soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90ac0b81d1a2bfffe666d72e61c3dcf2fda017a5
flatrender/services/identity/FlatRender.IdentitySvc/Controllers/AuthController.cs
T
soroush.asadi 90ac0b81d1 feat: V2 microservices stack — backend services, gateway, JWT auth 
Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.

Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.

Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).

Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-29 23:29:31 +03:30

177 lines
6.2 KiB
C#
Raw Blame History

using FlatRender.IdentitySvc.Application.Services;
using FlatRender.IdentitySvc.Application.Services.Interfaces;
using FlatRender.IdentitySvc.Models.Requests;
using FlatRender.IdentitySvc.Models.Responses;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace FlatRender.IdentitySvc.Controllers;
[ApiController]
[Route("v1/auth")]
public class AuthController(IAuthService authService) : ControllerBase
{
[HttpPost("register")]
[AllowAnonymous]
[ProducesResponseType(typeof(RegisterResponse), 201)]
public async Task<IActionResult> Register([FromBody] RegisterRequest request)
{
var result = await authService.RegisterAsync(request, GetClientIp());
return StatusCode(201, result);
}
[HttpPost("login")]
[AllowAnonymous]
[ProducesResponseType(typeof(AuthTokensResponse), 200)]
[ProducesResponseType(401)]
[ProducesResponseType(403)]
public async Task<IActionResult> Login([FromBody] LoginRequest request)
{
try
{
var result = await authService.LoginAsync(request, GetClientIp());
return Ok(result);
}
catch (MfaRequiredException mfaEx)
{
return StatusCode(403, new { mfa_required = true, mfa_token = mfaEx.MfaToken });
}
}
[HttpPost("refresh")]
[AllowAnonymous]
[ProducesResponseType(typeof(AuthTokensResponse), 200)]
public async Task<IActionResult> Refresh([FromBody] RefreshTokenRequest request)
{
var result = await authService.RefreshAsync(request.RefreshToken);
return Ok(result);
}
[HttpPost("logout")]
[Authorize]
[ProducesResponseType(204)]
public async Task<IActionResult> Logout()
{
await authService.LogoutAsync(GetSessionId(), GetUserId());
return NoContent();
}
[HttpGet("sessions")]
[Authorize]
[ProducesResponseType(typeof(object), 200)]
public async Task<IActionResult> GetSessions()
{
var sessions = await authService.GetSessionsAsync(GetUserId());
return Ok(new { sessions });
}
[HttpDelete("sessions/{sessionId:guid}")]
[Authorize]
[ProducesResponseType(204)]
public async Task<IActionResult> RevokeSession(Guid sessionId)
{
await authService.RevokeSessionAsync(sessionId, GetUserId());
return NoContent();
}
[HttpPost("verify/email")]
[AllowAnonymous]
public async Task<IActionResult> VerifyEmail([FromBody] VerifyOtpRequest request)
{
var ok = await authService.VerifyEmailAsync(request.Token, request.Code);
return ok ? Ok() : BadRequest(new { error = "Invalid code" });
}
[HttpPost("verify/phone")]
[AllowAnonymous]
public async Task<IActionResult> VerifyPhone([FromBody] VerifyOtpRequest request)
{
var ok = await authService.VerifyPhoneAsync(request.Token, request.Code);
return ok ? Ok() : BadRequest(new { error = "Invalid code" });
}
[HttpPost("password/reset/request")]
[AllowAnonymous]
[ProducesResponseType(202)]
public async Task<IActionResult> PasswordResetRequest([FromBody] PasswordResetRequestDto request)
{
await authService.RequestPasswordResetAsync(request.TenantSlug, request.Email, request.PhoneNumber);
return Accepted();
}
[HttpPost("password/reset/confirm")]
[AllowAnonymous]
public async Task<IActionResult> PasswordResetConfirm([FromBody] PasswordResetConfirmRequest request)
{
await authService.ConfirmPasswordResetAsync(request.Token, request.NewPassword);
return Ok();
}
[HttpPost("password/change")]
[Authorize]
[ProducesResponseType(204)]
public async Task<IActionResult> PasswordChange([FromBody] PasswordChangeRequest request)
{
await authService.ChangePasswordAsync(GetUserId(), request.CurrentPassword, request.NewPassword);
return NoContent();
}
[HttpPost("mfa/setup")]
[Authorize]
[ProducesResponseType(typeof(MfaSetupResponse), 200)]
public async Task<IActionResult> MfaSetup([FromBody] MfaSetupRequest request)
{
var result = await authService.SetupMfaAsync(GetUserId(), request.FactorType, request.Label);
return Ok(result);
}
[HttpPost("mfa/verify")]
[Authorize]
public async Task<IActionResult> MfaVerify([FromBody] MfaVerifyRequest request)
{
var ok = await authService.VerifyMfaAsync(GetUserId(), request.FactorId, request.Code);
return ok ? Ok() : BadRequest(new { error = "Invalid code" });
}
[HttpPost("mfa/challenge")]
[AllowAnonymous]
[ProducesResponseType(typeof(AuthTokensResponse), 200)]
public async Task<IActionResult> MfaChallenge([FromBody] MfaChallengeRequest request)
{
var result = await authService.ChallengeMfaAsync(request.MfaToken, request.Code);
return Ok(result);
}
[HttpPost("push/subscribe")]
[Authorize]
[ProducesResponseType(201)]
public async Task<IActionResult> PushSubscribe([FromBody] PushSubscribeRequest request)
{
await authService.SubscribePushAsync(
GetUserId(), GetTenantId(),
request.Endpoint, request.Keys.P256dh, request.Keys.Auth, request.UserAgent);
return StatusCode(201);
}
[HttpPost("push/unsubscribe")]
[Authorize]
[ProducesResponseType(204)]
public async Task<IActionResult> PushUnsubscribe([FromBody] PushUnsubscribeRequest request)
{
await authService.UnsubscribePushAsync(GetUserId(), request.Endpoint);
return NoContent();
}
// ── Helpers ───────────────────────────────────────────────────────────
private Guid GetUserId() => Guid.Parse(User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value
?? User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException());
private Guid GetTenantId() => Guid.Parse(User.FindFirst("tenant_id")?.Value
?? throw new UnauthorizedAccessException());
private Guid GetSessionId() => Guid.Parse(User.FindFirst("jti")?.Value ?? Guid.Empty.ToString());
private string? GetClientIp() => HttpContext.Connection.RemoteIpAddress?.ToString();
}
Reference in New Issue View Git Blame Copy Permalink