refactor(auth): migrate Auth module from feature to core package
- Reorganized `auth-feature` into `core/auth` to improve architecture and modularity. - Removed unused PKCE and OAuth callback utilities (`AuthCallbackParams`, `OAuthPkceService`). - Updated imports and adjusted build scripts to reflect new module structure. - Refactored `LoginScreen` and `PingScreen` to include `onBack` functionality in top bars for improved navigation. - Corrected sync endpoint in `PingSyncService`.
This commit is contained in:
@@ -0,0 +1,82 @@
|
||||
import org.jetbrains.kotlin.gradle.dsl.JvmTarget
|
||||
|
||||
plugins {
|
||||
alias(libs.plugins.kotlinMultiplatform)
|
||||
alias(libs.plugins.composeMultiplatform)
|
||||
alias(libs.plugins.composeCompiler)
|
||||
alias(libs.plugins.kotlinSerialization)
|
||||
}
|
||||
|
||||
group = "at.mocode.frontend.core"
|
||||
version = "1.0.0"
|
||||
|
||||
kotlin {
|
||||
jvm()
|
||||
|
||||
js {
|
||||
browser {
|
||||
testTask {
|
||||
enabled = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sourceSets {
|
||||
commonMain.dependencies {
|
||||
// UI Kit (Design System)
|
||||
implementation(projects.frontend.core.designSystem)
|
||||
|
||||
// Shared Konfig & Utilities
|
||||
implementation(projects.frontend.shared)
|
||||
|
||||
// Network core (provides apiClient + TokenProvider interface)
|
||||
implementation(projects.frontend.core.network)
|
||||
|
||||
// Compose dependencies
|
||||
implementation(compose.runtime)
|
||||
implementation(compose.foundation)
|
||||
implementation(compose.material3)
|
||||
implementation(compose.ui)
|
||||
implementation(compose.components.resources)
|
||||
implementation(compose.materialIconsExtended)
|
||||
|
||||
// Bundles
|
||||
implementation(libs.bundles.kmp.common)
|
||||
implementation(libs.bundles.ktor.client.common)
|
||||
implementation(libs.bundles.compose.common)
|
||||
|
||||
// DI
|
||||
implementation(libs.koin.core)
|
||||
}
|
||||
|
||||
commonTest.dependencies {
|
||||
implementation(libs.kotlin.test)
|
||||
implementation(libs.kotlinx.coroutines.test)
|
||||
implementation(libs.ktor.client.mock)
|
||||
}
|
||||
|
||||
jvmTest.dependencies {
|
||||
implementation(libs.mockk)
|
||||
implementation(projects.platform.platformTesting)
|
||||
implementation(libs.bundles.testing.jvm)
|
||||
}
|
||||
|
||||
jvmMain.dependencies {
|
||||
implementation(libs.ktor.client.cio)
|
||||
}
|
||||
|
||||
jsMain.dependencies {
|
||||
implementation(libs.ktor.client.js)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
|
||||
compilerOptions {
|
||||
jvmTarget.set(JvmTarget.JVM_25)
|
||||
freeCompilerArgs.addAll(
|
||||
"-opt-in=kotlin.RequiresOptIn",
|
||||
"-Xexpect-actual-classes"
|
||||
)
|
||||
}
|
||||
}
|
||||
+192
@@ -0,0 +1,192 @@
|
||||
package at.mocode.frontend.core.auth.data
|
||||
|
||||
import at.mocode.shared.core.AppConstants
|
||||
import io.ktor.client.*
|
||||
import io.ktor.client.call.*
|
||||
import io.ktor.client.request.forms.*
|
||||
import io.ktor.http.*
|
||||
import kotlinx.serialization.Serializable
|
||||
|
||||
/**
|
||||
* Data classes for authentication API communication
|
||||
*/
|
||||
@Serializable
|
||||
data class LoginRequest(
|
||||
val username: String,
|
||||
val password: String
|
||||
)
|
||||
|
||||
@Serializable
|
||||
data class LoginResponse(
|
||||
val success: Boolean,
|
||||
val token: String? = null,
|
||||
val message: String? = null,
|
||||
val userId: String? = null,
|
||||
val username: String? = null
|
||||
)
|
||||
|
||||
/**
|
||||
* HTTP client for authentication API calls
|
||||
*/
|
||||
class AuthApiClient(
|
||||
private val httpClient: HttpClient,
|
||||
// Keycloak Basis-URL (z. B. http://localhost:8180)
|
||||
private val keycloakBaseUrl: String = AppConstants.KEYCLOAK_URL,
|
||||
// Realm-Name in Keycloak
|
||||
private val realm: String = AppConstants.KEYCLOAK_REALM,
|
||||
// Client-ID (Public Client empfohlen für Frontend-Flows)
|
||||
private val clientId: String = AppConstants.KEYCLOAK_CLIENT_ID,
|
||||
