using Microsoft.AspNetCore.Mvc; using StockMaster.Services; using StockMaster.ViewModels; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using System.Security.Claims; using System.Threading.Tasks; using System.Collections.Generic; namespace StockMaster.Controllers { public class AccountController : Controller { private readonly IAuthService _authService; public AccountController(IAuthService authService) { _authService = authService; } [HttpGet] public IActionResult Login() { if (User.Identity.IsAuthenticated) { return RedirectToAction("Index", "Home"); } return View(); } [HttpPost] public async Task Login(LoginViewModel model) { if (!ModelState.IsValid) return View(model); var user = await _authService.AuthenticateAsync(model.Username, model.Password); if (user == null) { ModelState.AddModelError("", "Invalid username or password"); return View(model); } var claims = new List { new Claim(ClaimTypes.Name, user.Username), new Claim(ClaimTypes.Role, user.Role), new Claim("UserId", user.UserId.ToString()), new Claim("FullName", user.FullName) }; var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity)); HttpContext.Session.SetInt32("UserId", user.UserId); HttpContext.Session.SetString("Username", user.Username); HttpContext.Session.SetString("Role", user.Role); HttpContext.Session.SetString("FullName", user.FullName); return RedirectToAction("Index", "Home"); } public async Task Logout() { HttpContext.Session.Clear(); await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return RedirectToAction("Login"); } } }