// src/Webshop.Application/Services/Auth/AuthService.cs using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using Webshop.Application.DTOs.Auth; using System.Threading.Tasks; using System.Collections.Generic; namespace Webshop.Application.Services.Auth { public class AuthService : IAuthService // Sicherstellen, dass IAuthService implementiert wird { private readonly UserManager _userManager; private readonly SignInManager _signInManager; private readonly IConfiguration _configuration; private readonly RoleManager _roleManager; public AuthService( UserManager userManager, SignInManager signInManager, IConfiguration configuration, RoleManager roleManager) { _userManager = userManager; _signInManager = signInManager; _configuration = configuration; _roleManager = roleManager; } public async Task RegisterUserAsync(RegisterRequestDto request) { var existingUser = await _userManager.FindByEmailAsync(request.Email); if (existingUser != null) { return new AuthResponseDto { IsAuthSuccessful = false, ErrorMessage = "E-Mail ist bereits registriert." }; } var user = new IdentityUser { Email = request.Email, UserName = request.Email }; var result = await _userManager.CreateAsync(user, request.Password); if (!result.Succeeded) { var errors = string.Join(" ", result.Errors.Select(e => e.Description)); return new AuthResponseDto { IsAuthSuccessful = false, ErrorMessage = errors }; } if (!await _roleManager.RoleExistsAsync("Customer")) { await _roleManager.CreateAsync(new IdentityRole("Customer")); } await _userManager.AddToRoleAsync(user, "Customer"); var roles = await _userManager.GetRolesAsync(user); var token = await GenerateJwtToken(user, roles); return new AuthResponseDto { IsAuthSuccessful = true, Token = token, UserId = user.Id, Email = user.Email, Roles = roles.ToList() }; } public async Task LoginUserAsync(LoginRequestDto request) { var user = await _userManager.FindByEmailAsync(request.Email); if (user == null) { return new AuthResponseDto { IsAuthSuccessful = false, ErrorMessage = "Ungültige Anmeldeinformationen." }; } var signInResult = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false); if (!signInResult.Succeeded) { return new AuthResponseDto { IsAuthSuccessful = false, ErrorMessage = "Ungültige Anmeldeinformationen." }; } var roles = await _userManager.GetRolesAsync(user); var token = await GenerateJwtToken(user, roles); return new AuthResponseDto { IsAuthSuccessful = true, Token = token, UserId = user.Id, Email = user.Email, Roles = roles.ToList() }; } public async Task LoginAdminAsync(LoginRequestDto request) { var authResponse = await LoginUserAsync(request); if (!authResponse.IsAuthSuccessful) { return authResponse; } var user = await _userManager.FindByEmailAsync(request.Email); if (user == null || !await _userManager.IsInRoleAsync(user, "Admin")) { return new AuthResponseDto { IsAuthSuccessful = false, ErrorMessage = "Keine Berechtigung." }; } return authResponse; } private async Task GenerateJwtToken(IdentityUser user, IList roles) { var claims = new List { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Email, user.Email!) }; foreach (var role in roles) { claims.Add(new Claim(ClaimTypes.Role, role)); } var jwtSettings = _configuration.GetSection("JwtSettings"); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings["Secret"]!)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var expires = DateTime.UtcNow.AddMinutes(double.Parse(jwtSettings["ExpirationMinutes"]!)); var token = new JwtSecurityToken( issuer: jwtSettings["Issuer"], audience: jwtSettings["Audience"], claims: claims, expires: expires, signingCredentials: creds ); return new JwtSecurityTokenHandler().WriteToken(token); } } }