// Optional: Client-Secret (nur bei vertraulichen Clients erforderlich)
|
||||
private val clientSecret: String? = null
|
||||
) {
|
||||
|
||||
/**
|
||||
* Authenticate user with username and password
|
||||
*/
|
||||
suspend fun login(username: String, password: String): LoginResponse {
|
||||
val tokenEndpoint = "$keycloakBaseUrl/realms/$realm/protocol/openid-connect/token"
|
||||
return try {
|
||||
val response = httpClient.submitForm(
|
||||
url = tokenEndpoint,
|
||||
formParameters = Parameters.build {
|
||||
append("grant_type", "password")
|
||||
append("client_id", clientId)
|
||||
if (!clientSecret.isNullOrBlank()) {
|
||||
append("client_secret", clientSecret)
|
||||
}
|
||||
append("username", username)
|
||||
append("password", password)
|
||||
}
|
||||
) {
|
||||
// Explicit: URL-encoded Form
|
||||
contentType(ContentType.Application.FormUrlEncoded)
|
||||
}
|
||||
|
||||
if (response.status.isSuccess()) {
|
||||
val kc = response.body<KeycloakTokenResponse>()
|
||||
LoginResponse(
|
||||
success = true,
|
||||
token = kc.access_token,
|
||||
message = null,
|
||||
userId = null,
|
||||
username = username
|
||||
)
|
||||
} else {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Login fehlgeschlagen: HTTP ${response.status.value}"
|
||||
)
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Verbindungsfehler: ${e.message}"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Exchange an authorization code (PKCE) for tokens
|
||||
*/
|
||||
suspend fun exchangeAuthorizationCode(code: String, codeVerifier: String, redirectUri: String): LoginResponse {
|
||||
val tokenEndpoint = "$keycloakBaseUrl/realms/$realm/protocol/openid-connect/token"
|
||||
return try {
|
||||
val response = httpClient.submitForm(
|
||||
url = tokenEndpoint,
|
||||
formParameters = Parameters.build {
|
||||
append("grant_type", "authorization_code")
|
||||
append("client_id", clientId)
|
||||
if (!clientSecret.isNullOrBlank()) {
|
||||
append("client_secret", clientSecret)
|
||||
}
|
||||
append("code", code)
|
||||
append("code_verifier", codeVerifier)
|
||||
append("redirect_uri", redirectUri)
|
||||
}
|
||||
) {
|
||||
contentType(ContentType.Application.FormUrlEncoded)
|
||||
}
|
||||
|
||||
if (response.status.isSuccess()) {
|
||||
val kc = response.body<KeycloakTokenResponse>()
|
||||
LoginResponse(
|
||||
success = true,
|
||||
token = kc.access_token,
|
||||
message = null
|
||||
)
|
||||
} else {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Code-Exchange fehlgeschlagen: HTTP ${'$'}{response.status.value}"
|
||||
)
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Code-Exchange Fehler: ${'$'}{e.message}"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Refresh authentication token
|
||||
*/
|
||||
suspend fun refreshToken(refreshToken: String): LoginResponse {
|
||||
val tokenEndpoint = "$keycloakBaseUrl/realms/$realm/protocol/openid-connect/token"
|
||||
return try {
|
||||
val response = httpClient.submitForm(
|
||||
url = tokenEndpoint,
|
||||
formParameters = Parameters.build {
|
||||
append("grant_type", "refresh_token")
|
||||
append("client_id", clientId)
|
||||
if (!clientSecret.isNullOrBlank()) {
|
||||
append("client_secret", clientSecret)
|
||||
}
|
||||
append("refresh_token", refreshToken)
|
||||
}
|
||||
) {
|
||||
contentType(ContentType.Application.FormUrlEncoded)
|
||||
}
|
||||
|
||||
if (response.status.isSuccess()) {
|
||||
val kc = response.body<KeycloakTokenResponse>()
|
||||
LoginResponse(
|
||||
success = true,
|
||||
token = kc.access_token,
|
||||
message = null
|
||||
)
|
||||
} else {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Token refresh fehlgeschlagen: HTTP ${response.status.value}"
|
||||
)
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
LoginResponse(
|
||||
success = false,
|
||||
message = "Token refresh Fehler: ${e.message}"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout and invalidate token
|
||||
*/
|
||||
suspend fun logout(token: String): Boolean {
|
||||
// Empfehlung: Frontend-seitig Token lokal verwerfen.
