feat: backend add auth method

server/src/Controllers/DataController.cs

@@ -1,5 +1,9 @@
-using Microsoft.AspNetCore.Cors;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.IdentityModel.Tokens;
 
 namespace server.Controllers;
 
@@ -13,57 +17,70 @@ public class DataController : ControllerBase
     private static NLog.Logger logger = NLog.LogManager.GetCurrentClassLogger();
 
     /// <summary>
-    /// 创建数据库表
+    /// [TODO:description]
     /// </summary>
-    /// <returns>插入的记录数</returns>
-    [EnableCors("Development")]
-    [HttpPost("CreateTable")]
-    public IResult CreateTables()
+    /// <param name="name">[TODO:parameter]</param>
+    /// <param name="password">[TODO:parameter]</param>
+    /// <returns>[TODO:return]</returns>
+    [HttpPost("login")]
+    public IActionResult Login(string name, string password)
     {
+        // 验证用户密码
         using var db = new Database.AppDataConnection();
-        db.CreateAllTables();
-        return TypedResults.Ok();
+        var ret = db.CheckUserPassword(name, password);
+        if (!ret.IsSuccessful) return StatusCode(StatusCodes.Status500InternalServerError);
+        if (!ret.Value.HasValue) return BadRequest($"TODO");
+        var user = ret.Value.Value;
+
+        // 生成 JWT
+        var tokenHandler = new JwtSecurityTokenHandler();
+        var key = Encoding.ASCII.GetBytes("my secret key 1234567890my secret key 1234567890");
+        var tokenDescriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(new Claim[]
+            {
+                new Claim(ClaimTypes.Name, user.Name),
+                new Claim(ClaimTypes.Email, user.EMail),
+            }),
+            Expires = DateTime.UtcNow.AddHours(1),
+            SigningCredentials = new SigningCredentials(
+                new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature),
+            Audience = "dlut.edu.cn",
+            Issuer = "dlut.edu.cn",
+        };
+        var token = tokenHandler.CreateToken(tokenDescriptor);
+        var jwt = tokenHandler.WriteToken(token);
+
+        return Ok(jwt);
     }
 
     /// <summary>
-    /// 删除数据库表
+    /// [TODO:description]
     /// </summary>
-    /// <returns>插入的记录数</returns>
-    [EnableCors("Development")]
-    [HttpDelete("DropTables")]
-    public IResult DropTables()
+    /// <returns>[TODO:return]</returns>
+    [HttpGet("TestAuth")]
+    [Authorize]
+    public IActionResult TestAuth()
     {
-        using var db = new Database.AppDataConnection();
-        db.DropAllTables();
-        return TypedResults.Ok();
-    }
-
-    /// <summary>
-    /// 获取所有用户
-    /// </summary>
-    /// <returns>用户列表</returns>
-    [HttpGet("AllUsers")]
-    public IResult AllUsers()
-    {
-        using var db = new Database.AppDataConnection();
-        var ret = db.User.ToList();
-        return TypedResults.Ok(ret);
+        return Ok("Authenticated!");
     }
 
     /// <summary>
     /// 注册新用户
     /// </summary>
     /// <param name="name">用户名</param>
+    /// <param name="email">[TODO:parameter]</param>
+    /// <param name="password">[TODO:parameter]</param>
     /// <returns>操作结果</returns>
     [HttpPost("SignUpUser")]
-    public IResult SignUpUser(string name)
+    public IActionResult SignUpUser(string name, string email, string password)
     {
         if (name.Length > 255)
-            return TypedResults.BadRequest("Name Couln't over 255 characters");
+            return BadRequest("Name Couln't over 255 characters");
 
         using var db = new Database.AppDataConnection();
-        var ret = db.AddUser(name);
-        return TypedResults.Ok(ret);
+        var ret = db.AddUser(name, email, password);
+        return Ok(ret);
     }
 }