Add username/password auth and login UI

2026-01-29 01:01:13 +01:00
parent ca25d4f0ee
commit f1534b7631
21 changed files with 690 additions and 50 deletions
--- a/Endpoints/AuthEndpoints.cs
+++ b/Endpoints/AuthEndpoints.cs
@@ -0,0 +1,79 @@
+using GameList.Contracts;
+using GameList.Data;
+using GameList.Domain;
+using GameList.Infrastructure;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Http;
+using Microsoft.EntityFrameworkCore;
+
+namespace GameList.Endpoints;
+
+public static class AuthEndpoints
+{
+    public static void MapAuthEndpoints(this IEndpointRouteBuilder app)
+    {
+        var group = app.MapGroup("/api/auth");
+
+        group.MapPost("/register", async ([FromBody] RegisterRequest request, HttpContext ctx, AppDbContext db) =>
+        {
+            var username = request.Username?.Trim();
+            if (string.IsNullOrWhiteSpace(username) || username.Length > 64)
+                return Results.BadRequest(new { error = "Username is required and must be <= 64 characters." });
+
+            if (string.IsNullOrWhiteSpace(request.Password))
+                return Results.BadRequest(new { error = "Password is required." });
+
+            var displayName = EndpointHelpers.TrimTo(request.DisplayName, 64);
+            var normalized = username.ToLowerInvariant();
+
+            var exists = await db.Players.AnyAsync(p => p.NormalizedUsername == normalized);
+            if (exists)
+                return Results.Conflict(new { error = "Username already taken." });
+
+            var (hash, salt) = PasswordHasher.HashPassword(request.Password);
+            var player = new Player
+            {
+                Id = Guid.NewGuid(),
+                Username = username,
+                NormalizedUsername = normalized,
+                PasswordHash = hash,
+                PasswordSalt = salt,
+                DisplayName = displayName,
+                CreatedAt = DateTimeOffset.UtcNow,
+                LastLoginAt = DateTimeOffset.UtcNow
+            };
+
+            db.Players.Add(player);
+            await db.SaveChangesAsync();
+
+            PlayerIdentityExtensions.IssuePlayerCookie(ctx, player.Id);
+
+            return Results.Ok(new { player.Id, player.Username, player.DisplayName });
+        });
+
+        group.MapPost("/login", async ([FromBody] LoginRequest request, HttpContext ctx, AppDbContext db) =>
+        {
+            var username = request.Username?.Trim();
+            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(request.Password))
+                return Results.BadRequest(new { error = "Username and password are required." });
+
+            var normalized = username.ToLowerInvariant();
+            var player = await db.Players.FirstOrDefaultAsync(p => p.NormalizedUsername == normalized);
+            if (player == null || !PasswordHasher.Verify(request.Password, player.PasswordHash, player.PasswordSalt))
+                return Results.Json(new { error = "Invalid username or password." }, statusCode: StatusCodes.Status401Unauthorized);
+
+            player.LastLoginAt = DateTimeOffset.UtcNow;
+            await db.SaveChangesAsync();
+
+            PlayerIdentityExtensions.IssuePlayerCookie(ctx, player.Id);
+
+            return Results.Ok(new { player.Id, player.Username, player.DisplayName });
+        });
+
+        group.MapPost("/logout", (HttpContext ctx) =>
+        {
+            PlayerIdentityExtensions.ClearPlayerCookie(ctx);
+            return Results.NoContent();
+        });
+    }
+}