|
||||
// Optional könnten hier Keycloak-Endpoints für Token-Revocation aufgerufen werden.
|
||||
return true
|
||||
}
|
||||
|
||||
@Serializable
|
||||
private data class KeycloakTokenResponse(
|
||||
val access_token: String,
|
||||
val expires_in: Long? = null,
|
||||
val refresh_expires_in: Long? = null,
|
||||
val refresh_token: String? = null,
|
||||
val token_type: String? = null,
|
||||
val not_before_policy: Long? = null,
|
||||
val session_state: String? = null,
|
||||
val scope: String? = null
|
||||
)
|
||||
}
|
||||
+338
@@ -0,0 +1,338 @@
|
||||
package at.mocode.frontend.core.auth.data
|
||||
|
||||
import kotlinx.coroutines.flow.MutableStateFlow
|
||||
import kotlinx.coroutines.flow.StateFlow
|
||||
import kotlinx.coroutines.flow.asStateFlow
|
||||
import kotlinx.serialization.Serializable
|
||||
import kotlinx.serialization.json.Json
|
||||
import kotlin.io.encoding.Base64
|
||||
import kotlin.io.encoding.ExperimentalEncodingApi
|
||||
import kotlin.time.ExperimentalTime
|
||||
|
||||
/**
|
||||
* Client-side permission enumeration that mirrors server-side BerechtigungE
|
||||
*/
|
||||
@Serializable
|
||||
enum class Permission {
|
||||
// Person management
|
||||
PERSON_READ,
|
||||
PERSON_CREATE,
|
||||
PERSON_UPDATE,
|
||||
PERSON_DELETE,
|
||||
|
||||
// Club management
|
||||
VEREIN_READ,
|
||||
VEREIN_CREATE,
|
||||
VEREIN_UPDATE,
|
||||
VEREIN_DELETE,
|
||||
|
||||
// Event management
|
||||
VERANSTALTUNG_READ,
|
||||
VERANSTALTUNG_CREATE,
|
||||
VERANSTALTUNG_UPDATE,
|
||||
VERANSTALTUNG_DELETE,
|
||||
|
||||
// Horse management
|
||||
PFERD_READ,
|
||||
PFERD_CREATE,
|
||||
PFERD_UPDATE,
|
||||
PFERD_DELETE
|
||||
}
|
||||
|
||||
/**
|
||||
* JWT token payload for basic validation and permissions extraction
|
||||
*/
|
||||
@Serializable
|
||||
data class JwtPayload(
|
||||
val sub: String? = null, // User ID
|
||||
val username: String? = null, // Username
|
||||
val exp: Long? = null, // Expiration timestamp
|
||||
val iat: Long? = null, // Issued at timestamp
|
||||
val iss: String? = null, // Issuer
|
||||
val permissions: List<String>? = null // Permissions array
|
||||
)
|
||||
|
||||
/**
|
||||
* Authentication state
|
||||
*/
|
||||
data class AuthState(
|
||||
val isAuthenticated: Boolean = false,
|
||||
val token: String? = null,
|
||||
val userId: String? = null,
|
||||
val username: String? = null,
|
||||
val permissions: List<Permission> = emptyList()
|
||||
)
|
||||
|
||||
/**
|
||||
* Secure in-memory JWT token manager
|
||||
*
|
||||
* For web clients, storing tokens in memory is the most secure approach
|
||||
* to prevent XSS attacks. The token is lost when the browser tab is closed
|
||||
* or refreshed, requiring re-authentication.
