Added hopframe backend

SpotiParty.Web/Services/AuthorizationHandler.cs

@@ -1,10 +1,11 @@
 using Microsoft.AspNetCore.Components;
+using Microsoft.EntityFrameworkCore;
 using SpotifyAPI.Web;
 using SpotiParty.Web.Models;
 
 namespace SpotiParty.Web.Services;
 
-public sealed class AuthorizationHandler(NavigationManager navigator, DatabaseContext context) {
+public sealed class AuthorizationHandler(NavigationManager navigator, DatabaseContext context, ClientSideStorage storage) {
 
     private async Task<(string clientId, string clientSecret)> GetClientSecrets() {
         var fileLines = await File.ReadAllLinesAsync(Path.Combine(Environment.CurrentDirectory, ".dev-token"));
@@ -45,13 +46,25 @@ public sealed class AuthorizationHandler(NavigationManager navigator, DatabaseCo
 
         var client = new SpotifyClient(response.AccessToken);
         var spotiUser = await client.UserProfile.Current();
-        var user = new User {
-            DisplayName = spotiUser.DisplayName,
-            RefreshToken = response.RefreshToken
-        };
 
-        await context.Users.AddAsync(user);
-        await context.SaveChangesAsync();
+        var user = await context.Users.FirstOrDefaultAsync(u => u.SpotifyUserId == spotiUser.Id);
+        if (user is null) {
+            user = new User {
+                DisplayName = spotiUser.DisplayName,
+                RefreshToken = response.RefreshToken,
+                SpotifyUserId = spotiUser.Id,
+                IsAdmin = await context.Users.CountAsync() == 0
+            };
+
+            await context.Users.AddAsync(user);
+            await context.SaveChangesAsync();
+        }
+        else {
+            user.RefreshToken = response.RefreshToken;
+            await context.SaveChangesAsync();
+        }
+        
+        storage.SaveUserToken(response.RefreshToken);
     }
     
 }

SpotiParty.Web/Services/ClientSideStorage.cs

@@ -0,0 +1,19 @@
+namespace SpotiParty.Web.Services;
+
+public class ClientSideStorage(IHttpContextAccessor accessor) {
+
+    private const string AuthCookieName = "RefreshToken";
+
+    public void SaveUserToken(string token) {
+        accessor.HttpContext?.Response.Cookies.Append(AuthCookieName, token);
+    }
+
+    public string? GetUserToken() {
+        return accessor.HttpContext?.Request.Cookies[AuthCookieName];
+    }
+
+    public void DeleteUserToken() {
+        accessor.HttpContext?.Response.Cookies.Delete(AuthCookieName);
+    }
+    
+}

SpotiParty.Web/Services/DashboardAuthHandler.cs

@@ -0,0 +1,37 @@
+using HopFrame.Core.Services;
+using Microsoft.EntityFrameworkCore;
+
+namespace SpotiParty.Web.Services;
+
+public class DashboardAuthHandler(ClientSideStorage storage, IDbContextFactory<DatabaseContext> contextFactory) : IHopFrameAuthHandler {
+
+    public const string AdminPolicy = "ADMIN";
+    
+    public async Task<bool> IsAuthenticatedAsync(string? policy) {
+        var token = storage.GetUserToken();
+        if (string.IsNullOrWhiteSpace(token))
+            return false;
+
+        await using var context = await contextFactory.CreateDbContextAsync();
+        var user = await context.Users.AsNoTracking().FirstOrDefaultAsync(u => u.RefreshToken == token);
+        if (user is null) return false;
+
+        if (policy == AdminPolicy) {
+            return user.IsAdmin;
+        }
+
+        return true;
+    }
+    
+    public async Task<string> GetCurrentUserDisplayNameAsync() {
+        var token = storage.GetUserToken();
+        if (string.IsNullOrWhiteSpace(token))
+            return string.Empty;
+        
+        await using var context = await contextFactory.CreateDbContextAsync();
+        var user = await context.Users.AsNoTracking().FirstOrDefaultAsync(u => u.RefreshToken == token);
+        if (user is null) return string.Empty;
+
+        return user.DisplayName;
+    }
+}