2024-02-20 20:39:52 +00:00
|
|
|
using System.Net;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
2024-02-24 15:00:36 +00:00
|
|
|
using OliverBooth.Data.Web;
|
2024-02-20 20:39:52 +00:00
|
|
|
using OliverBooth.Services;
|
2024-02-24 15:27:03 +00:00
|
|
|
using ISession = OliverBooth.Data.Web.ISession;
|
2024-02-20 20:39:52 +00:00
|
|
|
|
2024-02-24 15:00:36 +00:00
|
|
|
namespace OliverBooth.Controllers;
|
2024-02-20 20:39:52 +00:00
|
|
|
|
|
|
|
|
[Controller]
|
|
|
|
|
[Route("auth/admin")]
|
|
|
|
|
public sealed class AdminController : ControllerBase
|
|
|
|
|
{
|
|
|
|
|
private readonly ILogger<AdminController> _logger;
|
2024-02-24 15:00:36 +00:00
|
|
|
private readonly IUserService _userService;
|
2024-02-20 20:39:52 +00:00
|
|
|
private readonly ISessionService _sessionService;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Initializes a new instance of the <see cref="AdminController" /> class.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="logger">The logger.</param>
|
|
|
|
|
/// <param name="userService">The user service.</param>
|
|
|
|
|
/// <param name="sessionService">The session service.</param>
|
|
|
|
|
public AdminController(ILogger<AdminController> logger,
|
2024-02-24 15:00:36 +00:00
|
|
|
IUserService userService,
|
2024-02-20 20:39:52 +00:00
|
|
|
ISessionService sessionService)
|
|
|
|
|
{
|
|
|
|
|
_logger = logger;
|
|
|
|
|
_userService = userService;
|
|
|
|
|
_sessionService = sessionService;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpPost("login")]
|
|
|
|
|
public IActionResult Login()
|
|
|
|
|
{
|
|
|
|
|
string? loginEmail = Request.Form["login-email"];
|
|
|
|
|
string? loginPassword = Request.Form["login-password"];
|
|
|
|
|
IPAddress? remoteIpAddress = Request.HttpContext.Connection.RemoteIpAddress;
|
|
|
|
|
|
|
|
|
|
if (string.IsNullOrWhiteSpace(loginEmail))
|
|
|
|
|
{
|
|
|
|
|
_logger.LogInformation("Login attempt from {Host} with empty login", remoteIpAddress);
|
2024-02-24 15:00:36 +00:00
|
|
|
return RedirectToPage("/admin/login");
|
2024-02-20 20:39:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (string.IsNullOrWhiteSpace(loginPassword))
|
|
|
|
|
{
|
|
|
|
|
_logger.LogInformation("Login attempt as '{Email}' from {Host} with empty password", loginEmail,
|
|
|
|
|
remoteIpAddress);
|
2024-02-24 15:00:36 +00:00
|
|
|
return RedirectToPage("/admin/login");
|
2024-02-20 20:39:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (_userService.VerifyLogin(loginEmail, loginPassword, out IUser? user))
|
|
|
|
|
{
|
|
|
|
|
_logger.LogInformation("Login attempt for '{Email}' succeeded from {Host}", loginEmail, remoteIpAddress);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
_logger.LogInformation("Login attempt for '{Email}' failed from {Host}", loginEmail, remoteIpAddress);
|
2024-02-24 15:00:36 +00:00
|
|
|
return RedirectToPage("/admin/login");
|
2024-02-20 20:39:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ISession session = _sessionService.CreateSession(Request, user);
|
2024-02-24 15:37:39 +00:00
|
|
|
_sessionService.SaveSessionCookie(Response, session);
|
2024-02-24 15:00:36 +00:00
|
|
|
return RedirectToPage("/admin/index");
|
2024-02-20 20:39:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpGet("logout")]
|
|
|
|
|
public IActionResult Logout()
|
|
|
|
|
{
|
2024-02-24 15:04:03 +00:00
|
|
|
if (_sessionService.TryGetSession(Request, out ISession? session))
|
2024-02-25 14:19:07 +00:00
|
|
|
{
|
2024-02-20 20:39:52 +00:00
|
|
|
_sessionService.DeleteSession(session);
|
2024-02-25 14:19:07 +00:00
|
|
|
}
|
2024-02-20 20:39:52 +00:00
|
|
|
|
2024-02-25 14:19:26 +00:00
|
|
|
_sessionService.DeleteSessionCookie(Response);
|
|
|
|
|
|
|
|
|
|
if (Request.Headers.Referer is var referer && !string.IsNullOrWhiteSpace(referer.ToString()))
|
|
|
|
|
{
|
|
|
|
|
return Redirect(referer!);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return RedirectToPage("/admin/login");
|
2024-02-20 20:39:52 +00:00
|
|
|
}
|
|
|
|
|
}
|
