feat: Add authentication — AccountController with cookie auth login/logout

2026-05-21 13:54:59 +10:00
parent 4fffec4919
commit 3bf91892f6
1 changed files with 63 additions and 0 deletions
@@ -0,0 +1,63 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Mvc;
+using System.Security.Claims;
+
+namespace NoticeBoard.Controllers;
+
+public class AccountController : Controller
+{
+    private readonly IConfiguration _config;
+
+    public AccountController(IConfiguration config)
+    {
+        _config = config;
+    }
+
+    [HttpGet]
+    public IActionResult Login(string? returnUrl = null)
+    {
+        if (User.Identity?.IsAuthenticated == true)
+            return RedirectToAction("Index", "Admin");
+
+        ViewBag.ReturnUrl = returnUrl;
+        return View();
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> Login(string username, string password, string? returnUrl = null)
+    {
+        var adminUser = _config["Admin:Username"] ?? "admin";
+        var adminPass = _config["Admin:Password"] ?? "admin";
+
+        if (username == adminUser && password == adminPass)
+        {
+            var claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.Name, username),
+                new Claim(ClaimTypes.Role, "Admin")
+            };
+
+            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+            var principal = new ClaimsPrincipal(identity);
+
+            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
+
+            if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
+                return Redirect(returnUrl);
+
+            return RedirectToAction("Index", "Admin");
+        }
+
+        ViewBag.Error = "Invalid username or password.";
+        ViewBag.ReturnUrl = returnUrl;
+        return View();
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> Logout()
+    {
+        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+        return RedirectToAction("Login");
+    }
+}