[FA-55] User Service backend initial setup
This commit is contained in:
gamer147
@@ -24,4 +24,9 @@
|
||||
</PackageReference>
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<Folder Include="Models\IntegrationEvents\" />
|
||||
<Folder Include="Services\EventHandlers\" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
||||
@@ -1,38 +1,53 @@
|
||||
using FictionArchive.Service.Shared.Constants;
|
||||
using System.Security.Claims;
|
||||
using FictionArchive.Service.UserService.Models.DTOs;
|
||||
using FictionArchive.Service.UserService.Services;
|
||||
using HotChocolate.Authorization;
|
||||
using HotChocolate.Types;
|
||||
|
||||
namespace FictionArchive.Service.UserService.GraphQL;
|
||||
|
||||
public class Mutation
|
||||
{
|
||||
[Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
|
||||
public async Task<UserDto> RegisterUser(string username, string email, string oAuthProviderId,
|
||||
string? inviterOAuthProviderId, UserManagementService userManagementService)
|
||||
[Authorize]
|
||||
[Error<InvalidOperationException>]
|
||||
public async Task<UserDto> InviteUser(
|
||||
string email,
|
||||
string username,
|
||||
UserManagementService userManagementService,
|
||||
ClaimsPrincipal claimsPrincipal)
|
||||
{
|
||||
var user = await userManagementService.RegisterUser(username, email, oAuthProviderId, inviterOAuthProviderId);
|
||||
// Get the current user's OAuth provider ID from claims
|
||||
var oAuthProviderId = claimsPrincipal.FindFirst("sub")?.Value;
|
||||
if (string.IsNullOrEmpty(oAuthProviderId))
|
||||
{
|
||||
throw new InvalidOperationException("Unable to determine current user identity");
|
||||
}
|
||||
|
||||
// Get the inviter from the database
|
||||
var inviter = await userManagementService.GetUserByOAuthProviderIdAsync(oAuthProviderId);
|
||||
if (inviter == null)
|
||||
{
|
||||
throw new InvalidOperationException("Current user not found in the system");
|
||||
}
|
||||
|
||||
// Invite the new user
|
||||
var newUser = await userManagementService.InviteUserAsync(inviter, email, username);
|
||||
if (newUser == null)
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
"Failed to invite user. Either you have no available invites, or the email/username is already in use.");
|
||||
}
|
||||
|
||||
return new UserDto
|
||||
{
|
||||
Id = user.Id,
|
||||
CreatedTime = user.CreatedTime,
|
||||
LastUpdatedTime = user.LastUpdatedTime,
|
||||
Username = user.Username,
|
||||
Email = user.Email,
|
||||
Disabled = user.Disabled,
|
||||
Inviter = user.Inviter != null
|
||||
? new UserDto
|
||||
{
|
||||
Id = user.Inviter.Id,
|
||||
CreatedTime = user.Inviter.CreatedTime,
|
||||
LastUpdatedTime = user.Inviter.LastUpdatedTime,
|
||||
Username = user.Inviter.Username,
|
||||
Email = user.Inviter.Email,
|
||||
Disabled = user.Inviter.Disabled,
|
||||
Inviter = null // Limit recursion to one level
|
||||
}
|
||||
: null
|
||||
Id = newUser.Id,
|
||||
CreatedTime = newUser.CreatedTime,
|
||||
LastUpdatedTime = newUser.LastUpdatedTime,
|
||||
Username = newUser.Username,
|
||||
Email = newUser.Email,
|
||||
Disabled = newUser.Disabled,
|
||||
AvailableInvites = newUser.AvailableInvites,
|
||||
InviterId = newUser.InviterId
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
using System.Security.Claims;
|
||||
using FictionArchive.Service.UserService.Models.DTOs;
|
||||
using FictionArchive.Service.UserService.Services;
|
||||
