Move dotnet api into new directory

2026-06-01 01:54:00 +00:00 · 2026-04-27 15:59:17 -04:00
parent e8c5b8a80c
commit 189bce040b
132 changed files with 0 additions and 0 deletions
--- a/web/backend/Service/Service.Auth/ConfirmationService.cs
+++ b/web/backend/Service/Service.Auth/ConfirmationService.cs
@@ -0,0 +1,53 @@
+
+using Domain.Exceptions;
+using Infrastructure.Repository.Auth;
+using Service.Emails;
+
+namespace Service.Auth;
+
+public class ConfirmationService(
+    IAuthRepository authRepository,
+    ITokenService tokenService,
+    IEmailService emailService
+) : IConfirmationService
+{
+    public async Task<ConfirmationServiceReturn> ConfirmUserAsync(
+        string confirmationToken
+    )
+    {
+        var validatedToken = await tokenService.ValidateConfirmationTokenAsync(
+            confirmationToken
+        );
+
+        var user = await authRepository.ConfirmUserAccountAsync(
+            validatedToken.UserId
+        );
+
+        if (user == null)
+        {
+            throw new UnauthorizedException("User account not found");
+        }
+
+        return new ConfirmationServiceReturn(
+            DateTime.UtcNow,
+            user.UserAccountId
+        );
+    }
+
+    public async Task ResendConfirmationEmailAsync(Guid userId)
+    {
+        var user = await authRepository.GetUserByIdAsync(userId);
+        if (user == null)
+        {
+            return; // Silent return to prevent user enumeration
+        }
+
+        if (await authRepository.IsUserVerifiedAsync(userId))
+        {
+            return; // Already confirmed, no-op
+        }
+
+        var confirmationToken = tokenService.GenerateConfirmationToken(user);
+        await emailService.SendResendConfirmationEmailAsync(user, confirmationToken);
+    }
+}
--- a/web/backend/Service/Service.Auth/IConfirmationService.cs
+++ b/web/backend/Service/Service.Auth/IConfirmationService.cs
@@ -0,0 +1,13 @@
+using Domain.Exceptions;
+using Infrastructure.Repository.Auth;
+
+namespace Service.Auth;
+
+public record ConfirmationServiceReturn(DateTime ConfirmedAt, Guid UserId);
+
+public interface IConfirmationService
+{
+    Task<ConfirmationServiceReturn> ConfirmUserAsync(string confirmationToken);
+    Task ResendConfirmationEmailAsync(Guid userId);
+
+}
--- a/web/backend/Service/Service.Auth/ILoginService.cs
+++ b/web/backend/Service/Service.Auth/ILoginService.cs
@@ -0,0 +1,13 @@
+using Domain.Entities;
+
+namespace Service.Auth;
+
+public record LoginServiceReturn(
+    UserAccount UserAccount,
+    string RefreshToken,
+    string AccessToken
+);
+public interface ILoginService
+{
+    Task<LoginServiceReturn> LoginAsync(string username, string password);
+}
--- a/web/backend/Service/Service.Auth/IRegisterService.cs
+++ b/web/backend/Service/Service.Auth/IRegisterService.cs
@@ -0,0 +1,39 @@
+using Domain.Entities;
+
+namespace Service.Auth;
+
+public record RegisterServiceReturn
+{
+    public bool IsAuthenticated { get; init; } = false;
+    public bool EmailSent { get; init; } = false;
+    public UserAccount UserAccount { get; init; }
+    public string AccessToken { get; init; } = string.Empty;
+    public string RefreshToken { get; init; } = string.Empty;
+
+    public RegisterServiceReturn(
+        UserAccount userAccount,
+        string accessToken,
+        string refreshToken,
+        bool emailSent
+    )
+    {
+        IsAuthenticated = true;
+        EmailSent = emailSent;
+        UserAccount = userAccount;
+        AccessToken = accessToken;
+        RefreshToken = refreshToken;
+    }
+
+    public RegisterServiceReturn(UserAccount userAccount)
+    {
+        UserAccount = userAccount;
+    }
+}
+
+public interface IRegisterService
+{
+    Task<RegisterServiceReturn> RegisterAsync(
+        UserAccount userAccount,
+        string password
+    );
+}
--- a/web/backend/Service/Service.Auth/ITokenService.cs
