using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.IdentityModel.Tokens; using OnProfNext.Server.Data; using OnProfNext.Shared.Models; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; namespace OnProfNext.Server.Controllers { [ApiController] [Route("api/[controller]")] public class AuthController : ControllerBase { private readonly AppDbContext _context; private readonly IConfiguration _configuration; public AuthController(AppDbContext context, IConfiguration configuration) { _context = context; _configuration = configuration; } [AllowAnonymous] [HttpPost("login")] public async Task Login([FromBody] LoginRequest request) { var user = await _context.Users.FirstOrDefaultAsync(u => u.Username == request.Username); if (user == null) { return Unauthorized("Ungültiger Benutzername oder Passwort."); } if (!BCrypt.Net.BCrypt.Verify(request.Password, user.PasswordHash)) { return Unauthorized("Ungültiger Benutzername oder Passwort."); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.UTF8.GetBytes(_configuration["Jwt:Key"]!); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.Username), new Claim("MandantId", user.MandantId.ToString()), new Claim("UserId", user.Id.ToString()) }), Expires = DateTime.UtcNow.AddMinutes(int.Parse(_configuration["Jwt:ExpireMinutes"]!)), Issuer = _configuration["Jwt:Issuer"], Audience = _configuration["Jwt:Audience"], SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); return Ok(new LoginResponse { Token = tokenHandler.WriteToken(token), Username = user.Username, ExpiresAt = tokenDescriptor.Expires!.Value }); } } }