1 files changed, 76 insertions, 0 deletions

diff --git a/src/server/Controllers/AccountController.cs b/src/server/Controllers/AccountController.cs
new file mode 100644
index 0000000..58bb7b6
--- /dev/null
+++ b/src/server/Controllers/AccountController.cs
@@ -0,0 +1,76 @@
+using System;
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Dough.Models;
+using Dough.Models.Database;
+using Dough.Models.Results;
+using Dough.Utilities;
+
+namespace Dough.Controllers
+{
+    public class AccountController : BaseController
+    {
+        private readonly MainDbContext _context;
+
+        public AccountController(MainDbContext context)
+        {
+            _context = context;
+        }
+
+        [HttpPost("login")]
+        public async Task<ActionResult> Login(string username, string password)
+        {
+            var user = _context.Users.SingleByNameOrDefault(username);
+            if (user == default)
+                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
+                    "Verifiser at passord og brukernavn er riktig og prøv igjen"));
+
+            if (!user.VerifyPassword(password))
+                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
+                    "Verifiser at passord og brukernavn er riktig"));
+
+            var claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.Name, user.Username),
+                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
+            };
+
+            var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
+
+            var authenticationProperties = new AuthenticationProperties
+            {
+                IsPersistent = false,
+                IssuedUtc = DateTime.UtcNow,
+                AllowRefresh = true,
+                ExpiresUtc = DateTime.UtcNow.AddDays(7),
+            };
+
+            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                claimsPrincipal,
+                authenticationProperties);
+
+            return Ok();
+        }
+
+        [HttpGet("logout")]
+        public async Task<ActionResult> Logout(string continueTo = default)
+        {
+            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            if (continueTo.IsPresent() && continueTo.IsValidUrl()) return Redirect(continueTo);
+            return Ok();
+        }
+
+        [Authorize]
+        [HttpGet("me")]
+        public ActionResult GetClaimsForUser()
+        {
+            return Ok(LoggedInUser);
+        }
+    }
+}