+++ b/web/backend/Service/Service.Auth/ITokenService.cs
@@ -0,0 +1,156 @@
+using System.Security.Claims;
+using System.IdentityModel.Tokens.Jwt;
+using Domain.Entities;
+using Domain.Exceptions;
+using Infrastructure.Jwt;
+using Infrastructure.Repository.Auth;
+
+namespace Service.Auth;
+
+public enum TokenType
+{
+    AccessToken,
+    RefreshToken,
+    ConfirmationToken,
+}
+
+public record ValidatedToken(Guid UserId, string Username, ClaimsPrincipal Principal);
+
+public record RefreshTokenResult(
+    UserAccount UserAccount,
+    string RefreshToken,
+    string AccessToken
+);
+
+public static class TokenServiceExpirationHours
+{
+    public const double AccessTokenHours = 1;
+    public const double RefreshTokenHours = 504; // 21 days
+    public const double ConfirmationTokenHours = 0.5; // 30 minutes
+}
+
+public interface ITokenService
+{
+    string GenerateAccessToken(UserAccount user);
+    string GenerateRefreshToken(UserAccount user);
+    string GenerateConfirmationToken(UserAccount user);
+    string GenerateToken<T>(UserAccount user) where T : struct, Enum;
+    Task<ValidatedToken> ValidateAccessTokenAsync(string token);
+    Task<ValidatedToken> ValidateRefreshTokenAsync(string token);
+    Task<ValidatedToken> ValidateConfirmationTokenAsync(string token);
+    Task<RefreshTokenResult> RefreshTokenAsync(string refreshTokenString);
+}
+
+public class TokenService : ITokenService
+{
+    private readonly ITokenInfrastructure _tokenInfrastructure;
+    private readonly IAuthRepository _authRepository;
+
+    private readonly string _accessTokenSecret;
+    private readonly string _refreshTokenSecret;
+    private readonly string _confirmationTokenSecret;
+
+    public TokenService(
+        ITokenInfrastructure tokenInfrastructure,
+        IAuthRepository authRepository
+    )
+    {
+        _tokenInfrastructure = tokenInfrastructure;
+        _authRepository = authRepository;
+
+        _accessTokenSecret = Environment.GetEnvironmentVariable("ACCESS_TOKEN_SECRET")
+            ?? throw new InvalidOperationException("ACCESS_TOKEN_SECRET environment variable is not set");
+
+        _refreshTokenSecret = Environment.GetEnvironmentVariable("REFRESH_TOKEN_SECRET")
+            ?? throw new InvalidOperationException("REFRESH_TOKEN_SECRET environment variable is not set");
+
+        _confirmationTokenSecret = Environment.GetEnvironmentVariable("CONFIRMATION_TOKEN_SECRET")
+            ?? throw new InvalidOperationException("CONFIRMATION_TOKEN_SECRET environment variable is not set");
+    }
+
+    public string GenerateAccessToken(UserAccount user)
+    {
+        var expiresAt = DateTime.UtcNow.AddHours(TokenServiceExpirationHours.AccessTokenHours);
+        return _tokenInfrastructure.GenerateJwt(user.UserAccountId, user.Username, expiresAt, _accessTokenSecret);
+    }
+
+    public string GenerateRefreshToken(UserAccount user)
+    {
+        var expiresAt = DateTime.UtcNow.AddHours(TokenServiceExpirationHours.RefreshTokenHours);
+        return _tokenInfrastructure.GenerateJwt(user.UserAccountId, user.Username, expiresAt, _refreshTokenSecret);
+    }
+
+    public string GenerateConfirmationToken(UserAccount user)
+    {
+        var expiresAt = DateTime.UtcNow.AddHours(TokenServiceExpirationHours.ConfirmationTokenHours);
+        return _tokenInfrastructure.GenerateJwt(user.UserAccountId, user.Username, expiresAt, _confirmationTokenSecret);
+    }
+
+    public string GenerateToken<T>(UserAccount user) where T : struct, Enum
+    {
+        if (typeof(T) != typeof(TokenType))
+            throw new InvalidOperationException("Invalid token type");
+
+        var tokenTypeName = typeof(T).Name;
+        if (!Enum.TryParse(typeof(TokenType), tokenTypeName, out var parsed))
+            throw new InvalidOperationException("Invalid token type");
+
+        var tokenType = (TokenType)parsed;
+        return tokenType switch
+        {
