emall-api/FutureMailAPI/Controllers/AuthController.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using FutureMailAPI.Services;
using FutureMailAPI.DTOs;
using FutureMailAPI.Extensions;

namespace FutureMailAPI.Controllers
{
    [ApiController]
    [Route("api/v1/auth")]
    public class AuthController : ControllerBase
    {
        private readonly IAuthService _authService;
        private readonly ILogger<AuthController> _logger;
        
        public AuthController(IAuthService authService, ILogger<AuthController> logger)
        {
            _authService = authService;
            _logger = logger;
        }
        
        [HttpPost("register")]
        [AllowAnonymous]
        public async Task<ActionResult<ApiResponse<AuthResponseDto>>> Register([FromBody] UserRegisterDto registerDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ApiResponse<AuthResponseDto>.ErrorResult("输入数据无效"));
            }
            
            var result = await _authService.RegisterAsync(registerDto);
            
            if (!result.Success)
            {
                return BadRequest(result);
            }
            
            return Ok(result);
        }
        
        [HttpPost("login")]
        [AllowAnonymous]
        public async Task<ActionResult<ApiResponse<AuthResponseDto>>> Login([FromBody] UserLoginDto loginDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ApiResponse<AuthResponseDto>.ErrorResult("输入数据无效"));
            }
            
            var result = await _authService.LoginAsync(loginDto);
            
            if (!result.Success)
            {
                return BadRequest(result);
            }
            
            return Ok(result);
        }
        
        [HttpPost("refresh")]
        [AllowAnonymous]
        public async Task<ActionResult<ApiResponse<AuthResponseDto>>> RefreshToken([FromBody] RefreshTokenRequestDto request)
        {
            if (request == null || string.IsNullOrEmpty(request.Token))
            {
                return BadRequest(ApiResponse<AuthResponseDto>.ErrorResult("令牌不能为空"));
            }
            
            // 使用OAuth刷新令牌
            var tokenResult = await _authService.RefreshTokenAsync(request.Token);
            
            if (!tokenResult.Success)
            {
                return BadRequest(ApiResponse<AuthResponseDto>.ErrorResult(tokenResult.Message));
            }
            
            // 创建认证响应DTO
            var authResponse = new AuthResponseDto
            {
                Token = tokenResult.Data,
                Expires = DateTime.UtcNow.AddHours(1) // OAuth访问令牌默认1小时过期
            };
            
            return Ok(ApiResponse<AuthResponseDto>.SuccessResult(authResponse, "令牌刷新成功"));
        }
        
        [HttpPost("logout")]
        public async Task<ActionResult<ApiResponse<bool>>> Logout()
        {
            // 从JWT令牌中获取当前用户ID
            var currentUserId = GetCurrentUserId();
            
            if (currentUserId == null)
            {
                return Unauthorized(ApiResponse<bool>.ErrorResult("未授权访问"));
            }
            
            // 这里可以实现令牌黑名单或其他注销逻辑
            // 目前只返回成功响应
            return Ok(ApiResponse<bool>.SuccessResult(true));
        }
        
        private int? GetCurrentUserId()
        {
            // 从OAuth中间件获取用户ID
            var userId = HttpContext.GetCurrentUserId();
            if (userId.HasValue)
            {
                return userId.Value;
            }
            
            // 兼容旧的JWT方式
            var userIdClaim = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier);
            
            if (userIdClaim == null || !int.TryParse(userIdClaim.Value, out var jwtUserId))
            {
                return null;
            }
            
            return jwtUserId;
        }
    }
}