AuthController with rate limiting and logging2

anisjellazi · anisjellazi · commit d33a844f2910 · 2025-02-04T21:00:24.000+01:00
diff --git a/Streetcode/Streetcode.WebApi/Controllers/Authentication/AuthController.cs b/Streetcode/Streetcode.WebApi/Controllers/Authentication/AuthController.cs
@@ -1,44 +1,94 @@
-﻿🛠️ Refactor suggestion
+﻿using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.RateLimiting;
+using Microsoft.Extensions.Logging;
+using Streetcode.BLL.DTO.Authentication.Login;
+using Streetcode.BLL.DTO.Authentication.RefreshToken;
+using Streetcode.BLL.DTO.Authentication.Register;
+using Streetcode.BLL.MediatR.Authentication.Login;
+using Streetcode.BLL.MediatR.Authentication.LoginGoogle;
+using Streetcode.BLL.MediatR.Authentication.Logout;
+using Streetcode.BLL.MediatR.Authentication.RefreshToken;
+using Streetcode.BLL.MediatR.Authentication.Register;
 
-Implement consistent security measures across the controller.
+namespace Streetcode.WebApi.Controllers.Authentication
+{
+    [ApiController]
+    [EnableRateLimiting("api")] // Apply rate limiting to all endpoints
+    [Route("api/[controller]")]
+    public class AuthController : BaseApiController
+    {
+        private readonly ILogger<AuthController> _logger;
 
-Consider applying these security measures controller-wide:
+        public AuthController(ILogger<AuthController> logger)
+        {
+            _logger = logger;
+        }
 
-    CSRF protection for all state-changing operations
-    Rate limiting for all public endpoints
-    Consistent error handling and logging strategy
+        [HttpPost("login")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(LoginResponseDTO))]
+        public async Task<IActionResult> Login([FromBody] LoginRequestDTO loginDTO)
+        {
+            _logger.LogInformation("Login attempt for user: {Email}", loginDTO.Email);
+            return HandleResult(await Mediator.Send(new LoginQuery(loginDTO)));
+        }
 
-Example implementation:
+        [HttpPost("register")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(RegisterResponseDTO))]
+        public async Task<IActionResult> Register([FromBody] RegisterRequestDTO registerDTO)
+        {
+            _logger.LogInformation("New user registration attempt: {Email}", registerDTO.Email);
+            return HandleResult(await Mediator.Send(new RegisterQuery(registerDTO)));
+        }
 
- [ApiController]
-+[ValidateAntiForgeryToken]  // Apply to all POST endpoints
-+[EnableRateLimiting("api")] // Configure different limits per endpoint in Program.cs
- public class AuthController : BaseApiController
- {
-+    private readonly ILogger<AuthController> _logger;
-+
-+    public AuthController(ILogger<AuthController> logger)
-+    {
-+        _logger = logger;
-+    }
+        [HttpPost("refresh-token")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(RefreshTokenResponceDTO))]
+        public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDTO token)
+        {
+            _logger.LogInformation("Refresh token attempt.");
+            return HandleResult(await Mediator.Send(new RefreshTokenQuery(token)));
+        }
 
-📝 Committable suggestion
+        [Authorize]
+        [HttpPost("logout")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public async Task<IActionResult> Logout()
+        {
+            var userId = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
 
-    ‼️ IMPORTANT
-    Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
+            if (string.IsNullOrEmpty(userId))
+            {
+                _logger.LogWarning("Unauthorized logout attempt.");
+                return Unauthorized("User is not authenticated.");
+            }
 
-Suggested change
-    [ApiController]
-    public class AuthController : BaseApiController
-    {
-    [ApiController]
-    [ValidateAntiForgeryToken]  // Apply to all POST endpoints
-    [EnableRateLimiting("api")] // Configure different limits per endpoint in Program.cs
-    public class AuthController : BaseApiController
-    {
-        private readonly ILogger<AuthController> _logger;
-        
-        public AuthController(ILogger<AuthController> logger)
+            var result = await Mediator.Send(new LogoutCommand(userId));
+
+            if (result.IsFailed)
+            {
+                _logger.LogError("Logout failed for user: {UserId}", userId);
+                return BadRequest(result.Errors.First().Message);
+            }
+
+            _logger.LogInformation("User {UserId} logged out successfully.", userId);
+            return Ok("Logout successful. Refresh token invalidated.");
+        }
+
+        [HttpPost("google-login")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(LoginResponseDTO))]
+        public async Task<IActionResult> GoogleLogin([FromBody] string idToken)
         {
-            _logger = logger;
-        }
+            _logger.LogInformation("Google login attempt.");
+            var result = await Mediator.Send(new LoginGoogleQuery(idToken));
+
+            if (result.IsSuccess)
+            {
+                return Ok(result.Value);
+            }
+
+            _logger.LogWarning("Google login failed.");
+            return Unauthorized(new { message = result.Errors.FirstOrDefault()?.Message });
+        }
+    }
+}
