Mizuki/Controllers/LoginController.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Mizuki.Dtos;
using Mizuki.Services;
using Mizuki.Validators;

namespace Mizuki.Controllers;

/// <summary>
/// The login controller for Mizuki.
/// </summary>
[ApiController]
[Route("/api/user")]
public class LoginController(
    UserService userService,
    LoginService loginService,
    LoginDataValidator loginDataValidator) : ControllerBase
{
    /// <summary>
    /// Logs into Mizuki as a given user.
    /// </summary>
    /// <param name="dto">The login data dto.</param>
    /// <returns>Redirect.</returns>
    [HttpPost]
    [Route("login")]
    public async Task<RedirectResult> Login(
        LoginDataDto dto)
    {
        if (!await userService.CheckPasswordForUser(dto.Username, dto.Password))
        {
            return Redirect("/login?error=Invalid username or password.");
        }

        var user = await userService.GetUserForUsername(dto.Username);
        await loginService.LoginAsUser(user);
        
        return Redirect("/");
    }
    
    /// <summary>
    /// Logs out of Mizuki.
    /// </summary>
    /// <returns>Redirect.</returns>
    [Authorize]
    [Route("logout")]
    public async Task<RedirectResult> Logout()
    {
        await loginService.Logout();
        return Redirect("/");
    }
    
    /// <summary>
    /// Registers a new user in Mizuki.
    /// </summary>
    /// <param name="dto">The login data dto.</param>
    /// <returns>Redirect.</returns>
    [Route("register")]
    [HttpPost]
    public async Task<RedirectResult> Register(
        LoginDataDto dto)
    {
        if (await userService.UsernameTaken(dto.Username))
            return Redirect("/register?error=This user already exists.");
        
        var result = await loginDataValidator.ValidateAsync(dto);
        if (!result.IsValid)
        {
            if (result.Errors.Any(e => e.PropertyName == "Username"))
                return Redirect("/register?error=Invalid username.");
            
            if (result.Errors.Any(e => e.PropertyName == "Password"))
                return Redirect("/register?error=Invalid password.");
        }

        await userService.CreateUser(
            dto.Username,
            dto.Password);
        
        return Redirect("/");
    }
}