+            TokenType.AccessToken => GenerateAccessToken(user),
+            TokenType.RefreshToken => GenerateRefreshToken(user),
+            TokenType.ConfirmationToken => GenerateConfirmationToken(user),
+            _ => throw new InvalidOperationException("Invalid token type"),
+        };
+    }
+
+    public async Task<ValidatedToken> ValidateAccessTokenAsync(string token)
+        => await ValidateTokenInternalAsync(token, _accessTokenSecret, "access");
+
+    public async Task<ValidatedToken> ValidateRefreshTokenAsync(string token)
+        => await ValidateTokenInternalAsync(token, _refreshTokenSecret, "refresh");
+
+    public async Task<ValidatedToken> ValidateConfirmationTokenAsync(string token)
+        => await ValidateTokenInternalAsync(token, _confirmationTokenSecret, "confirmation");
+
+    private async Task<ValidatedToken> ValidateTokenInternalAsync(string token, string secret, string tokenType)
+    {
+        try
+        {
+            var principal = await _tokenInfrastructure.ValidateJwtAsync(token, secret);
+
+            var userIdClaim = principal.FindFirst(JwtRegisteredClaimNames.Sub)?.Value;
+            var usernameClaim = principal.FindFirst(JwtRegisteredClaimNames.UniqueName)?.Value;
+
+            if (string.IsNullOrEmpty(userIdClaim) || string.IsNullOrEmpty(usernameClaim))
+                throw new UnauthorizedException($"Invalid {tokenType} token: missing required claims");
+
+            if (!Guid.TryParse(userIdClaim, out var userId))
+                throw new UnauthorizedException($"Invalid {tokenType} token: malformed user ID");
+
+            return new ValidatedToken(userId, usernameClaim, principal);
+        }
+        catch (UnauthorizedException)
+        {
+            throw;
+        }
+        catch (Exception e)
+        {
+            throw new UnauthorizedException($"Failed to validate {tokenType} token: {e.Message}");
+        }
+    }
+
+    public async Task<RefreshTokenResult> RefreshTokenAsync(string refreshTokenString)
+    {
+        var validated = await ValidateRefreshTokenAsync(refreshTokenString);
+        var user = await _authRepository.GetUserByIdAsync(validated.UserId);
+        if (user == null)
+            throw new UnauthorizedException("User account not found");
+
+        var newAccess = GenerateAccessToken(user);
+        var newRefresh = GenerateRefreshToken(user);
+
+        return new RefreshTokenResult(user, newRefresh, newAccess);
+    }
+}
--- a/web/backend/Service/Service.Auth/LoginService.cs
+++ b/web/backend/Service/Service.Auth/LoginService.cs
@@ -0,0 +1,41 @@
+using Domain.Entities;
+using Domain.Exceptions;
+using Infrastructure.PasswordHashing;
+using Infrastructure.Repository.Auth;
+
+namespace Service.Auth;
+
+
+public class LoginService(
+    IAuthRepository authRepo,
+    IPasswordInfrastructure passwordInfrastructure,
+    ITokenService tokenService
+) : ILoginService
+{
+    public async Task<LoginServiceReturn> LoginAsync(
+        string username,
+        string password
+    )
+    {
+        // Attempt lookup by username
+        // the user was not found
+        var user =
+            await authRepo.GetUserByUsernameAsync(username)
+            ?? throw new UnauthorizedException("Invalid username or password.");
+
+        // @todo handle expired passwords
+        var activeCred =
+            await authRepo.GetActiveCredentialByUserAccountIdAsync(
+                user.UserAccountId
+            )
+            ?? throw new UnauthorizedException("Invalid username or password.");
+
+        if (!passwordInfrastructure.Verify(password, activeCred.Hash))
+            throw new UnauthorizedException("Invalid username or password.");
+
+        string accessToken = tokenService.GenerateAccessToken(user);
+        string refreshToken = tokenService.GenerateRefreshToken(user);
+
+        return new LoginServiceReturn(user, refreshToken, accessToken);
