Switch to signed cookie auth and stop leaking player IDs

Endpoints/AuthEndpoints.cs

@@ -3,7 +3,6 @@ using GameList.Data;
 using GameList.Domain;
 using GameList.Infrastructure;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Http;
 using Microsoft.EntityFrameworkCore;
 
 namespace GameList.Endpoints;
@@ -59,7 +58,7 @@ public static class AuthEndpoints
             db.Players.Add(player);
             await db.SaveChangesAsync();
 
-            PlayerIdentityExtensions.IssuePlayerCookie(ctx, player.Id, player.Username);
+            await PlayerIdentityExtensions.SignInPlayerAsync(ctx, player);
 
             return Results.Ok(new { player.Id, player.Username, player.DisplayName, player.IsAdmin });
         });
@@ -84,14 +83,14 @@ public static class AuthEndpoints
             player.LastLoginAt = DateTimeOffset.UtcNow;
             await db.SaveChangesAsync();
 
-            PlayerIdentityExtensions.IssuePlayerCookie(ctx, player.Id, player.Username);
+            await PlayerIdentityExtensions.SignInPlayerAsync(ctx, player);
 
             return Results.Ok(new { player.Id, player.Username, player.DisplayName, player.IsAdmin });
         });
 
-        group.MapPost("/logout", (HttpContext ctx) =>
+        group.MapPost("/logout", async (HttpContext ctx) =>
         {
-            PlayerIdentityExtensions.ClearPlayerCookie(ctx);
+            await PlayerIdentityExtensions.SignOutPlayerAsync(ctx);
             return Results.NoContent();
         });
     }