Add username/password auth and login UI

2026-01-29 01:01:13 +01:00
parent ca25d4f0ee
commit f1534b7631
21 changed files with 690 additions and 50 deletions
--- a/Endpoints/SuggestEndpoints.cs
+++ b/Endpoints/SuggestEndpoints.cs
@@ -16,7 +16,8 @@ public static class SuggestEndpoints
            if (phase != Phase.Suggest)
                return EndpointHelpers.PhaseMismatch(Phase.Suggest, phase);

-            var player = await EndpointHelpers.GetOrCreatePlayer(ctx, db);
+            var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
+            if (player is null) return Results.Unauthorized();
            var mine = await db.Suggestions.AsNoTracking()
                .Where(s => s.PlayerId == player.Id)
                .Select(s => new
@@ -50,7 +51,8 @@ public static class SuggestEndpoints
                return Results.BadRequest(new { error = "Name is required and must be <= 100 characters." });
            }

-            var player = await EndpointHelpers.GetOrCreatePlayer(ctx, db);
+            var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
+            if (player is null) return Results.Unauthorized();

            if (string.IsNullOrWhiteSpace(player.DisplayName))
            {
@@ -86,7 +88,8 @@ public static class SuggestEndpoints
            if (phase != Phase.Suggest)
                return EndpointHelpers.PhaseMismatch(Phase.Suggest, phase);

-            var player = await EndpointHelpers.GetOrCreatePlayer(ctx, db);
+            var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
+            if (player is null) return Results.Unauthorized();
            var suggestion = await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id && s.PlayerId == player.Id);
            if (suggestion == null)
                return Results.NotFound(new { error = "Suggestion not found." });
@@ -96,12 +99,15 @@ public static class SuggestEndpoints
            return Results.NoContent();
        });

-        app.MapGet("/api/suggestions/all", async (AppDbContext db) =>
+        app.MapGet("/api/suggestions/all", async (HttpContext ctx, AppDbContext db) =>
        {
            var phase = await EndpointHelpers.GetPhase(db);
            if (phase < Phase.Reveal)
                return EndpointHelpers.PhaseMismatch(Phase.Reveal, phase);

+            var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
+            if (player is null) return Results.Unauthorized();
+
            var all = await db.Suggestions.AsNoTracking()
                .Include(s => s.Player)
                .Select(s => new