[FA-55] User Service backend initial setup

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikAddUserRequest.cs

@@ -0,0 +1,21 @@
+using System.Text.Json.Serialization;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikAddUserRequest
+{
+    [JsonPropertyName("username")]
+    public required string Username { get; set; }
+
+    [JsonPropertyName("name")]
+    public required string DisplayName { get; set; }
+
+    [JsonPropertyName("email")]
+    public required string Email { get; set; }
+
+    [JsonPropertyName("is_active")]
+    public bool IsActive { get; set; } = true;
+
+    [JsonPropertyName("type")]
+    public string Type { get; } = "external";
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikClient.cs

@@ -0,0 +1,78 @@
+using System.Net.Http.Json;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikClient : IAuthenticationServiceClient
+{
+    private readonly HttpClient _httpClient;
+    private readonly ILogger<AuthentikClient> _logger;
+
+    public AuthentikClient(HttpClient httpClient, ILogger<AuthentikClient> logger)
+    {
+        _httpClient = httpClient;
+        _logger = logger;
+    }
+
+    public async Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName)
+    {
+        var request = new AuthentikAddUserRequest
+        {
+            Username = username,
+            Email = email,
+            DisplayName = displayName,
+            IsActive = true
+        };
+
+        try
+        {
+            var response = await _httpClient.PostAsJsonAsync("/api/v3/core/users/", request);
+
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorContent = await response.Content.ReadAsStringAsync();
+                _logger.LogError(
+                    "Failed to create user in Authentik. Status: {StatusCode}, Error: {Error}",
+                    response.StatusCode, errorContent);
+                return null;
+            }
+
+            var userResponse = await response.Content.ReadFromJsonAsync<AuthentikUserResponse>();
+            _logger.LogInformation("Successfully created user {Username} in Authentik with pk {Pk}",
+                username, userResponse?.Pk);
+
+            return userResponse;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Exception while creating user {Username} in Authentik", username);
+            return null;
+        }
+    }
+
+    public async Task<bool> SendRecoveryEmailAsync(int authentikUserId)
+    {
+        try
+        {
+            var response = await _httpClient.PostAsync(
+                $"/api/v3/core/users/{authentikUserId}/recovery_email/",
+                null);
+
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorContent = await response.Content.ReadAsStringAsync();
+                _logger.LogError(
+                    "Failed to send recovery email for user {UserId}. Status: {StatusCode}, Error: {Error}",
+                    authentikUserId, response.StatusCode, errorContent);
+                return false;
+            }
+
+            _logger.LogInformation("Successfully sent recovery email to Authentik user {UserId}", authentikUserId);
+            return true;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Exception while sending recovery email to Authentik user {UserId}", authentikUserId);
+            return false;
+        }
+    }
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikConfiguration.cs

@@ -0,0 +1,7 @@
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikConfiguration
+{
+    public string BaseUrl { get; set; } = string.Empty;
+    public string ApiToken { get; set; } = string.Empty;
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikUserResponse.cs

@@ -0,0 +1,27 @@
+using System.Text.Json.Serialization;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikUserResponse
+{
+    [JsonPropertyName("pk")]
+    public int Pk { get; set; }
+
+    [JsonPropertyName("username")]
+    public string Username { get; set; } = string.Empty;
+
+    [JsonPropertyName("name")]
+    public string Name { get; set; } = string.Empty;
+
+    [JsonPropertyName("email")]
+    public string Email { get; set; } = string.Empty;
+
+    [JsonPropertyName("is_active")]
+    public bool IsActive { get; set; }
+
+    [JsonPropertyName("is_superuser")]
+    public bool IsSuperuser { get; set; }
+
+    [JsonPropertyName("uid")]
+    public string Uid { get; set; } = string.Empty;
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/IAuthenticationServiceClient.cs

@@ -0,0 +1,22 @@
+using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient;
+
+public interface IAuthenticationServiceClient
+{
+    /// <summary>
+    /// Creates a new user in the authentication provider.
+    /// </summary>
+    /// <param name="username">The username for the new user</param>
+    /// <param name="email">The email address for the new user</param>
+    /// <param name="displayName">The display name for the new user</param>
+    /// <returns>The created user response, or null if creation failed</returns>
+    Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName);
+
+    /// <summary>
+    /// Sends a password recovery email to the user.
+    /// </summary>
+    /// <param name="authentikUserId">The Authentik user ID (pk)</param>
+    /// <returns>True if the email was sent successfully, false otherwise</returns>
+    Task<bool> SendRecoveryEmailAsync(int authentikUserId);
+}

FictionArchive.Service.UserService/Services/EventHandlers/AuthUserAddedEventHandler.cs

@@ -1,23 +0,0 @@
-using FictionArchive.Service.Shared.Services.EventBus;
-using FictionArchive.Service.UserService.Models.IntegrationEvents;
-using FictionArchive.Service.UserService.Models.Database;
-using Microsoft.EntityFrameworkCore; // Add this line to include the UserModel
-
-namespace FictionArchive.Service.UserService.Services.EventHandlers;
-
-public class AuthUserAddedEventHandler : IIntegrationEventHandler<AuthUserAddedEvent>
-{
-    private readonly UserManagementService _userManagementService;
-    private readonly ILogger<AuthUserAddedEventHandler> _logger;
-
-    public AuthUserAddedEventHandler(UserServiceDbContext dbContext, ILogger<AuthUserAddedEventHandler> logger, UserManagementService userManagementService)
-    {
-        _logger = logger;
-        _userManagementService = userManagementService;
-    }
-
-    public async Task Handle(AuthUserAddedEvent @event)
-    {
-        await _userManagementService.RegisterUser(@event.EventUserUsername, @event.EventUserEmail, @event.OAuthProviderId, @event.InviterOAuthProviderId);
-    }
-}