using HotChocolate.Authorization;
|
||||
@@ -7,9 +8,38 @@ namespace FictionArchive.Service.UserService.GraphQL;
|
||||
public class Query
|
||||
{
|
||||
[Authorize]
|
||||
public IQueryable<UserDto> GetUsers(UserManagementService userManagementService)
|
||||
public async Task<int> GetAvailableInvites(
|
||||
UserManagementService userManagementService,
|
||||
ClaimsPrincipal claimsPrincipal)
|
||||
{
|
||||
return userManagementService.GetUsers().Select(user => new UserDto
|
||||
var oAuthProviderId = claimsPrincipal.FindFirst("sub")?.Value;
|
||||
if (string.IsNullOrEmpty(oAuthProviderId))
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
var user = await userManagementService.GetUserByOAuthProviderIdAsync(oAuthProviderId);
|
||||
return user?.AvailableInvites ?? 0;
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
public async Task<UserDto?> GetCurrentUser(
|
||||
UserManagementService userManagementService,
|
||||
ClaimsPrincipal claimsPrincipal)
|
||||
{
|
||||
var oAuthProviderId = claimsPrincipal.FindFirst("sub")?.Value;
|
||||
if (string.IsNullOrEmpty(oAuthProviderId))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
var user = await userManagementService.GetUserByOAuthProviderIdAsync(oAuthProviderId);
|
||||
if (user == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
return new UserDto
|
||||
{
|
||||
Id = user.Id,
|
||||
CreatedTime = user.CreatedTime,
|
||||
@@ -17,18 +47,8 @@ public class Query
|
||||
Username = user.Username,
|
||||
Email = user.Email,
|
||||
Disabled = user.Disabled,
|
||||
Inviter = user.Inviter != null
|
||||
? new UserDto
|
||||
{
|
||||
Id = user.Inviter.Id,
|
||||
CreatedTime = user.Inviter.CreatedTime,
|
||||
LastUpdatedTime = user.Inviter.LastUpdatedTime,
|
||||
Username = user.Inviter.Username,
|
||||
Email = user.Inviter.Email,
|
||||
Disabled = user.Inviter.Disabled,
|
||||
Inviter = null // Limit recursion to one level
|
||||
}
|
||||
: null
|
||||
});
|
||||
AvailableInvites = user.AvailableInvites,
|
||||
InviterId = user.InviterId
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
83
FictionArchive.Service.UserService/Migrations/20251229151921_AddAvailableInvites.Designer.cs
generated
Normal file
83
FictionArchive.Service.UserService/Migrations/20251229151921_AddAvailableInvites.Designer.cs
generated
Normal file
@@ -0,0 +1,83 @@
|
||||
// <auto-generated />
|
||||
using System;
|
||||
using FictionArchive.Service.UserService.Services;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.EntityFrameworkCore.Infrastructure;
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
|
||||
using NodaTime;
|
||||
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace FictionArchive.Service.UserService.Migrations
|
||||
{
|
||||
[DbContext(typeof(UserServiceDbContext))]
|
||||
[Migration("20251229151921_AddAvailableInvites")]
|
||||
partial class AddAvailableInvites
|
||||
{
|
||||
/// <inheritdoc />
|
||||
protected override void BuildTargetModel(ModelBuilder modelBuilder)
|
||||
{
|
||||
#pragma warning disable 612, 618
|
||||
modelBuilder
|
||||
.HasAnnotation("ProductVersion", "9.0.11")
|
||||
.HasAnnotation("Relational:MaxIdentifierLength", 63);
|
||||
|
||||
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
|
||||
|
||||
modelBuilder.Entity("FictionArchive.Service.UserService.Models.Database.User", b =>
|
||||
{
|
||||
b.Property<Guid>("Id")
|
||||
.ValueGeneratedOnAdd()
|
||||
.HasColumnType("uuid");