|
||||
*/
|
||||
class AuthTokenManager {
|
||||
|
||||
private var currentToken: String? = null
|
||||
private var tokenPayload: JwtPayload? = null
|
||||
|
||||
private val _authState = MutableStateFlow(AuthState())
|
||||
val authState: StateFlow<AuthState> = _authState.asStateFlow()
|
||||
|
||||
/**
|
||||
* Store JWT token in memory
|
||||
*/
|
||||
fun setToken(token: String) {
|
||||
currentToken = token
|
||||
tokenPayload = parseJwtPayload(token)
|
||||
|
||||
// Parse permissions from token payload
|
||||
val permissions = tokenPayload?.permissions?.mapNotNull { permissionString ->
|
||||
try {
|
||||
Permission.valueOf(permissionString)
|
||||
} catch (e: IllegalArgumentException) {
|
||||
// Ignore unknown permissions
|
||||
null
|
||||
}
|
||||
} ?: emptyList()
|
||||
|
||||
_authState.value = AuthState(
|
||||
isAuthenticated = true,
|
||||
token = token,
|
||||
userId = tokenPayload?.sub,
|
||||
username = tokenPayload?.username,
|
||||
permissions = permissions
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Get current JWT token
|
||||
*/
|
||||
fun getToken(): String? = currentToken
|
||||
|
||||
/**
|
||||
* Check if we have a valid (non-expired) token
|
||||
*/
|
||||
@OptIn(ExperimentalTime::class)
|
||||
fun hasValidToken(): Boolean {
|
||||
val token = currentToken ?: return false
|
||||
val payload = tokenPayload ?: return false
|
||||
|
||||
// Check expiration
|
||||
val expiration = payload.exp ?: return false
|
||||
val currentTime = kotlin.time.Clock.System.now().epochSeconds
|
||||
|
||||
return currentTime < expiration
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear token from memory (logout)
|
||||
*/
|
||||
fun clearToken() {
|
||||
currentToken = null
|
||||
tokenPayload = null
|
||||
|
||||
_authState.value = AuthState()
|
||||
}
|
||||
|
||||
/**
|
||||
* Get user ID from token
|
||||
*/
|
||||
fun getUserId(): String? = tokenPayload?.sub
|
||||
|
||||
/**
|
||||
* Get username from token
|
||||
*/
|
||||
fun getUsername(): String? = tokenPayload?.username
|
||||
|
||||
/**
|
||||
* Get current user permissions
|
||||
*/
|
||||
fun getPermissions(): List<Permission> = _authState.value.permissions
|
||||
|
||||
/**
|
||||
* Check if user has a specific permission
|
||||
*/
|
||||
fun hasPermission(permission: Permission): Boolean {
|
||||
return _authState.value.permissions.contains(permission)
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user has any of the specified permissions
|
||||
*/
|
||||
fun hasAnyPermission(vararg permissions: Permission): Boolean {
|
||||
return permissions.any { _authState.value.permissions.contains(it) }
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user has all of the specified permissions
|
||||
*/
|
||||
fun hasAllPermissions(vararg permissions: Permission): Boolean {
|
||||
return permissions.all { _authState.value.permissions.contains(it) }
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user can perform read operations
|
||||
*/
|
||||
fun canRead(): Boolean {
|
||||
return hasAnyPermission(
|
||||
Permission.PERSON_READ,
|
||||
Permission.VEREIN_READ,
|
||||
Permission.VERANSTALTUNG_READ,
|
||||
Permission.PFERD_READ
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user can perform create operations
|
||||
*/
|
||||
fun canCreate(): Boolean {
|
||||
return hasAnyPermission(
|
||||
Permission.PERSON_CREATE,
|
||||
Permission.VEREIN_CREATE,
|
||||
Permission.VERANSTALTUNG_CREATE,
|
||||
Permission.PFERD_CREATE
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user can perform update operations
|
||||
*/
|
||||
fun canUpdate(): Boolean {
|
||||
return hasAnyPermission(
|
||||
Permission.PERSON_UPDATE,
|
||||
Permission.VEREIN_UPDATE,
|
||||
Permission.VERANSTALTUNG_UPDATE,
|
||||
Permission.PFERD_UPDATE
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user can perform delete operations (admin-level)
|
||||
*/
|
||||
fun canDelete(): Boolean {
|
||||
return hasAnyPermission(
|
||||
Permission.PERSON_DELETE,
|
||||
Permission.VEREIN_DELETE,
|
||||
Permission.VERANSTALTUNG_DELETE,
|
||||
Permission.PFERD_DELETE
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user is admin (has delete permissions)
|
||||
*/
|
||||
fun isAdmin(): Boolean = canDelete()
|
||||
|
||||
/**
|
||||
* Check if token expires within specified minutes
|
||||
*/
|
||||
@OptIn(ExperimentalTime::class)
|
||||
fun isTokenExpiringSoon(minutesThreshold: Int = 5): Boolean {
|
||||
val payload = tokenPayload ?: return false
|
||||
val expiration = payload.exp ?: return false
|
||||
val currentTime = kotlin.time.Clock.System.now().epochSeconds
|
||||
val thresholdTime = currentTime + (minutesThreshold * 60)
|
||||
|
||||
return expiration <= thresholdTime
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse JWT payload for basic validation and user info extraction
|
||||
* Note: This is for client-side info extraction only, not security validation
|
||||
*/
|
||||
@OptIn(ExperimentalEncodingApi::class)
|
||||
private fun parseJwtPayload(token: String): JwtPayload? {
|
||||
return try {
|
||||
val parts = token.split(".")
