Repo restructuring

src/Core/Service/Service.Core/Service.Core.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <RootNamespace>BusinessLayer</RootNamespace>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Konscious.Security.Cryptography.Argon2" Version="1.3.1" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Repository\Repository.Core\Repository.Core.csproj" />
+  </ItemGroup>
+</Project>

src/Core/Service/Service.Core/Services/AuthService.cs

@@ -0,0 +1,48 @@
+using DataAccessLayer.Entities;
+using DataAccessLayer.Repositories.UserAccount;
+using DataAccessLayer.Repositories.UserCredential;
+
+namespace BusinessLayer.Services
+{
+    public class AuthService(IUserAccountRepository userRepo, IUserCredentialRepository credRepo) : IAuthService
+    {
+        public async Task<UserAccount> RegisterAsync(UserAccount userAccount, string password)
+        {
+            if (userAccount.UserAccountId == Guid.Empty)
+            {
+                userAccount.UserAccountId = Guid.NewGuid();
+            }
+
+            await userRepo.AddAsync(userAccount);
+
+            var credential = new UserCredential
+            {
+                UserAccountId = userAccount.UserAccountId,
+                Hash = PasswordHasher.Hash(password)
+            };
+
+            await credRepo.RotateCredentialAsync(userAccount.UserAccountId, credential);
+
+            return userAccount;
+        }
+
+        public async Task<bool> LoginAsync(string usernameOrEmail, string password)
+        {
+            // Attempt lookup by username, then email
+            var user = await userRepo.GetByUsernameAsync(usernameOrEmail) 
+                       ?? await userRepo.GetByEmailAsync(usernameOrEmail);
+
+            if (user is null) return false;
+
+            var activeCred = await credRepo.GetActiveCredentialByUserAccountIdAsync(user.UserAccountId);
+            if (activeCred is null) return false;
+
+            return PasswordHasher.Verify(password, activeCred.Hash);
+        }
+
+        public async Task InvalidateAsync(Guid userAccountId)
+        {
+            await credRepo.InvalidateCredentialsByUserAccountIdAsync(userAccountId);
+        }
+    }
+}

src/Core/Service/Service.Core/Services/IAuthService.cs

@@ -0,0 +1,11 @@
+using DataAccessLayer.Entities;
+
+namespace BusinessLayer.Services
+{
+    public interface IAuthService
+    {
+        Task<UserAccount> RegisterAsync(UserAccount userAccount, string password);
+        Task<bool> LoginAsync(string usernameOrEmail, string password);
+        Task InvalidateAsync(Guid userAccountId);
+    }
+}

src/Core/Service/Service.Core/Services/IUserService.cs

@@ -0,0 +1,14 @@
+using DataAccessLayer.Entities;
+
+namespace BusinessLayer.Services
+{
+    public interface IUserService
+    {
+        Task<IEnumerable<UserAccount>> GetAllAsync(int? limit = null, int? offset = null);
+        Task<UserAccount?> GetByIdAsync(Guid id);
+
+        Task AddAsync(UserAccount userAccount);
+
+        Task UpdateAsync(UserAccount userAccount);
+    }
+}

src/Core/Service/Service.Core/Services/PasswordHasher.cs

@@ -0,0 +1,56 @@
+using System.Security.Cryptography;
+using System.Text;
+using Konscious.Security.Cryptography;
+
+namespace BusinessLayer.Services
+{
+    public static class PasswordHasher
+    {
+        private const int SaltSize = 16; // 128-bit
+        private const int HashSize = 32; // 256-bit
+        private const int ArgonIterations = 4;
+        private const int ArgonMemoryKb = 65536; // 64MB
+
+        public static string Hash(string password)
+        {
+            var salt = RandomNumberGenerator.GetBytes(SaltSize);
+            var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
+            {
+                Salt = salt,
+                DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
+                MemorySize = ArgonMemoryKb,
+                Iterations = ArgonIterations
+            };
+
+            var hash = argon2.GetBytes(HashSize);
+            return $"{Convert.ToBase64String(salt)}:{Convert.ToBase64String(hash)}";
+        }
+
+        public static bool Verify(string password, string stored)
+        {
+            try
+            {
+                var parts = stored.Split(':', StringSplitOptions.RemoveEmptyEntries);
+                if (parts.Length != 2) return false;
+
+                var salt = Convert.FromBase64String(parts[0]);
+                var expected = Convert.FromBase64String(parts[1]);
+
+                var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
+                {
+                    Salt = salt,
+                    DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
+                    MemorySize = ArgonMemoryKb,
+                    Iterations = ArgonIterations
+                };
+
+                var actual = argon2.GetBytes(expected.Length);
+                return CryptographicOperations.FixedTimeEquals(actual, expected);
+            }
+            catch
+            {
+                return false;
+            }
+        }
+    }
+}

src/Core/Service/Service.Core/Services/UserService.cs

@@ -0,0 +1,29 @@
+using DataAccessLayer.Entities;
+using DataAccessLayer.Repositories;
+using DataAccessLayer.Repositories.UserAccount;
+
+namespace BusinessLayer.Services
+{
+    public class UserService(IUserAccountRepository repository) : IUserService
+    {
+        public async Task<IEnumerable<UserAccount>> GetAllAsync(int? limit = null, int? offset = null)
+        {
+            return await repository.GetAllAsync(limit, offset);
+        }
+
+        public async Task<UserAccount?> GetByIdAsync(Guid id)
+        {
+            return await repository.GetByIdAsync(id);
+        }
+
+        public async Task AddAsync(UserAccount userAccount)
+        {
+            await repository.AddAsync(userAccount);
+        }
+
+        public async Task UpdateAsync(UserAccount userAccount)
+        {
+            await repository.UpdateAsync(userAccount);
+        }
+    }
+}