Add username/password auth and login UI

Infrastructure/PasswordHasher.cs

@@ -0,0 +1,38 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace GameList.Infrastructure;
+
+public static class PasswordHasher
+{
+    private const int SaltSize = 16;
+    private const int KeySize = 32;
+    private const int Iterations = 100_000;
+
+    public static (byte[] Hash, byte[] Salt) HashPassword(string password)
+    {
+        if (string.IsNullOrEmpty(password))
+            throw new ArgumentException("Password required", nameof(password));
+
+        var salt = RandomNumberGenerator.GetBytes(SaltSize);
+        var hash = PBKDF2(password, salt);
+        return (hash, salt);
+    }
+
+    public static bool Verify(string password, byte[] hash, byte[] salt)
+    {
+        if (hash is null || salt is null || hash.Length == 0 || salt.Length == 0) return false;
+        var computed = PBKDF2(password, salt);
+        return CryptographicOperations.FixedTimeEquals(computed, hash);
+    }
+
+    private static byte[] PBKDF2(string password, byte[] salt)
+    {
+        return Rfc2898DeriveBytes.Pbkdf2(
+            Encoding.UTF8.GetBytes(password),
+            salt,
+            Iterations,
+            HashAlgorithmName.SHA256,
+            KeySize);
+    }
+}

Infrastructure/PlayerIdentityExtensions.cs

@@ -13,24 +13,14 @@ public static class PlayerIdentityExtensions
             var pathBase = ctx.Request.PathBase.HasValue ? ctx.Request.PathBase.Value : "/";
             var isHttps = string.Equals(ctx.Request.Scheme, "https", StringComparison.OrdinalIgnoreCase);
 
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                SameSite = SameSiteMode.Strict,
-                Secure = isHttps,
-                IsEssential = true,
-                Expires = DateTimeOffset.UtcNow.AddYears(1),
-                Path = pathBase
-            };
-
             Guid playerId;
             if (!ctx.Request.Cookies.TryGetValue(PlayerCookieName, out var value) || !Guid.TryParse(value, out playerId))
             {
-                playerId = Guid.NewGuid();
+                await next();
+                return;
             }
 
-            ctx.Response.Cookies.Append(PlayerCookieName, playerId.ToString(), cookieOptions);
-            ctx.Items[PlayerCookieName] = playerId;
+            IssuePlayerCookie(ctx, playerId);
 
             await next();
         });
@@ -38,6 +28,36 @@ public static class PlayerIdentityExtensions
         return app;
     }
 
+    public static void IssuePlayerCookie(HttpContext ctx, Guid playerId)
+    {
+        var options = BuildCookieOptions(ctx);
+        ctx.Response.Cookies.Append(PlayerCookieName, playerId.ToString(), options);
+        ctx.Items[PlayerCookieName] = playerId;
+    }
+
+    public static void ClearPlayerCookie(HttpContext ctx)
+    {
+        var options = BuildCookieOptions(ctx);
+        options.Expires = DateTimeOffset.UtcNow.AddDays(-1);
+        ctx.Response.Cookies.Append(PlayerCookieName, string.Empty, options);
+        ctx.Items.Remove(PlayerCookieName);
+    }
+
+    private static CookieOptions BuildCookieOptions(HttpContext ctx)
+    {
+        var pathBase = ctx.Request.PathBase.HasValue ? ctx.Request.PathBase.Value : "/";
+        var isHttps = string.Equals(ctx.Request.Scheme, "https", StringComparison.OrdinalIgnoreCase);
+        return new CookieOptions
+        {
+            HttpOnly = true,
+            SameSite = SameSiteMode.Strict,
+            Secure = isHttps,
+            IsEssential = true,
+            Expires = DateTimeOffset.UtcNow.AddYears(1),
+            Path = pathBase
+        };
+    }
+
     public static IApplicationBuilder UseGlobalExceptionLogging(this IApplicationBuilder app)
     {
         app.UseExceptionHandler(handler =>