Chris Chen
40 lines
1.5 KiB
C#
40 lines
1.5 KiB
C#
using ROLAC.API.DTOs.Auth;
|
|
using ROLAC.API.Entities;
|
|
|
|
namespace ROLAC.API.Services;
|
|
|
|
public interface IAuthService
|
|
{
|
|
/// <summary>
|
|
/// Validates credentials and returns a new access token plus the raw refresh token
|
|
/// that must be stored in an HttpOnly cookie by the caller.
|
|
/// Throws <see cref="UnauthorizedAccessException"/> on any auth failure.
|
|
/// </summary>
|
|
Task<(LoginResponse Response, string RawRefreshToken)> LoginAsync(
|
|
LoginRequest request,
|
|
string? ipAddress = null,
|
|
string? deviceInfo = null);
|
|
|
|
/// <summary>
|
|
/// Validates a raw refresh token, revokes it, and issues a new token pair (rotation).
|
|
/// Throws <see cref="UnauthorizedAccessException"/> if the token is not found,
|
|
/// expired, or already revoked.
|
|
/// </summary>
|
|
Task<(LoginResponse Response, string RawRefreshToken)> RefreshAsync(
|
|
string rawRefreshToken,
|
|
string? ipAddress = null);
|
|
|
|
/// <summary>
|
|
/// Revokes the refresh token identified by its raw value.
|
|
/// Silently succeeds if the token is not found.
|
|
/// </summary>
|
|
Task LogoutAsync(string rawRefreshToken);
|
|
|
|
/// <summary>
|
|
/// Builds the UserInfo payload (identity, roles, and effective permissions) for an
|
|
/// already-authenticated user. Used by GET /api/auth/me to refresh permissions
|
|
/// after an admin edits the matrix, without forcing a re-login.
|
|
/// </summary>
|
|
Task<UserInfo> BuildUserInfoAsync(AppUser user, IList<string> roles);
|
|
}
|