+    }
+}
--- a/web/backend/Service/Service.Auth/RegisterService.cs
+++ b/web/backend/Service/Service.Auth/RegisterService.cs
@@ -0,0 +1,90 @@
+using Domain.Entities;
+using Domain.Exceptions;
+using Infrastructure.Email;
+using Infrastructure.Email.Templates.Rendering;
+using Infrastructure.PasswordHashing;
+using Infrastructure.Repository.Auth;
+using Microsoft.Extensions.Logging;
+using Service.Emails;
+
+namespace Service.Auth;
+
+public class RegisterService(
+    IAuthRepository authRepo,
+    IPasswordInfrastructure passwordInfrastructure,
+    ITokenService tokenService,
+    IEmailService emailService
+) : IRegisterService
+{
+    private async Task ValidateUserDoesNotExist(UserAccount userAccount)
+    {
+        // Check if user already exists
+        var existingUsername = await authRepo.GetUserByUsernameAsync(
+            userAccount.Username
+        );
+        var existingEmail = await authRepo.GetUserByEmailAsync(
+            userAccount.Email
+        );
+
+        if (existingUsername != null || existingEmail != null)
+        {
+            throw new ConflictException("Username or email already exists");
+        }
+    }
+
+    public async Task<RegisterServiceReturn> RegisterAsync(
+        UserAccount userAccount,
+        string password
+    )
+    {
+        await ValidateUserDoesNotExist(userAccount);
+        // password hashing
+        var hashed = passwordInfrastructure.Hash(password);
+
+        // Register user with hashed password and get the created user with generated ID
+        var createdUser = await authRepo.RegisterUserAsync(
+            userAccount.Username,
+            userAccount.FirstName,
+            userAccount.LastName,
+            userAccount.Email,
+            userAccount.DateOfBirth,
+            hashed
+        );
+
+        var accessToken = tokenService.GenerateAccessToken(createdUser);
+        var refreshToken = tokenService.GenerateRefreshToken(createdUser);
+        var confirmationToken = tokenService.GenerateConfirmationToken(createdUser);
+
+        if (
+            string.IsNullOrEmpty(accessToken)
+            || string.IsNullOrEmpty(refreshToken)
+        )
+        {
+            return new RegisterServiceReturn(createdUser);
+        }
+
+        bool emailSent = false;
+        try
+        {
+            // send confirmation email
+            await emailService.SendRegistrationEmailAsync(
+                createdUser, confirmationToken
+            );
+
+            emailSent = true;
+        }
+        catch (Exception ex)
+        {
+            await Console.Error.WriteLineAsync(ex.Message);
+            Console.WriteLine("Could not send email.");
+            // ignored
+        }
+
+        return new RegisterServiceReturn(
+            createdUser,
+            accessToken,
+            refreshToken,
+            emailSent
+        );
+    }
+}
--- a/web/backend/Service/Service.Auth/Service.Auth.csproj
+++ b/web/backend/Service/Service.Auth/Service.Auth.csproj
@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Domain\Domain.Entities\Domain.Entities.csproj" />
+    <ProjectReference Include="..\..\Domain\Domain.Exceptions\Domain.Exceptions.csproj" />
+    <ProjectReference
+      Include="..\..\Infrastructure\Infrastructure.Email\Infrastructure.Email.csproj" />
+    <ProjectReference
+      Include="..\..\Infrastructure\Infrastructure.Email.Templates\Infrastructure.Email.Templates.csproj" />
+    <ProjectReference Include="..\..\Infrastructure\Infrastructure.Jwt\Infrastructure.Jwt.csproj" />
+    <ProjectReference
+      Include="..\..\Infrastructure\Infrastructure.Repository\Infrastructure.Repository.csproj" />
+    <ProjectReference
+      Include="..\..\Infrastructure\Infrastructure.PasswordHashing\Infrastructure.PasswordHashing.csproj" />
+    <ProjectReference Include="..\Service.Emails\Service.Emails.csproj" />
+  </ItemGroup>
+</Project>