|
||||
|
||||
b.Property<int>("AvailableInvites")
|
||||
.HasColumnType("integer");
|
||||
|
||||
b.Property<Instant>("CreatedTime")
|
||||
.HasColumnType("timestamp with time zone");
|
||||
|
||||
b.Property<bool>("Disabled")
|
||||
.HasColumnType("boolean");
|
||||
|
||||
b.Property<string>("Email")
|
||||
.IsRequired()
|
||||
.HasColumnType("text");
|
||||
|
||||
b.Property<Guid?>("InviterId")
|
||||
.HasColumnType("uuid");
|
||||
|
||||
b.Property<Instant>("LastUpdatedTime")
|
||||
.HasColumnType("timestamp with time zone");
|
||||
|
||||
b.Property<string>("OAuthProviderId")
|
||||
.IsRequired()
|
||||
.HasColumnType("text");
|
||||
|
||||
b.Property<string>("Username")
|
||||
.IsRequired()
|
||||
.HasColumnType("text");
|
||||
|
||||
b.HasKey("Id");
|
||||
|
||||
b.HasIndex("InviterId");
|
||||
|
||||
b.HasIndex("OAuthProviderId")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("Users");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("FictionArchive.Service.UserService.Models.Database.User", b =>
|
||||
{
|
||||
b.HasOne("FictionArchive.Service.UserService.Models.Database.User", "Inviter")
|
||||
.WithMany()
|
||||
.HasForeignKey("InviterId");
|
||||
|
||||
b.Navigation("Inviter");
|
||||
});
|
||||
#pragma warning restore 612, 618
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace FictionArchive.Service.UserService.Migrations
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public partial class AddAvailableInvites : Migration
|
||||
{
|
||||
/// <inheritdoc />
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<int>(
|
||||
name: "AvailableInvites",
|
||||
table: "Users",
|
||||
type: "integer",
|
||||
nullable: false,
|
||||
defaultValue: 0);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropColumn(
|
||||
name: "AvailableInvites",
|
||||
table: "Users");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -29,6 +29,9 @@ namespace FictionArchive.Service.UserService.Migrations
|
||||
.ValueGeneratedOnAdd()
|
||||
.HasColumnType("uuid");
|
||||
|
||||
b.Property<int>("AvailableInvites")
|
||||
.HasColumnType("integer");
|
||||
|
||||
b.Property<Instant>("CreatedTime")
|
||||
.HasColumnType("timestamp with time zone");
|
||||
|
||||
|
||||
@@ -7,9 +7,10 @@ public class UserDto
|
||||
public Guid Id { get; init; }
|
||||
public Instant CreatedTime { get; init; }
|
||||
public Instant LastUpdatedTime { get; init; }
|
||||
|
||||
public required string Username { get; init; }
|
||||
public required string Email { get; init; }
|
||||
// OAuthProviderId intentionally omitted for security
|
||||
public bool Disabled { get; init; }
|
||||
public UserDto? Inviter { get; init; }
|
||||
public int AvailableInvites { get; init; }
|
||||
public Guid? InviterId { get; init; }
|
||||
}
|
||||
|
||||
@@ -6,15 +6,13 @@ namespace FictionArchive.Service.UserService.Models.Database;
|
||||
[Index(nameof(OAuthProviderId), IsUnique = true)]
|
||||
public class User : BaseEntity<Guid>
|
||||
{
|
||||
public string Username { get; set; }
|
||||
public string Email { get; set; }
|
||||
public string OAuthProviderId { get; set; }
|
||||
|
||||
|
||||
public required string Username { get; set; }
|
||||
public required string Email { get; set; }
|
||||
public required string OAuthProviderId { get; set; }
|
||||
public bool Disabled { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The user that generated an invite used by this user.
