using API.Core.Contracts.Auth; using Shared.Contracts; using Domain.Entities; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Service.Auth; namespace API.Core.Controllers { /// /// Handles user authentication concerns: registration, login, email confirmation, and token refresh. /// /// /// The controller is decorated with [Authorize(AuthenticationSchemes = "JWT")] by default, but most /// actions opt out via [AllowAnonymous] since they are entry points used before a caller holds a token. /// /// Service used to register new user accounts. /// Service used to authenticate existing user accounts. /// Service used to confirm user accounts and resend confirmation emails. /// Service used to refresh JWT access/refresh token pairs. [ApiController] [Route("api/[controller]")] [Authorize(AuthenticationSchemes = "JWT")] public class AuthController( IRegisterService registerService, ILoginService loginService, IConfirmationService confirmationService, ITokenService tokenService ) : ControllerBase { /// /// Registers a new user account. /// /// /// Allows anonymous access. On success, responds with 201 Created containing the new user's ID, /// username, issued refresh/access tokens, and whether a confirmation email was sent. /// /// The registration details, including username, name, email, date of birth, and password. /// A 201 Created result wrapping a of . [AllowAnonymous] [HttpPost("register")] public async Task> Register( [FromBody] RegisterRequest req ) { var rtn = await registerService.RegisterAsync( new UserAccount { UserAccountId = Guid.Empty, Username = req.Username, FirstName = req.FirstName, LastName = req.LastName, Email = req.Email, DateOfBirth = req.DateOfBirth, }, req.Password ); var response = new ResponseBody { Message = "User registered successfully.", Payload = new RegistrationPayload( rtn.UserAccount.UserAccountId, rtn.UserAccount.Username, rtn.RefreshToken, rtn.AccessToken, rtn.EmailSent ), }; return Created("/", response); } /// /// Authenticates a user with a username and password. /// /// /// Allows anonymous access. On success, responds with 200 OK containing the user's ID, /// username, and a newly issued refresh/access token pair. /// /// The login credentials (username and password). /// An 200 OK result wrapping a of . [AllowAnonymous] [HttpPost("login")] public async Task Login([FromBody] LoginRequest req) { var rtn = await loginService.LoginAsync(req.Username, req.Password); return Ok( new ResponseBody { Message = "Logged in successfully.", Payload = new LoginPayload( rtn.UserAccount.UserAccountId, rtn.UserAccount.Username, rtn.RefreshToken, rtn.AccessToken ), } ); } /// /// Confirms a user account using a confirmation token. /// /// /// Requires JWT authentication. On success, responds with 200 OK containing the confirmed /// user's ID and the confirmation timestamp. /// /// The confirmation token supplied via the confirmation email link. /// A 200 OK result wrapping a of . [HttpPost("confirm")] public async Task Confirm([FromQuery] string token) { var rtn = await confirmationService.ConfirmUserAsync(token); return Ok( new ResponseBody { Message = "User with ID " + rtn.UserId + " is confirmed.", Payload = new ConfirmationPayload( rtn.UserId, rtn.ConfirmedAt ), } ); } /// /// Resends the account confirmation email for the specified user. /// /// /// Requires JWT authentication. On success, responds with 200 OK. /// /// The unique identifier of the user account to resend the confirmation email for. /// A 200 OK result wrapping a confirming the email was resent. [HttpPost("confirm/resend")] public async Task ResendConfirmation([FromQuery] Guid userId) { await confirmationService.ResendConfirmationEmailAsync(userId); return Ok(new ResponseBody { Message = "confirmation email has been resent" }); } /// /// Exchanges a valid refresh token for a new access/refresh token pair. /// /// /// Allows anonymous access. On success, responds with 200 OK containing the user's ID, /// username, and the newly issued refresh/access token pair. /// /// The request containing the refresh token to exchange. /// A 200 OK result wrapping a of . [AllowAnonymous] [HttpPost("refresh")] public async Task Refresh( [FromBody] RefreshTokenRequest req ) { var rtn = await tokenService.RefreshTokenAsync(req.RefreshToken); return Ok( new ResponseBody { Message = "Token refreshed successfully.", Payload = new LoginPayload( rtn.UserAccount.UserAccountId, rtn.UserAccount.Username, rtn.RefreshToken, rtn.AccessToken ), } ); } } }