|
||||
if (parts.size != 3) return null
|
||||
|
||||
// Decode the payload (second part)
|
||||
val payloadJson = Base64.decode(parts[1]).decodeToString()
|
||||
|
||||
// First try to parse with standard approach
|
||||
val basicPayload = try {
|
||||
Json.decodeFromString<JwtPayload>(payloadJson)
|
||||
} catch (e: Exception) {
|
||||
// If that fails, extract manually
|
||||
null
|
||||
}
|
||||
|
||||
// If basic parsing succeeded and has permissions, return it
|
||||
if (basicPayload != null && basicPayload.permissions != null) {
|
||||
return basicPayload
|
||||
}
|
||||
|
||||
// Otherwise, extract permissions manually from JSON string
|
||||
val permissions = extractPermissionsFromJson(payloadJson)
|
||||
|
||||
// Return payload with manually extracted permissions
|
||||
JwtPayload(
|
||||
sub = basicPayload?.sub,
|
||||
username = basicPayload?.username,
|
||||
exp = basicPayload?.exp,
|
||||
iat = basicPayload?.iat,
|
||||
iss = basicPayload?.iss,
|
||||
permissions = permissions
|
||||
)
|
||||
} catch (e: Exception) {
|
||||
// Failed to parse - token might be invalid format
|
||||
null
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract permissions array from JSON string using simple string parsing
|
||||
*/
|
||||
private fun extractPermissionsFromJson(jsonString: String): List<String>? {
|
||||
return try {
|
||||
// Simple regex to find permissions array
|
||||
val permissionsRegex = """"permissions":\s*\[(.*?)\]""".toRegex()
|
||||
val match = permissionsRegex.find(jsonString)
|
||||
|
||||
match?.let {
|
||||
val permissionsContent = it.groupValues[1]
|
||||
if (permissionsContent.isBlank()) return emptyList()
|
||||
|
||||
// Extract individual permission strings
|
||||
val permissions = permissionsContent
|
||||
.split(",")
|
||||
.mapNotNull { permission ->
|
||||
permission.trim()
|
||||
.removePrefix("\"")
|
||||
.removeSuffix("\"")
|
||||
.takeIf { it.isNotBlank() }
|
||||
}
|
||||
permissions
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
null
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get token with Bearer prefix for HTTP headers
|
||||
*/
|
||||
fun getBearerToken(): String? {
|
||||
val token = getToken() ?: return null
|
||||
return "Bearer $token"
|
||||
}
|
||||
|
||||
/**
|
||||
* Refresh token if needed based on expiry
|
||||
*/
|
||||
suspend fun refreshTokenIfNeeded(authApiClient: AuthApiClient): Boolean {
|
||||
if (!isTokenExpiringSoon()) return true
|
||||
|
||||
val currentToken = getToken() ?: return false
|
||||
|
||||
val refreshResponse = authApiClient.refreshToken(currentToken)
|
||||
if (refreshResponse.success && refreshResponse.token != null) {
|
||||
setToken(refreshResponse.token)
|
||||
return true
|
||||
}
|
||||
|
||||
// Refresh failed, clear token
|
||||
clearToken()
|
||||
return false
|
||||
}
|
||||
}
|
||||
+38
@@ -0,0 +1,38 @@
|
||||
package at.mocode.frontend.core.auth.di
|
||||
|
||||
import at.mocode.frontend.core.auth.data.AuthApiClient
|
||||
import at.mocode.frontend.core.auth.data.AuthTokenManager
|
||||
import at.mocode.frontend.core.auth.presentation.LoginViewModel
|
||||
import at.mocode.frontend.core.network.TokenProvider
|
||||
import at.mocode.shared.core.AppConstants
|
||||
import org.koin.core.qualifier.named
|
||||
import org.koin.dsl.module
|
||||
|
||||
/**
|
||||
* Koin module for core-auth: provides AuthTokenManager and binds it as TokenProvider for apiClient.
