ibms-dome/Backend/Controllers/LoginController.cs

using Backend.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Repository.BackendRepository.Implement;
using Repository.BackendRepository.Interface;
using Serilog.Core;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Backend.Controllers
{
    public class LoginController : Controller
    {
        private readonly ILogger<LoginController> logger;
        private readonly IUserInfoRepository userInfoRepository;
        private readonly IBackendRepository backendRepository;

        public LoginController(ILogger<LoginController> logger, IUserInfoRepository userInfoRepository, IBackendRepository backendRepository)
        {
            this.logger = logger;
            this.userInfoRepository = userInfoRepository;
            this.backendRepository = backendRepository;
        }

        #region 本機測試
        [AllowAnonymous]
        [HttpGet("~/hello")]
        [Consumes("application/x-www-form-urlencoded")]
        public ActionResult hello()
        {
            return Ok(System.DateTime.Now.ToString() + "  OK !");

        }
        #endregion

        public IActionResult Index()
        {
            ViewBag.ProjectName = backendRepository.GetOneAsync<string>("select system_key from variable where deleted = 0 and system_type = 'project_name';").Result;
            return View();
        }

        /// <summary>
        /// 表單post提交，準備登入
        /// </summary>
        /// <param name="form"></param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> IndexAsync(LoginViewModel login)
        {
            if (!ModelState.IsValid)
            {
                return View();
            }

            UserInfo userInfo = null;
            EDFunction edFunction = new EDFunction();
            try
            {
                userInfo = await backendRepository.GetOneAsync<UserInfo>($"select * from userinfo where account = '{login.Account}' and deleted = 0");

                if (userInfo == null)
                {
                    ViewBag.errMsg = "帳號或密碼輸入錯誤";
                    return View();
                }

                string SHA256Pwd = edFunction.GetSHA256Encryption(login.Password);

                if (string.Compare(userInfo.Password, SHA256Pwd) != 0)
                {
                    ViewBag.errMsg = "帳號或密碼輸入錯誤";
                    return View();
                }
            }
            catch (Exception ex)
            {
                ViewBag.ErrMsg = "系統內部錯誤，請聯絡管理者。";
                string json = System.Text.Json.JsonSerializer.Serialize(login);
                logger.LogError("【Login/Index - 登入資訊】" + json);
                logger.LogError("【Login/Index】" + ex.Message);

                return View();
            }

            HttpContext.Session.SetString("MyAccount", edFunction.AESEncrypt(userInfo.Account)); //將帳號透過AES加密

            return RedirectToAction("Index", "Home");
        }

        /// <summary>
        /// 登出，Action 記得別加上[Authorize]，不管用戶是否登入，都可以執行SignOut
        /// </summary>
        /// <returns></returns>
        public IActionResult SignOut()
        {
            HttpContext.Session.Clear();

            return RedirectToAction("Index", "Login");//導至登入頁
        }

        /// <summary>
        /// 忘記密碼
        /// </summary>
        /// <returns></returns>
        public IActionResult ForgotPassword()
        {
            ViewBag.ProjectName = backendRepository.GetOneAsync<string>("select system_key from variable where deleted = 0 and system_type = 'project_name';").Result;
            return View("~/Views/Login/ForgotPassword.cshtml");
        }

        /// <summary>
        /// 取得新密碼
        /// </summary>
        /// <param name="form"></param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> ForgotPasswordAsync(ForgotPasswordViewModel forgot)
        {
            if (!ModelState.IsValid)
            {
                return View();
            }

            string sWhere = @"deleted = @Deleted AND email = @Email";
            object param = new { Deleted = 0, Email = forgot.Email };
            var user = await userInfoRepository.GetOneAsync<UserInfo>("userinfo", sWhere, param);

            if (user == null)
            {
                ViewBag.errMsg = "查無此信箱";
                return View();
            }

            //隨機產生亂數
            Random random = new Random((int)DateTime.Now.Ticks);
            const string chars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
            string random_password = new string(Enumerable.Repeat(chars, 8).Select(s => s[random.Next(chars.Length)]).ToArray());

            EDFunction edFunction = new EDFunction();

            var newPassword = edFunction.GetSHA256Encryption(random_password);

            Dictionary<string, object> updateUserPasswordDic = new Dictionary<string, object>()
            {
                { "@password", newPassword},
                { "@updated_at", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")},
            };

            await userInfoRepository.UpdateOneByCustomTable(updateUserPasswordDic, "userinfo", "userinfo_guid='" + user.Userinfo_guid + "'");

            //var sendSubject = "變更密碼成功";
            //var sendContent = $"您的新密碼為：{random_password}";

            //List<string> recipientEmails = new List<string>()
            //{
            //    user.Email
            //};

            //sendEmailService.Send(recipientEmails, sendSubject, sendContent);

            return RedirectToAction("Index", "Login");
        }

        /// <summary>
        /// 獲取專案名稱(東別)
        /// </summary>
        /// <returns></returns>
        [HttpPost]
        [Route("Variable/ProjectName")]
        public async Task<ApiResult<Variable>> ProjectName()
        {
            ApiResult<Variable> apiResult = new ApiResult<Variable>();

            try
            {
                var variable = await backendRepository.GetOneAsync<Variable>("select * from variable where deleted = 0 and system_type = 'project_name';");

                apiResult.Data = variable;
                apiResult.Code = "0000";
                apiResult.Msg = "成功";
            }
            catch (Exception exception)
            {
                apiResult.Code = "9999";
                apiResult.Msg = "系統內部錯誤，請聯絡管理者。";
                logger.LogError("【LogginController/ProjectName】" + exception.Message);
            }

            return apiResult;
        }
    }
}