dmolinari/MotoresArgentinosV2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Galeria Movil, Contactos, Estado de Verificación de Mail al Cambiar Clave y Otros.

Browse Source
This commit is contained in:
dmolinari
2026-02-18 21:00:35 -03:00
parent 5a7c3f62f1
commit ba9b0b3547
6 changed files with 71 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
Backend/MotoresArgentinosV2.API/Controllers/AuthController.cs
View File

@@ -11,7 +11,6 @@ namespace MotoresArgentinosV2.API.Controllers;
[ApiController]
[Route("api/[controller]")]
[EnableRateLimiting("AuthPolicy")]
public class AuthController : ControllerBase
{
private readonly IIdentityService _identityService;
@@ -28,12 +27,12 @@ public class AuthController : ControllerBase
}
// Helper privado para cookies
private void SetTokenCookie(string token, string cookieName)
private void SetTokenCookie(string token, string cookieName, DateTime expires)
{
var cookieOptions = new CookieOptions
{
HttpOnly = true, // Seguridad: JS no puede leer esto
Expires = DateTime.UtcNow.AddMinutes(15),
Expires = expires,
Secure = true, // Solo HTTPS (Para tests locales 'Secure = false' temporalmente)
SameSite = SameSiteMode.Strict, // Protección CSRF (Strict para máxima seguridad, pero puede ser Lax si hay problemas con redirecciones y testeos locales)
IsEssential = true
@@ -42,7 +41,7 @@ public class AuthController : ControllerBase
}
[HttpPost("login")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO (5 intentos/min)
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> Login([FromBody] LoginRequest request)
{
var (user, message) = await _identityService.AuthenticateAsync(request.Username, request.Password);
@@ -89,8 +88,10 @@ public class AuthController : ControllerBase
await _context.SaveChangesAsync();
// 3. Setear Cookies
SetTokenCookie(jwtToken, "accessToken");
SetTokenCookie(refreshToken.Token, "refreshToken");
// El AccessToken dura 60 min (coincide con JWT)
SetTokenCookie(jwtToken, "accessToken", DateTime.UtcNow.AddMinutes(60));
// El RefreshToken dura 7 días (coincide con DB)
SetTokenCookie(refreshToken.Token, "refreshToken", DateTime.UtcNow.AddDays(7));
// 4. Audit Log
_context.AuditLogs.Add(new AuditLog
@@ -122,7 +123,6 @@ public class AuthController : ControllerBase
}
[HttpPost("refresh-token")]
// NO PROTEGIDO ESTRICTAMENTE (Usa límite global)
public async Task<IActionResult> RefreshToken()
{
var refreshToken = Request.Cookies["refreshToken"];
@@ -154,14 +154,14 @@ public class AuthController : ControllerBase
var newJwtToken = _tokenService.GenerateJwtToken(user);
// Actualizar Cookies
SetTokenCookie(newJwtToken, "accessToken");
SetTokenCookie(newRefreshToken.Token, "refreshToken");
SetTokenCookie(newJwtToken, "accessToken", DateTime.UtcNow.AddMinutes(60));
// El refresh token DEBE durar 7 días para mantener la sesión viva
SetTokenCookie(newRefreshToken.Token, "refreshToken", DateTime.UtcNow.AddDays(7));
return Ok(new { message = "Token renovado" });
}
[HttpPost("logout")]
// NO PROTEGIDO ESTRICTAMENTE
public IActionResult Logout()
{
Response.Cookies.Delete("accessToken");
@@ -287,8 +287,8 @@ public class AuthController : ControllerBase
await _context.SaveChangesAsync();
// Setear Cookies Seguras
SetTokenCookie(token, "accessToken");
SetTokenCookie(refreshToken.Token, "refreshToken");
SetTokenCookie(token, "accessToken", DateTime.UtcNow.AddMinutes(60));
SetTokenCookie(refreshToken.Token, "refreshToken", DateTime.UtcNow.AddDays(7));
_context.AuditLogs.Add(new AuditLog
{
@@ -386,7 +386,7 @@ public class AuthController : ControllerBase
}
[HttpPost("register")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> Register([FromBody] RegisterRequest request)
{
var (success, message) = await _identityService.RegisterUserAsync(request);
@@ -407,7 +407,7 @@ public class AuthController : ControllerBase
}
[HttpPost("verify-email")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> VerifyEmail([FromBody] VerifyEmailRequest request)
{
var (success, message) = await _identityService.VerifyEmailAsync(request.Token);
@@ -428,7 +428,7 @@ public class AuthController : ControllerBase
}
[HttpPost("resend-verification")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> ResendVerification([FromBody] ResendVerificationRequest request)
{
var (success, message) = await _identityService.ResendVerificationEmailAsync(request.Email);
@@ -437,7 +437,7 @@ public class AuthController : ControllerBase
}
[HttpPost("forgot-password")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> ForgotPassword([FromBody] ForgotPasswordRequest request)
{
var (success, message) = await _identityService.ForgotPasswordAsync(request.Email);
@@ -452,7 +452,7 @@ public class AuthController : ControllerBase
}
[HttpPost("reset-password")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> ResetPassword([FromBody] ResetPasswordRequest request)
{
var (success, message) = await _identityService.ResetPasswordAsync(request.Token, request.NewPassword);
@@ -474,7 +474,7 @@ public class AuthController : ControllerBase
[Authorize]
[HttpPost("change-password")]
[EnableRateLimiting("AuthPolicy")] // PROTEGIDO
[EnableRateLimiting("AuthPolicy")]
public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest request)
{
var userId = int.Parse(User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value ?? "0");