|
||||
*/
|
||||
val authModule = module {
|
||||
// Single in-memory token manager
|
||||
single { AuthTokenManager() }
|
||||
|
||||
// AuthApiClient with injected apiClient and DEV client secret
|
||||
single {
|
||||
AuthApiClient(
|
||||
httpClient = get(named("apiClient")),
|
||||
clientSecret = AppConstants.KEYCLOAK_CLIENT_SECRET
|
||||
)
|
||||
}
|
||||
|
||||
// LoginViewModel
|
||||
factory { LoginViewModel(get(), get(), get(named("apiClient"))) }
|
||||
|
||||
// Bridge to core network TokenProvider without adding a hard dependency there
|
||||
single<TokenProvider> {
|
||||
object : TokenProvider {
|
||||
override fun getAccessToken(): String? {
|
||||
val token = get<AuthTokenManager>().getToken()
|
||||
return token
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+143
@@ -0,0 +1,143 @@
|
||||
package at.mocode.frontend.core.auth.presentation
|
||||
|
||||
import androidx.compose.foundation.layout.*
|
||||
import androidx.compose.foundation.text.KeyboardActions
|
||||
import androidx.compose.foundation.text.KeyboardOptions
|
||||
import androidx.compose.material.icons.Icons
|
||||
import androidx.compose.material.icons.automirrored.filled.ArrowBack
|
||||
import androidx.compose.material3.*
|
||||
import androidx.compose.runtime.*
|
||||
import androidx.compose.ui.Alignment
|
||||
import androidx.compose.ui.Modifier
|
||||
import androidx.compose.ui.focus.FocusRequester
|
||||
import androidx.compose.ui.focus.focusRequester
|
||||
import androidx.compose.ui.text.input.ImeAction
|
||||
import androidx.compose.ui.text.input.KeyboardType
|
||||
import androidx.compose.ui.text.input.PasswordVisualTransformation
|
||||
import androidx.compose.ui.text.style.TextAlign
|
||||
import androidx.compose.ui.unit.dp
|
||||
|
||||
@OptIn(ExperimentalMaterial3Api::class)
|
||||
@Composable
|
||||
fun LoginScreen(
|
||||
viewModel: LoginViewModel,
|
||||
onLoginSuccess: () -> Unit = {},
|
||||
onBack: () -> Unit = {} // New callback for back navigation
|
||||
) {
|
||||
val uiState by viewModel.uiState.collectAsState()
|
||||
val passwordFocusRequester = remember { FocusRequester() }
|
||||
|
||||
Scaffold(
|
||||
topBar = {
|
||||
TopAppBar(
|
||||
title = { Text("Anmelden") },
|
||||
navigationIcon = {
|
||||
IconButton(onClick = onBack) {
|
||||
Icon(Icons.AutoMirrored.Filled.ArrowBack, contentDescription = "Zurück")
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
) { paddingValues ->
|
||||
Column(
|
||||
modifier = Modifier
|
||||
.fillMaxSize()
|
||||
.padding(paddingValues)
|
||||
.padding(24.dp),
|
||||
horizontalAlignment = Alignment.CenterHorizontally,
|
||||
verticalArrangement = Arrangement.Center
|
||||
) {
|
||||
// Username field
|
||||
OutlinedTextField(
|
||||
value = uiState.username,
|
||||
onValueChange = viewModel::updateUsername,
|
||||
label = { Text("Benutzername") },
|
||||
enabled = !uiState.isLoading,
|
||||
isError = uiState.usernameError != null,
|
||||
supportingText = uiState.usernameError?.let { { Text(it) } },
|
||||
keyboardOptions = KeyboardOptions(
|
||||
keyboardType = KeyboardType.Text,
|
||||
imeAction = ImeAction.Next
|
||||
),
|
||||
keyboardActions = KeyboardActions(
|
||||
onNext = { passwordFocusRequester.requestFocus() }
|
||||
),
|
||||
modifier = Modifier
|
||||
.fillMaxWidth()
|
||||
