using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using AutoMapper; using BackEndAaaapero.Helpers; using BackEndAaaapero.Models; using DTO; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using Services; namespace Controllers { [Authorize] [ApiController] [Route("[controller]")] public class UsersController : ControllerBase { private IUserService _userService; private IMapper _mapper; public IConfiguration Configuration; public UsersController( IUserService userService, IMapper mapper, IConfiguration configuration) { _userService = userService; _mapper = mapper; Configuration = configuration; } [AllowAnonymous] [HttpPost("authenticate")] public IActionResult Authenticate([FromBody]AuthenticateModel model) { var user = _userService.Authenticate(model.Username, model.Password); if (user == null) return BadRequest(new { message = "Username or password is incorrect" }); var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(Configuration["Secret"]); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); // return basic user info and authentication token return Ok(new { Id = user.Id, Username = user.Username, FirstName = user.FirstName, LastName = user.LastName, Token = tokenString }); } [HttpDelete("{id}")] public IActionResult Delete(int id) { _userService.Delete(id); return Ok(); } } }