Add auth service

2026-02-16 10:42:08 +00:00 · 2026-01-25 21:58:26 -05:00
parent 14cb05e992
commit a56ea77861
8 changed files with 183 additions and 1 deletions
--- a/Service/Service.Core/Services/AuthService.cs
+++ b/Service/Service.Core/Services/AuthService.cs
@@ -0,0 +1,48 @@
+using DataAccessLayer.Entities;
+using DataAccessLayer.Repositories.UserAccount;
+using DataAccessLayer.Repositories.UserCredential;
+
+namespace BusinessLayer.Services
+{
+    public class AuthService(IUserAccountRepository userRepo, IUserCredentialRepository credRepo) : IAuthService
+    {
+        public async Task<UserAccount> RegisterAsync(UserAccount userAccount, string password)
+        {
+            if (userAccount.UserAccountId == Guid.Empty)
+            {
+                userAccount.UserAccountId = Guid.NewGuid();
+            }
+
+            await userRepo.AddAsync(userAccount);
+
+            var credential = new UserCredential
+            {
+                UserAccountId = userAccount.UserAccountId,
+                Hash = PasswordHasher.Hash(password)
+            };
+
+            await credRepo.RotateCredentialAsync(userAccount.UserAccountId, credential);
+
+            return userAccount;
+        }
+
+        public async Task<bool> LoginAsync(string usernameOrEmail, string password)
+        {
+            // Attempt lookup by username, then email
+            var user = await userRepo.GetByUsernameAsync(usernameOrEmail) 
+                       ?? await userRepo.GetByEmailAsync(usernameOrEmail);
+
+            if (user is null) return false;
+
+            var activeCred = await credRepo.GetActiveCredentialByUserAccountIdAsync(user.UserAccountId);
+            if (activeCred is null) return false;
+
+            return PasswordHasher.Verify(password, activeCred.Hash);
+        }
+
+        public async Task InvalidateAsync(Guid userAccountId)
+        {
+            await credRepo.InvalidateCredentialsByUserAccountIdAsync(userAccountId);
+        }
+    }
+}
--- a/Service/Service.Core/Services/IAuthService.cs
+++ b/Service/Service.Core/Services/IAuthService.cs
@@ -0,0 +1,11 @@
+using DataAccessLayer.Entities;
+
+namespace BusinessLayer.Services
+{
+    public interface IAuthService
+    {
+        Task<UserAccount> RegisterAsync(UserAccount userAccount, string password);
+        Task<bool> LoginAsync(string usernameOrEmail, string password);
+        Task InvalidateAsync(Guid userAccountId);
+    }
+}
--- a/Service/Service.Core/Services/IUserService.cs
+++ b/Service/Service.Core/Services/IUserService.cs
@@ -6,5 +6,9 @@ namespace BusinessLayer.Services
    {
        Task<IEnumerable<UserAccount>> GetAllAsync(int? limit = null, int? offset = null);
        Task<UserAccount?> GetByIdAsync(Guid id);
+
+        Task AddAsync(UserAccount userAccount);
+
+        Task UpdateAsync(UserAccount userAccount);
    }
 }
--- a/Service/Service.Core/Services/PasswordHasher.cs
+++ b/Service/Service.Core/Services/PasswordHasher.cs
@@ -0,0 +1,56 @@
+using System.Security.Cryptography;
+using System.Text;
+using Konscious.Security.Cryptography;
+
+namespace BusinessLayer.Services
+{
+    public static class PasswordHasher
+    {
+        private const int SaltSize = 16; // 128-bit
+        private const int HashSize = 32; // 256-bit
+        private const int ArgonIterations = 4;
+        private const int ArgonMemoryKb = 65536; // 64MB
+
+        public static string Hash(string password)
+        {
+            var salt = RandomNumberGenerator.GetBytes(SaltSize);
+            var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
+            {
+                Salt = salt,
+                DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
+                MemorySize = ArgonMemoryKb,
+                Iterations = ArgonIterations
+            };
+
+            var hash = argon2.GetBytes(HashSize);
+            return $"{Convert.ToBase64String(salt)}:{Convert.ToBase64String(hash)}";
+        }
+
+        public static bool Verify(string password, string stored)
+        {
+            try
+            {
+                var parts = stored.Split(':', StringSplitOptions.RemoveEmptyEntries);
+                if (parts.Length != 2) return false;
+
+                var salt = Convert.FromBase64String(parts[0]);
+                var expected = Convert.FromBase64String(parts[1]);
+
+                var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
+                {
+                    Salt = salt,
+                    DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
+                    MemorySize = ArgonMemoryKb,
+                    Iterations = ArgonIterations
+                };
+
+                var actual = argon2.GetBytes(expected.Length);
+                return CryptographicOperations.FixedTimeEquals(actual, expected);
+            }
+            catch
+            {
+                return false;
+            }
+        }
+    }
+}
--- a/Service/Service.Core/Services/UserService.cs
+++ b/Service/Service.Core/Services/UserService.cs
@@ -15,5 +15,15 @@ namespace BusinessLayer.Services
        {
            return await repository.GetByIdAsync(id);
        }
+
+        public async Task AddAsync(UserAccount userAccount)
+        {
+            await repository.AddAsync(userAccount);
+        }
+
+        public async Task UpdateAsync(UserAccount userAccount)
+        {
+            await repository.UpdateAsync(userAccount);
+        }
    }
 }