Daniel Elliott
e03c1d9856
Features: - Login page with username/email + password - Registration page for new accounts - Logout functionality - Cookie-based authentication (30-day sessions) - Auto-redirect to login for unauthorized access - User dropdown in navbar with logout link Security: - All admin pages now require authentication - [Authorize] attribute on all admin PageModels - Redirect to /Login if not authenticated - Auto-login after registration UI: - Beautiful gradient login/register pages - Consistent styling with admin panel - User info displayed in navbar - Logout link in dropdown menu Starting resources for new users: - 100,000 Gold - 500,000 Cash - Level 1 - Full admin panel access Ready for production deployment!
87 lines
2.6 KiB
C#
87 lines
2.6 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.RazorPages;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using System.Security.Claims;
|
|
using RR3CommunityServer.Services;
|
|
using RR3CommunityServer.Models;
|
|
|
|
namespace RR3CommunityServer.Pages;
|
|
|
|
public class LoginModel : PageModel
|
|
{
|
|
private readonly IAuthService _authService;
|
|
private readonly ILogger<LoginModel> _logger;
|
|
|
|
public LoginModel(IAuthService authService, ILogger<LoginModel> logger)
|
|
{
|
|
_authService = authService;
|
|
_logger = logger;
|
|
}
|
|
|
|
[BindProperty]
|
|
public string Username { get; set; } = string.Empty;
|
|
|
|
[BindProperty]
|
|
public string Password { get; set; } = string.Empty;
|
|
|
|
public string? ErrorMessage { get; set; }
|
|
|
|
public void OnGet()
|
|
{
|
|
// If already logged in, redirect to admin panel
|
|
if (User.Identity?.IsAuthenticated == true)
|
|
{
|
|
Response.Redirect("/admin");
|
|
}
|
|
}
|
|
|
|
public async Task<IActionResult> OnPostAsync()
|
|
{
|
|
if (string.IsNullOrWhiteSpace(Username) || string.IsNullOrWhiteSpace(Password))
|
|
{
|
|
ErrorMessage = "Username and password are required";
|
|
return Page();
|
|
}
|
|
|
|
var loginRequest = new LoginRequest
|
|
{
|
|
UsernameOrEmail = Username,
|
|
Password = Password
|
|
};
|
|
|
|
var (success, response, error) = await _authService.LoginAsync(loginRequest);
|
|
|
|
if (!success || response == null)
|
|
{
|
|
ErrorMessage = error ?? "Invalid username or password";
|
|
_logger.LogWarning("Failed login attempt for: {Username}", Username);
|
|
return Page();
|
|
}
|
|
|
|
// Create authentication cookie
|
|
var claims = new List<Claim>
|
|
{
|
|
new Claim(ClaimTypes.NameIdentifier, response.AccountId.ToString()),
|
|
new Claim(ClaimTypes.Name, response.Username),
|
|
new Claim(ClaimTypes.Email, response.Email)
|
|
};
|
|
|
|
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
|
var authProperties = new AuthenticationProperties
|
|
{
|
|
IsPersistent = true, // Remember me
|
|
ExpiresUtc = response.ExpiresAt
|
|
};
|
|
|
|
await HttpContext.SignInAsync(
|
|
CookieAuthenticationDefaults.AuthenticationScheme,
|
|
new ClaimsPrincipal(claimsIdentity),
|
|
authProperties);
|
|
|
|
_logger.LogInformation("User logged in to admin panel: {Username}", response.Username);
|
|
|
|
return RedirectToPage("/Admin");
|
|
}
|
|
}
|