using Features.Auth.Commands.ConfirmUser; using Features.Auth.Commands.RefreshToken; using Features.Auth.Commands.RegisterUser; using Features.Auth.Commands.ResendConfirmationEmail; using Features.Auth.Dtos; using Features.Auth.Queries.Login; using MediatR; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Shared.Contracts; namespace Features.Auth.Controllers; /// /// Handles user authentication concerns: registration, login, email confirmation, and token refresh. /// /// /// The controller is decorated with [Authorize(AuthenticationSchemes = "JWT")] by default, but most /// actions opt out via [AllowAnonymous] since they are entry points used before a caller holds a token. /// /// Used to dispatch auth commands and queries to their handlers. [ApiController] [Route("api/[controller]")] [Authorize(AuthenticationSchemes = "JWT")] public class AuthController(IMediator mediator) : ControllerBase { /// /// Registers a new user account. /// /// /// Allows anonymous access. On success, responds with 201 Created containing the new user's ID, /// username, issued refresh/access tokens, and whether a confirmation email was sent. /// /// The registration details, including username, name, email, date of birth, and password. /// A 201 Created result wrapping a of . [AllowAnonymous] [HttpPost("register")] public async Task>> Register( [FromBody] RegisterUserCommand command ) { RegistrationPayload payload = await mediator.Send(command); return Created("/", new ResponseBody { Message = "User registered successfully.", Payload = payload }); } /// /// Authenticates a user with a username and password. /// /// /// Allows anonymous access. On success, responds with 200 OK containing the user's ID, /// username, and a newly issued refresh/access token pair. /// /// The login credentials (username and password). /// An 200 OK result wrapping a of . [AllowAnonymous] [HttpPost("login")] public async Task>> Login([FromBody] LoginQuery query) { LoginPayload payload = await mediator.Send(query); return Ok(new ResponseBody { Message = "Logged in successfully.", Payload = payload }); } /// /// Confirms a user account using a confirmation token. /// /// /// Requires JWT authentication. On success, responds with 200 OK containing the confirmed /// user's ID and the confirmation timestamp. /// /// The confirmation token supplied via the confirmation email link. /// A 200 OK result wrapping a of . [HttpPost("confirm")] public async Task>> Confirm([FromQuery] string token) { ConfirmationPayload payload = await mediator.Send(new ConfirmUserCommand(token)); return Ok(new ResponseBody { Message = "User with ID " + payload.UserAccountId + " is confirmed.", Payload = payload }); } /// /// Resends the account confirmation email for the specified user. /// /// /// Requires JWT authentication. On success, responds with 200 OK. /// /// The unique identifier of the user account to resend the confirmation email for. /// A 200 OK result wrapping a confirming the email was resent. [HttpPost("confirm/resend")] public async Task> ResendConfirmation([FromQuery] Guid userId) { await mediator.Send(new ResendConfirmationEmailCommand(userId)); return Ok(new ResponseBody { Message = "confirmation email has been resent" }); } /// /// Exchanges a valid refresh token for a new access/refresh token pair. /// /// /// Allows anonymous access. On success, responds with 200 OK containing the user's ID, /// username, and the newly issued refresh/access token pair. /// /// The request containing the refresh token to exchange. /// A 200 OK result wrapping a of . [AllowAnonymous] [HttpPost("refresh")] public async Task>> Refresh( [FromBody] RefreshTokenCommand command ) { LoginPayload payload = await mediator.Send(command); return Ok(new ResponseBody { Message = "Token refreshed successfully.", Payload = payload }); } }