.padding(bottom = 16.dp)
|
||||
)
|
||||
|
||||
// Password field
|
||||
OutlinedTextField(
|
||||
value = uiState.password,
|
||||
onValueChange = viewModel::updatePassword,
|
||||
label = { Text("Passwort") },
|
||||
enabled = !uiState.isLoading,
|
||||
isError = uiState.passwordError != null,
|
||||
supportingText = uiState.passwordError?.let { { Text(it) } },
|
||||
visualTransformation = PasswordVisualTransformation(),
|
||||
keyboardOptions = KeyboardOptions(
|
||||
keyboardType = KeyboardType.Password,
|
||||
imeAction = ImeAction.Done
|
||||
),
|
||||
keyboardActions = KeyboardActions(
|
||||
onDone = {
|
||||
if (uiState.canLogin) {
|
||||
viewModel.login()
|
||||
}
|
||||
}
|
||||
),
|
||||
modifier = Modifier
|
||||
.fillMaxWidth()
|
||||
.focusRequester(passwordFocusRequester)
|
||||
.padding(bottom = 24.dp)
|
||||
)
|
||||
|
||||
// Error message
|
||||
if (uiState.errorMessage != null) {
|
||||
Card(
|
||||
colors = CardDefaults.cardColors(
|
||||
containerColor = MaterialTheme.colorScheme.errorContainer
|
||||
),
|
||||
modifier = Modifier
|
||||
.fillMaxWidth()
|
||||
.padding(bottom = 16.dp)
|
||||
) {
|
||||
Text(
|
||||
text = uiState.errorMessage!!,
|
||||
color = MaterialTheme.colorScheme.onErrorContainer,
|
||||
style = MaterialTheme.typography.bodyMedium,
|
||||
textAlign = TextAlign.Center,
|
||||
modifier = Modifier.padding(16.dp)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
// Login button
|
||||
Button(
|
||||
onClick = { viewModel.login() },
|
||||
enabled = uiState.canLogin && !uiState.isLoading,
|
||||
modifier = Modifier
|
||||
.fillMaxWidth()
|
||||
.height(48.dp)
|
||||
) {
|
||||
if (uiState.isLoading) {
|
||||
CircularProgressIndicator(
|
||||
modifier = Modifier.size(20.dp),
|
||||
strokeWidth = 2.dp,
|
||||
color = MaterialTheme.colorScheme.onPrimary
|
||||
)
|
||||
} else {
|
||||
Text("Anmelden")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Handle login success
|
||||
LaunchedEffect(uiState.isAuthenticated) {
|
||||
if (uiState.isAuthenticated) {
|
||||
onLoginSuccess()
|
||||
}
|
||||
}
|
||||
}
|
||||
+143
@@ -0,0 +1,143 @@
|
||||
package at.mocode.frontend.core.auth.presentation
|
||||
|
||||
import androidx.lifecycle.ViewModel
|
||||
import androidx.lifecycle.viewModelScope
|
||||
import at.mocode.frontend.core.auth.data.AuthApiClient
|
||||
import at.mocode.frontend.core.auth.data.AuthTokenManager
|
||||
import io.ktor.client.request.post
|
||||
import io.ktor.client.HttpClient
|
||||
import kotlinx.coroutines.flow.MutableStateFlow
|
||||
import kotlinx.coroutines.flow.StateFlow
|
||||
import kotlinx.coroutines.flow.asStateFlow
|
||||
import kotlinx.coroutines.launch
|
||||
|
||||
/**
|
||||
* UI state for the login screen
|
||||
*/
|
||||
data class LoginUiState(
|
||||
val username: String = "",
|
||||
val password: String = "",
|
||||
val isLoading: Boolean = false,
|
||||
val isAuthenticated: Boolean = false,
|
||||
val errorMessage: String? = null,
|
||||
val usernameError: String? = null,
|
||||
val passwordError: String? = null
|
||||
) {
|
||||
val canLogin: Boolean
|
||||
get() = username.isNotBlank() && password.isNotBlank() && !isLoading
|
||||
}
|
||||
|
||||
/**
|
||||
* ViewModel for handling login authentication logic
|
||||
*/
|
||||
class LoginViewModel(
|
||||
