yep

Gameboard.ShogiUI.Sockets/Controllers/SocketController.cs

@@ -1,9 +1,11 @@
 using Gameboard.ShogiUI.Sockets.Managers;
 using Gameboard.ShogiUI.Sockets.Repositories;
-using Gameboard.ShogiUI.Sockets.ServiceModels.Api.Messages;
+using Gameboard.ShogiUI.Sockets.ServiceModels.Api;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using System;
 using System.Linq;
 using System.Threading.Tasks;
 
@@ -14,10 +16,13 @@ namespace Gameboard.ShogiUI.Sockets.Controllers
   [ApiController]
   public class SocketController : ControllerBase
   {
+    public static readonly string WebSessionKey = "session-id";
     private readonly ILogger<SocketController> logger;
     private readonly ISocketTokenManager tokenManager;
     private readonly IGameboardManager gameboardManager;
     private readonly IGameboardRepository gameboardRepository;
+    private readonly CookieOptions createSessionOptions;
+    private readonly CookieOptions deleteSessionOptions;
 
     public SocketController(
       ILogger<SocketController> logger,
@@ -29,6 +34,23 @@ namespace Gameboard.ShogiUI.Sockets.Controllers
       this.tokenManager = tokenManager;
       this.gameboardManager = gameboardManager;
       this.gameboardRepository = gameboardRepository;
+      createSessionOptions = new CookieOptions
+      {
+        Secure = true,
+        HttpOnly = true,
+        SameSite = SameSiteMode.None,
+        Expires = DateTimeOffset.Now.AddYears(5)
+      };
+      deleteSessionOptions = new CookieOptions();
+    }
+
+    [HttpGet("Yep")]
+    [AllowAnonymous]
+    public IActionResult Yep()
+    {
+      deleteSessionOptions.Expires = DateTimeOffset.Now.AddDays(-1);
+      Response.Cookies.Append(WebSessionKey, "", deleteSessionOptions);
+      return Ok();
     }
 
     [HttpGet("Token")]
@@ -39,25 +61,36 @@ namespace Gameboard.ShogiUI.Sockets.Controllers
       return new JsonResult(new GetTokenResponse(token));
     }
 
+    /// <summary>
+    /// Builds a token for guest users to send when requesting a socket connection.
+    /// Sends a HttpOnly cookie to the client with which to identify guest users.
+    /// </summary>
+    /// <param name="request"></param>
+    /// <returns></returns>
     [AllowAnonymous]
     [HttpGet("GuestToken")]
-    public async Task<IActionResult> GetGuestToken([FromQuery] GetGuestToken request)
+    public async Task<IActionResult> GetGuestToken()
     {
-      if (request.ClientId == null)
+      var cookies = Request.Cookies;
+      var webSessionId = cookies.ContainsKey(WebSessionKey)
+        ? Guid.Parse(cookies[WebSessionKey]!)
+        : Guid.NewGuid();
+      var webSessionIdAsString = webSessionId.ToString();
+
+      var user = await gameboardRepository.ReadGuestUser(webSessionId);
+      if (user == null)
       {
-        var clientId = await gameboardManager.CreateGuestUser();
-        var token = tokenManager.GenerateToken(clientId);
-        return new JsonResult(new GetGuestTokenResponse(clientId, token));
+        var userName = await gameboardManager.CreateGuestUser(webSessionId);
+        var token = tokenManager.GenerateToken(webSessionIdAsString);
+        Response.Cookies.Append(WebSessionKey, webSessionIdAsString, createSessionOptions);
+        return new JsonResult(new GetGuestTokenResponse(userName, token));
       }
       else
       {
-        if (await gameboardRepository.IsGuestUser(request.ClientId))
-        {
-          var token = tokenManager.GenerateToken(request.ClientId);
-          return new JsonResult(new GetGuestTokenResponse(request.ClientId, token));
-        }
+        var token = tokenManager.GenerateToken(webSessionIdAsString);
+        Response.Cookies.Append(WebSessionKey, webSessionIdAsString, createSessionOptions);
+        return new JsonResult(new GetGuestTokenResponse(user.Name, token));
       }
-      return new UnauthorizedResult();
     }
   }
 }