using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using HackerNet.Api.Models; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.Tokens; namespace HackerNet.Api.Controllers; [ApiController] [Route("/api/accounts")] public class AccountsController : ControllerBase { private readonly UserManager _userManager; private readonly SignInManager _signInManager; private readonly IUserClaimsPrincipalFactory _claimsFactory; private readonly TokenValidation _tokenValidation; public AccountsController(UserManager userManager, SignInManager signInManager, IUserClaimsPrincipalFactory claimsFactory, TokenValidation tokenValidation) { _userManager = userManager; _signInManager = signInManager; _claimsFactory = claimsFactory; _tokenValidation = tokenValidation; } [HttpGet("me")] public ActionResult Me() { return User.Identity.Name; } [HttpPost] public async Task Signup(SignupLoginViewModel cmd) { var user = new IdentityUser(cmd.Username); var result = await _userManager.CreateAsync(user, cmd.Password); if (!result.Succeeded) { return BadRequest(); } return CreatedAtAction(nameof(Me), null); } [HttpPost("token")] public async Task> Signin(SignupLoginViewModel cmd) { var user = await _userManager.FindByNameAsync(cmd.Username); if (user == null) { return BadRequest(); } var result = await _signInManager.CheckPasswordSignInAsync(user, cmd.Password, false); if (!result.Succeeded) { return BadRequest(); } var principal = await _claimsFactory.CreateAsync(user); var tokenDescriptor = new SecurityTokenDescriptor { Subject = (ClaimsIdentity)principal.Identity, Expires = DateTime.UtcNow.AddDays(7), Issuer = _tokenValidation.Issuer, Audience = _tokenValidation.Audience, SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_tokenValidation.Key)) , SecurityAlgorithms.HmacSha256Signature) }; return new JwtSecurityTokenHandler().CreateEncodedJwt(tokenDescriptor); } }