|
||||
/// </summary>
|
||||
public int AvailableInvites { get; set; } = 0;
|
||||
|
||||
// Navigation properties
|
||||
public Guid? InviterId { get; set; }
|
||||
public User? Inviter { get; set; }
|
||||
}
|
||||
@@ -1,16 +0,0 @@
|
||||
using FictionArchive.Service.Shared.Services.EventBus;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Models.IntegrationEvents;
|
||||
|
||||
public class AuthUserAddedEvent : IIntegrationEvent
|
||||
{
|
||||
public string OAuthProviderId { get; set; }
|
||||
|
||||
public string InviterOAuthProviderId { get; set; }
|
||||
|
||||
// The email of the user that created the event
|
||||
public string EventUserEmail { get; set; }
|
||||
|
||||
// The username of the user that created the event
|
||||
public string EventUserUsername { get; set; }
|
||||
}
|
||||
@@ -1,11 +1,12 @@
|
||||
using System.Net.Http.Headers;
|
||||
using FictionArchive.Common.Extensions;
|
||||
using FictionArchive.Service.Shared;
|
||||
using FictionArchive.Service.Shared.Extensions;
|
||||
using FictionArchive.Service.Shared.Services.EventBus.Implementations;
|
||||
using FictionArchive.Service.UserService.GraphQL;
|
||||
using FictionArchive.Service.UserService.Models.IntegrationEvents;
|
||||
using FictionArchive.Service.UserService.Services;
|
||||
using FictionArchive.Service.UserService.Services.EventHandlers;
|
||||
using FictionArchive.Service.UserService.Services.AuthenticationClient;
|
||||
using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
namespace FictionArchive.Service.UserService;
|
||||
|
||||
@@ -25,19 +26,34 @@ public class Program
|
||||
builder.Services.AddRabbitMQ(opt =>
|
||||
{
|
||||
builder.Configuration.GetSection("RabbitMQ").Bind(opt);
|
||||
})
|
||||
.Subscribe<AuthUserAddedEvent, AuthUserAddedEventHandler>();
|
||||
});
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
||||
|
||||
#region GraphQL
|
||||
|
||||
|
||||
builder.Services.AddDefaultGraphQl<Query, Mutation>()
|
||||
.AddAuthorization();
|
||||
|
||||
|
||||
#endregion
|
||||
|
||||
|
||||
#region Authentik Client
|
||||
|
||||
builder.Services.Configure<AuthentikConfiguration>(
|
||||
builder.Configuration.GetSection("Authentik"));
|
||||
|
||||
var authentikConfig = builder.Configuration.GetSection("Authentik").Get<AuthentikConfiguration>();
|
||||
builder.Services.AddHttpClient<IAuthenticationServiceClient, AuthentikClient>(client =>
|
||||
{
|
||||
client.BaseAddress = new Uri(authentikConfig?.BaseUrl ?? "https://localhost");
|
||||
client.DefaultRequestHeaders.Authorization =
|
||||
new AuthenticationHeaderValue("Bearer", authentikConfig?.ApiToken ?? "");
|
||||
})
|
||||
.AddStandardResilienceHandler();
|
||||
|
||||
#endregion
|
||||
|
||||
builder.Services.RegisterDbContext<UserServiceDbContext>(
|
||||
builder.Configuration.GetConnectionString("DefaultConnection"),
|
||||
skipInfrastructure: isSchemaExport);
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
public class AuthentikAddUserRequest
|
||||
{
|
||||
[JsonPropertyName("username")]
|
||||
public required string Username { get; set; }
|
||||
|
||||
[JsonPropertyName("name")]
|
||||
public required string DisplayName { get; set; }
|
||||
|
||||
[JsonPropertyName("email")]
|
||||
public required string Email { get; set; }
|
||||
|
||||
[JsonPropertyName("is_active")]
|
||||
public bool IsActive { get; set; } = true;
|
||||
|
||||
[JsonPropertyName("type")]
|
||||
public string Type { get; } = "external";
|
||||
}
|
||||
@@ -0,0 +1,78 @@
|
||||
using System.Net.Http.Json;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
public class AuthentikClient : IAuthenticationServiceClient
|
||||
{
|
||||
private readonly HttpClient _httpClient;
|
||||
private readonly ILogger<AuthentikClient> _logger;
|
||||
|
||||