FictionArchive.Service.UserService/Services/UserManagementService.cs

@@ -1,4 +1,5 @@
 using FictionArchive.Service.UserService.Models.Database;
+using FictionArchive.Service.UserService.Services.AuthenticationClient;
 using Microsoft.EntityFrameworkCore;
 
 namespace FictionArchive.Service.UserService.Services;
@@ -7,37 +8,112 @@ public class UserManagementService
 {
     private readonly ILogger<UserManagementService> _logger;
     private readonly UserServiceDbContext _dbContext;
+    private readonly IAuthenticationServiceClient _authClient;
 
-    public UserManagementService(UserServiceDbContext dbContext, ILogger<UserManagementService> logger)
+    public UserManagementService(
+        UserServiceDbContext dbContext,
+        ILogger<UserManagementService> logger,
+        IAuthenticationServiceClient authClient)
     {
         _dbContext = dbContext;
         _logger = logger;
+        _authClient = authClient;
     }
 
-    public async Task<User> RegisterUser(string username, string email, string oAuthProviderId,
-        string? inviterOAuthProviderId)
+    /// <summary>
+    /// Invites a new user by creating them in Authentik, saving to the database, and sending a recovery email.
+    /// </summary>
+    /// <param name="inviter">The user sending the invite</param>
+    /// <param name="email">Email address of the invitee</param>
+    /// <param name="username">Username for the invitee</param>
+    /// <returns>The created user, or null if the invite failed</returns>
+    public async Task<User?> InviteUserAsync(User inviter, string email, string username)
     {
-        var newUser = new User();
-        User? inviter =
-            await _dbContext.Users.FirstOrDefaultAsync(user => user.OAuthProviderId == inviterOAuthProviderId);
-        if (inviter == null && inviterOAuthProviderId != null)
+        // Check if inviter has available invites
+        if (inviter.AvailableInvites <= 0)
         {
-            _logger.LogCritical(
-                "A user with OAuthProviderId {OAuthProviderId} was marked as having inviter with OAuthProviderId {inviterOAuthProviderId}, but no user was found with that value.",
-                inviterOAuthProviderId, inviterOAuthProviderId);
-            newUser.Disabled = true;
+            _logger.LogWarning("User {InviterId} has no available invites", inviter.Id);
+            return null;
         }
 
-        newUser.Username = username;
-        newUser.Email = email;
-        newUser.OAuthProviderId = oAuthProviderId;
+        // Check if email is already in use
+        var existingUser = await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.Email == email);
+
+        if (existingUser != null)
+        {
+            _logger.LogWarning("Email {Email} is already in use", email);
+            return null;
+        }
+
+        // Check if username is already in use
+        var existingUsername = await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.Username == username);
+
+        if (existingUsername != null)
+        {
+            _logger.LogWarning("Username {Username} is already in use", username);
+            return null;
+        }
+
+        // Create user in Authentik
+        var authentikUser = await _authClient.CreateUserAsync(username, email, username);
+        if (authentikUser == null)
+        {
+            _logger.LogError("Failed to create user {Username} in Authentik", username);
+            return null;
+        }
+
+        // Send recovery email via Authentik
+        var emailSent = await _authClient.SendRecoveryEmailAsync(authentikUser.Pk);
+        if (!emailSent)
+        {
+            _logger.LogWarning(
+                "User {Username} was created in Authentik but recovery email failed to send. Authentik pk: {Pk}",
+                username, authentikUser.Pk);
+            // Continue anyway - the user is created, admin can resend email manually
+        }
+
+        // Create user in local database
+        var newUser = new User
+        {
+            Username = username,
+            Email = email,
+            OAuthProviderId = authentikUser.Uid,
+            Disabled = false,
+            AvailableInvites = 0,
+            InviterId = inviter.Id
+        };
+
+        _dbContext.Users.Add(newUser);
+
+        // Decrement inviter's available invites
+        inviter.AvailableInvites--;
+
+        await _dbContext.SaveChangesAsync();
+
+        _logger.LogInformation(
+            "User {Username} was successfully invited by {InviterId}. New user id: {NewUserId}",
+            username, inviter.Id, newUser.Id);
 
-        _dbContext.Users.Add(newUser); // Add the new user to the DbContext
-        await _dbContext.SaveChangesAsync(); // Save changes to the database
-        
         return newUser;
     }
 
+    /// <summary>
+    /// Gets a user by their OAuth provider ID (Authentik UID).
+    /// </summary>
+    public async Task<User?> GetUserByOAuthProviderIdAsync(string oAuthProviderId)
+    {
+        return await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.OAuthProviderId == oAuthProviderId);
+    }
+
+    /// <summary>
+    /// Gets all users as a queryable for GraphQL.
+    /// </summary>
     public IQueryable<User> GetUsers()
     {
         return _dbContext.Users.AsQueryable();

FictionArchive.Service.UserService/Services/UserServiceDbContext.cs

@@ -7,7 +7,7 @@ namespace FictionArchive.Service.UserService.Services;
 public class UserServiceDbContext : FictionArchiveDbContext
 {
     public DbSet<User> Users { get; set; }
-    
+
     public UserServiceDbContext(DbContextOptions options, ILogger<UserServiceDbContext> logger) : base(options, logger)
     {
     }