if (!HttpContext.RequestServices.GetRequiredService().IsDevelopment()) return NotFound(); var result = await _auth.DevLoginAsync(request.Email, request.DisplayName, request.Role); SetRefreshTokenCookie(result.RefreshToken); return Ok(result.Response); } [HttpPost("refresh")] public async Task> Refresh() { var refreshToken = Request.Cookies["refreshToken"]; if (string.IsNullOrEmpty(refreshToken)) return Unauthorized(); var result = await _auth.RefreshTokenAsync(refreshToken); SetRefreshTokenCookie(result.RefreshToken); return Ok(result.Response); } [Authorize] [HttpPost("logout")] public async Task Logout() { var refreshToken = Request.Cookies["refreshToken"]; if (!string.IsNullOrEmpty(refreshToken)) await _auth.RevokeRefreshTokenAsync(refreshToken); Response.Cookies.Delete("refreshToken"); return NoContent(); } [Authorize] [HttpGet("me")] public async Task Me() { var userId = int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier) ?? User.FindFirstValue("sub") ?? "0"); var user = await _auth.GetCurrentUserAsync(userId); return Ok(user); } private void SetRefreshTokenCookie(string token) { Response.Cookies.Append("refreshToken", token, new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.Strict, Expires = DateTime.UtcNow.AddDays(30) }); } }