public AuthentikClient(HttpClient httpClient, ILogger<AuthentikClient> logger)
|
||||
{
|
||||
_httpClient = httpClient;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
public async Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName)
|
||||
{
|
||||
var request = new AuthentikAddUserRequest
|
||||
{
|
||||
Username = username,
|
||||
Email = email,
|
||||
DisplayName = displayName,
|
||||
IsActive = true
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
var response = await _httpClient.PostAsJsonAsync("/api/v3/core/users/", request);
|
||||
|
||||
if (!response.IsSuccessStatusCode)
|
||||
{
|
||||
var errorContent = await response.Content.ReadAsStringAsync();
|
||||
_logger.LogError(
|
||||
"Failed to create user in Authentik. Status: {StatusCode}, Error: {Error}",
|
||||
response.StatusCode, errorContent);
|
||||
return null;
|
||||
}
|
||||
|
||||
var userResponse = await response.Content.ReadFromJsonAsync<AuthentikUserResponse>();
|
||||
_logger.LogInformation("Successfully created user {Username} in Authentik with pk {Pk}",
|
||||
username, userResponse?.Pk);
|
||||
|
||||
return userResponse;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Exception while creating user {Username} in Authentik", username);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<bool> SendRecoveryEmailAsync(int authentikUserId)
|
||||
{
|
||||
try
|
||||
{
|
||||
var response = await _httpClient.PostAsync(
|
||||
$"/api/v3/core/users/{authentikUserId}/recovery_email/",
|
||||
null);
|
||||
|
||||
if (!response.IsSuccessStatusCode)
|
||||
{
|
||||
var errorContent = await response.Content.ReadAsStringAsync();
|
||||
_logger.LogError(
|
||||
"Failed to send recovery email for user {UserId}. Status: {StatusCode}, Error: {Error}",
|
||||
authentikUserId, response.StatusCode, errorContent);
|
||||
return false;
|
||||
}
|
||||
|
||||
_logger.LogInformation("Successfully sent recovery email to Authentik user {UserId}", authentikUserId);
|
||||
return true;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Exception while sending recovery email to Authentik user {UserId}", authentikUserId);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
public class AuthentikConfiguration
|
||||
{
|
||||
public string BaseUrl { get; set; } = string.Empty;
|
||||
public string ApiToken { get; set; } = string.Empty;
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
public class AuthentikUserResponse
|
||||
{
|
||||
[JsonPropertyName("pk")]
|
||||
public int Pk { get; set; }
|
||||
|
||||
[JsonPropertyName("username")]
|
||||
public string Username { get; set; } = string.Empty;
|
||||
|
||||
[JsonPropertyName("name")]
|
||||
public string Name { get; set; } = string.Empty;
|
||||
|
||||
[JsonPropertyName("email")]
|
||||
public string Email { get; set; } = string.Empty;
|
||||
|
||||
[JsonPropertyName("is_active")]
|
||||
public bool IsActive { get; set; }
|
||||
|
||||
[JsonPropertyName("is_superuser")]
|
||||
public bool IsSuperuser { get; set; }
|
||||
|
||||
[JsonPropertyName("uid")]
|
||||
public string Uid { get; set; } = string.Empty;
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services.AuthenticationClient;
|
||||
|
||||
public interface IAuthenticationServiceClient
|
||||
{
|
||||
/// <summary>
|
||||
/// Creates a new user in the authentication provider.
|
||||
/// </summary>
|
||||
/// <param name="username">The username for the new user</param>
|
||||
/// <param name="email">The email address for the new user</param>
|
||||
/// <param name="displayName">The display name for the new user</param>
|
||||
/// <returns>The created user response, or null if creation failed</returns>
|
||||
Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName);
|
||||
|
||||
/// <summary>
|
||||
/// Sends a password recovery email to the user.
