oliverbooth.dev/OliverBooth/Controllers/AdminController.cs

76 lines
2.6 KiB
C#

using System.Net;
using Microsoft.AspNetCore.Mvc;
using OliverBooth.Data.Web;
using OliverBooth.Services;
using ISession = OliverBooth.Data.Web.ISession;
namespace OliverBooth.Controllers;
[Controller]
[Route("auth/admin")]
public sealed class AdminController : ControllerBase
{
private readonly ILogger<AdminController> _logger;
private readonly IUserService _userService;
private readonly ISessionService _sessionService;
/// <summary>
/// Initializes a new instance of the <see cref="AdminController" /> class.
/// </summary>
/// <param name="logger">The logger.</param>
/// <param name="userService">The user service.</param>
/// <param name="sessionService">The session service.</param>
public AdminController(ILogger<AdminController> logger,
IUserService userService,
ISessionService sessionService)
{
_logger = logger;
_userService = userService;
_sessionService = sessionService;
}
[HttpPost("login")]
public IActionResult Login()
{
string? loginEmail = Request.Form["login-email"];
string? loginPassword = Request.Form["login-password"];
IPAddress? remoteIpAddress = Request.HttpContext.Connection.RemoteIpAddress;
if (string.IsNullOrWhiteSpace(loginEmail))
{
_logger.LogInformation("Login attempt from {Host} with empty login", remoteIpAddress);
return RedirectToPage("/admin/login");
}
if (string.IsNullOrWhiteSpace(loginPassword))
{
_logger.LogInformation("Login attempt as '{Email}' from {Host} with empty password", loginEmail,
remoteIpAddress);
return RedirectToPage("/admin/login");
}
if (_userService.VerifyLogin(loginEmail, loginPassword, out IUser? user))
{
_logger.LogInformation("Login attempt for '{Email}' succeeded from {Host}", loginEmail, remoteIpAddress);
}
else
{
_logger.LogInformation("Login attempt for '{Email}' failed from {Host}", loginEmail, remoteIpAddress);
return RedirectToPage("/admin/login");
}
ISession session = _sessionService.CreateSession(Request, user);
_sessionService.SaveSessionCookie(Response, session);
return RedirectToPage("/admin/index");
}
[HttpGet("logout")]
public IActionResult Logout()
{
if (_sessionService.TryGetSession(Request, out ISession? session))
_sessionService.DeleteSession(session);
return _sessionService.DeleteSessionCookie(Response);
}
}