many fixes and improvements - rework for modules/ and common/

feat(emailer): add Postmark and Resend providers
2025-06-06 12:21:43 -04:00
parent 31ba18fa8d
commit 25b94d3e02
313 changed files with 6586 additions and 18260 deletions
--- a/backend/Modules/Identity/Handlers/RefreshToken.cs
+++ b/backend/Modules/Identity/Handlers/RefreshToken.cs
@@ -0,0 +1,71 @@
+using Hutopy.Infrastructure.Security;
+using Hutopy.Modules.Identity.Configuration;
+using Hutopy.Modules.Identity.Data;
+using Microsoft.Extensions.Options;
+
+namespace Hutopy.Modules.Identity.Handlers;
+
+[PublicAPI]
+public record RefreshTokenRequest(
+    string RefreshToken);
+
+[PublicAPI]
+public record RefreshTokenResponse(
+    string AccessToken,
+    string RefreshToken);
+
+[PublicAPI]
+public class RefreshTokenHandler(
+    UserManager userManager,
+    IOptionsSnapshot<JwtOptions> jwtOptions)
+    : Endpoint<RefreshTokenRequest, RefreshTokenResponse>
+{
+    public override void Configure()
+    {
+        AllowAnonymous();
+        Post("/api/users/refresh");
+        Options(o => o.WithTags("Users"));
+    }
+
+    public override async Task HandleAsync(
+        RefreshTokenRequest request,
+        CancellationToken ct)
+    {
+        // Find the user using the refresh token
+        var user = await userManager.Users
+            .FirstOrDefaultAsync(u => u.RefreshToken == request.RefreshToken, ct);
+
+        if (user == null || user.RefreshTokenExpiryTime <= DateTime.UtcNow)
+        {
+            await SendUnauthorizedAsync(ct);
+            return;
+        }
+
+        // Generate a new refresh token if rotation is required
+        if (jwtOptions.Value.RefreshTokenRequireRotation || user.RefreshToken is null)
+        {
+            user.RefreshToken = RefreshTokenGenerator.Next();
+        }
+
+        // Update refresh token expiry time
+        user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime);
+        await userManager.UpdateAsync(user);
+
+        // Generate a new access token
+        var accessToken = JwtTokenHelper.GenerateJwtToken(
+            expiresIn: jwtOptions.Value.Lifetime,
+            issuer: jwtOptions.Value.Issuer,
+            audience: jwtOptions.Value.Audience,
+            key: jwtOptions.Value.Key,
+            userId: user.Id.ToString(),
+            email: user.Email ?? string.Empty,
+            alias: user.Alias,
+            firstname: user.Firstname ?? string.Empty,
+            lastname: user.Lastname ?? string.Empty,
+            portraitUrl: user.PortraitUrl);
+
+        await SendOkAsync(
+            new RefreshTokenResponse(accessToken, user.RefreshToken),
+            cancellation: ct);
+    }
+}