|
||||
/// </summary>
|
||||
/// <param name="authentikUserId">The Authentik user ID (pk)</param>
|
||||
/// <returns>True if the email was sent successfully, false otherwise</returns>
|
||||
Task<bool> SendRecoveryEmailAsync(int authentikUserId);
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
using FictionArchive.Service.Shared.Services.EventBus;
|
||||
using FictionArchive.Service.UserService.Models.IntegrationEvents;
|
||||
using FictionArchive.Service.UserService.Models.Database;
|
||||
using Microsoft.EntityFrameworkCore; // Add this line to include the UserModel
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services.EventHandlers;
|
||||
|
||||
public class AuthUserAddedEventHandler : IIntegrationEventHandler<AuthUserAddedEvent>
|
||||
{
|
||||
private readonly UserManagementService _userManagementService;
|
||||
private readonly ILogger<AuthUserAddedEventHandler> _logger;
|
||||
|
||||
public AuthUserAddedEventHandler(UserServiceDbContext dbContext, ILogger<AuthUserAddedEventHandler> logger, UserManagementService userManagementService)
|
||||
{
|
||||
_logger = logger;
|
||||
_userManagementService = userManagementService;
|
||||
}
|
||||
|
||||
public async Task Handle(AuthUserAddedEvent @event)
|
||||
{
|
||||
await _userManagementService.RegisterUser(@event.EventUserUsername, @event.EventUserEmail, @event.OAuthProviderId, @event.InviterOAuthProviderId);
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
using FictionArchive.Service.UserService.Models.Database;
|
||||
using FictionArchive.Service.UserService.Services.AuthenticationClient;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace FictionArchive.Service.UserService.Services;
|
||||
@@ -7,37 +8,112 @@ public class UserManagementService
|
||||
{
|
||||
private readonly ILogger<UserManagementService> _logger;
|
||||
private readonly UserServiceDbContext _dbContext;
|
||||
private readonly IAuthenticationServiceClient _authClient;
|
||||
|
||||
public UserManagementService(UserServiceDbContext dbContext, ILogger<UserManagementService> logger)
|
||||
public UserManagementService(
|
||||
UserServiceDbContext dbContext,
|
||||
ILogger<UserManagementService> logger,
|
||||
IAuthenticationServiceClient authClient)
|
||||
{
|
||||
_dbContext = dbContext;
|
||||
_logger = logger;
|
||||
_authClient = authClient;
|
||||
}
|
||||
|
||||
public async Task<User> RegisterUser(string username, string email, string oAuthProviderId,
|
||||
string? inviterOAuthProviderId)
|
||||
/// <summary>
|
||||
/// Invites a new user by creating them in Authentik, saving to the database, and sending a recovery email.
|
||||
/// </summary>
|
||||
/// <param name="inviter">The user sending the invite</param>
|
||||
/// <param name="email">Email address of the invitee</param>
|
||||
/// <param name="username">Username for the invitee</param>
|
||||
/// <returns>The created user, or null if the invite failed</returns>
|
||||
public async Task<User?> InviteUserAsync(User inviter, string email, string username)
|
||||
{
|
||||
var newUser = new User();
|
||||
User? inviter =
|
||||
await _dbContext.Users.FirstOrDefaultAsync(user => user.OAuthProviderId == inviterOAuthProviderId);
|
||||
if (inviter == null && inviterOAuthProviderId != null)
|
||||
// Check if inviter has available invites
|
||||
if (inviter.AvailableInvites <= 0)
|
||||
{
|
||||
_logger.LogCritical(
|
||||
"A user with OAuthProviderId {OAuthProviderId} was marked as having inviter with OAuthProviderId {inviterOAuthProviderId}, but no user was found with that value.",
|
||||
inviterOAuthProviderId, inviterOAuthProviderId);
|
||||
newUser.Disabled = true;
|
||||
_logger.LogWarning("User {InviterId} has no available invites", inviter.Id);
