Add auth service

Service/Service.Core/Services/AuthService.cs

@@ -0,0 +1,48 @@
+using DataAccessLayer.Entities;
+using DataAccessLayer.Repositories.UserAccount;
+using DataAccessLayer.Repositories.UserCredential;
+
+namespace BusinessLayer.Services
+{
+    public class AuthService(IUserAccountRepository userRepo, IUserCredentialRepository credRepo) : IAuthService
+    {
+        public async Task<UserAccount> RegisterAsync(UserAccount userAccount, string password)
+        {
+            if (userAccount.UserAccountId == Guid.Empty)
+            {
+                userAccount.UserAccountId = Guid.NewGuid();
+            }
+
+            await userRepo.AddAsync(userAccount);
+
+            var credential = new UserCredential
+            {
+                UserAccountId = userAccount.UserAccountId,
+                Hash = PasswordHasher.Hash(password)
+            };
+
+            await credRepo.RotateCredentialAsync(userAccount.UserAccountId, credential);
+
+            return userAccount;
+        }
+
+        public async Task<bool> LoginAsync(string usernameOrEmail, string password)
+        {
+            // Attempt lookup by username, then email
+            var user = await userRepo.GetByUsernameAsync(usernameOrEmail) 
+                       ?? await userRepo.GetByEmailAsync(usernameOrEmail);
+
+            if (user is null) return false;
+
+            var activeCred = await credRepo.GetActiveCredentialByUserAccountIdAsync(user.UserAccountId);
+            if (activeCred is null) return false;
+
+            return PasswordHasher.Verify(password, activeCred.Hash);
+        }
+
+        public async Task InvalidateAsync(Guid userAccountId)
+        {
+            await credRepo.InvalidateCredentialsByUserAccountIdAsync(userAccountId);
+        }
+    }
+}