private val authTokenManager: AuthTokenManager,
|
||||
private val authApiClient: AuthApiClient,
|
||||
private val apiClient: HttpClient
|
||||
) : ViewModel() {
|
||||
|
||||
private val _uiState = MutableStateFlow(LoginUiState())
|
||||
val uiState: StateFlow<LoginUiState> = _uiState.asStateFlow()
|
||||
|
||||
init {
|
||||
// Observe AuthTokenManager state to keep UI in sync
|
||||
viewModelScope.launch {
|
||||
authTokenManager.authState.collect { authState ->
|
||||
_uiState.value = _uiState.value.copy(
|
||||
isAuthenticated = authState.isAuthenticated
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun updateUsername(username: String) {
|
||||
_uiState.value = _uiState.value.copy(
|
||||
username = username,
|
||||
usernameError = null,
|
||||
errorMessage = null
|
||||
)
|
||||
}
|
||||
|
||||
fun updatePassword(password: String) {
|
||||
_uiState.value = _uiState.value.copy(
|
||||
password = password,
|
||||
passwordError = null,
|
||||
errorMessage = null
|
||||
)
|
||||
}
|
||||
|
||||
fun login() {
|
||||
val currentState = _uiState.value
|
||||
|
||||
// Validate input
|
||||
if (currentState.username.isBlank()) {
|
||||
_uiState.value = currentState.copy(usernameError = "Benutzername ist erforderlich")
|
||||
return
|
||||
}
|
||||
|
||||
if (currentState.password.isBlank()) {
|
||||
_uiState.value = currentState.copy(passwordError = "Passwort ist erforderlich")
|
||||
return
|
||||
}
|
||||
|
||||
// Start the login process
|
||||
_uiState.value = currentState.copy(
|
||||
isLoading = true,
|
||||
errorMessage = null,
|
||||
usernameError = null,
|
||||
passwordError = null
|
||||
)
|
||||
|
||||
viewModelScope.launch {
|
||||
try {
|
||||
val loginResponse = authApiClient.login(
|
||||
username = currentState.username,
|
||||
password = currentState.password
|
||||
)
|
||||
|
||||
if (loginResponse.success && loginResponse.token != null) {
|
||||
// Store the JWT token
|
||||
authTokenManager.setToken(loginResponse.token)
|
||||
|
||||
// isAuthenticated will be updated via the flow collector in init block
|
||||
|
||||
_uiState.value = _uiState.value.copy(
|
||||
isLoading = false,
|
||||
errorMessage = null
|
||||
)
|
||||
|
||||
// Fire-and-forget: Trigger Backend Sync so the user exists in Members
|
||||
viewModelScope.launch {
|
||||
try {
|
||||
// Fire-and-forget sync call; Bearer token added by Ktor Auth plugin
|
||||
apiClient.post("/api/members/sync")
|
||||
} catch (_: Exception) {
|
||||
// Non-fatal: Wir zeigen Sync-Fehler im Login nicht an
|
||||
}
|
||||
}
|
||||
} else {
|
||||
_uiState.value = _uiState.value.copy(
|
||||
isLoading = false,
|
||||
errorMessage = loginResponse.message ?: "Anmeldung fehlgeschlagen"
|
||||
)
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
_uiState.value = _uiState.value.copy(
|
||||
isLoading = false,
|
||||
errorMessage = "Verbindungsfehler: ${e.message}"
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun logout() {
|
||||
authTokenManager.clearToken()
|
||||
// Reset UI state (clear username/password)
|
||||
_uiState.value = LoginUiState()
|
||||
}
|
||||
|
||||
fun checkAuthenticationStatus() {
|
||||
val isAuthenticated = authTokenManager.hasValidToken()
|
||||
_uiState.value = _uiState.value.copy(isAuthenticated = isAuthenticated)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user