|
||||
return null;
|
||||
}
|
||||
|
||||
newUser.Username = username;
|
||||
newUser.Email = email;
|
||||
newUser.OAuthProviderId = oAuthProviderId;
|
||||
// Check if email is already in use
|
||||
var existingUser = await _dbContext.Users
|
||||
.AsQueryable()
|
||||
.FirstOrDefaultAsync(u => u.Email == email);
|
||||
|
||||
if (existingUser != null)
|
||||
{
|
||||
_logger.LogWarning("Email {Email} is already in use", email);
|
||||
return null;
|
||||
}
|
||||
|
||||
// Check if username is already in use
|
||||
var existingUsername = await _dbContext.Users
|
||||
.AsQueryable()
|
||||
.FirstOrDefaultAsync(u => u.Username == username);
|
||||
|
||||
if (existingUsername != null)
|
||||
{
|
||||
_logger.LogWarning("Username {Username} is already in use", username);
|
||||
return null;
|
||||
}
|
||||
|
||||
// Create user in Authentik
|
||||
var authentikUser = await _authClient.CreateUserAsync(username, email, username);
|
||||
if (authentikUser == null)
|
||||
{
|
||||
_logger.LogError("Failed to create user {Username} in Authentik", username);
|
||||
return null;
|
||||
}
|
||||
|
||||
// Send recovery email via Authentik
|
||||
var emailSent = await _authClient.SendRecoveryEmailAsync(authentikUser.Pk);
|
||||
if (!emailSent)
|
||||
{
|
||||
_logger.LogWarning(
|
||||
"User {Username} was created in Authentik but recovery email failed to send. Authentik pk: {Pk}",
|
||||
username, authentikUser.Pk);
|
||||
// Continue anyway - the user is created, admin can resend email manually
|
||||
}
|
||||
|
||||
// Create user in local database
|
||||
var newUser = new User
|
||||
{
|
||||
Username = username,
|
||||
Email = email,
|
||||
OAuthProviderId = authentikUser.Uid,
|
||||
Disabled = false,
|
||||
AvailableInvites = 0,
|
||||
InviterId = inviter.Id
|
||||
};
|
||||
|
||||
_dbContext.Users.Add(newUser);
|
||||
|
||||
// Decrement inviter's available invites
|
||||
inviter.AvailableInvites--;
|
||||
|
||||
await _dbContext.SaveChangesAsync();
|
||||
|
||||
_logger.LogInformation(
|
||||
"User {Username} was successfully invited by {InviterId}. New user id: {NewUserId}",
|
||||
username, inviter.Id, newUser.Id);
|
||||
|
||||
_dbContext.Users.Add(newUser); // Add the new user to the DbContext
|
||||
await _dbContext.SaveChangesAsync(); // Save changes to the database
|
||||
|
||||
return newUser;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets a user by their OAuth provider ID (Authentik UID).
|
||||
/// </summary>
|
||||
public async Task<User?> GetUserByOAuthProviderIdAsync(string oAuthProviderId)
|
||||
{
|
||||
return await _dbContext.Users
|
||||
.AsQueryable()
|
||||
.FirstOrDefaultAsync(u => u.OAuthProviderId == oAuthProviderId);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets all users as a queryable for GraphQL.
|
||||
/// </summary>
|
||||
public IQueryable<User> GetUsers()
|
||||
{
|
||||
return _dbContext.Users.AsQueryable();
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace FictionArchive.Service.UserService.Services;
|
||||
public class UserServiceDbContext : FictionArchiveDbContext
|
||||
{
|
||||
public DbSet<User> Users { get; set; }
|
||||
|
||||
|
||||
public UserServiceDbContext(DbContextOptions options, ILogger<UserServiceDbContext> logger) : base(options, logger)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -12,6 +12,10 @@
|
||||
"ConnectionString": "amqp://localhost",
|
||||
"ClientIdentifier": "UserService"
|
||||
},
|
||||
"Authentik": {
|
||||
"BaseUrl": "https://auth.orfl.xyz",
|
||||
"ApiToken": "REPLACE_ME"
|
||||
},
|
||||
"AllowedHosts": "*",
|
||||
"OIDC": {
|
||||
"Authority": "https://auth.orfl.xyz/application/o/fiction-archive/",
|
||||
|
||||
Reference in New Issue
Block a user