start (actual) email auth, add CancellationToken to most async methods

Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs

@@ -1,6 +1,10 @@
 using Foxnouns.Backend.Database;
+using Foxnouns.Backend.Database.Models;
+using Foxnouns.Backend.Extensions;
 using Foxnouns.Backend.Services;
+using Foxnouns.Backend.Utils;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using NodaTime;
 
 namespace Foxnouns.Backend.Controllers.Authentication;
@@ -9,21 +13,56 @@ namespace Foxnouns.Backend.Controllers.Authentication;
 public class EmailAuthController(
     DatabaseContext db,
     AuthService authSvc,
+    MailService mailSvc,
+    KeyCacheService keyCacheSvc,
     UserRendererService userRendererSvc,
     IClock clock,
     ILogger logger) : ApiControllerBase
 {
     private readonly ILogger _logger = logger.ForContext<EmailAuthController>();
 
+    [HttpPost("register")]
+    public async Task<IActionResult> RegisterAsync([FromBody] RegisterRequest req, CancellationToken ct = default)
+    {
+        if (!req.Email.Contains('@')) throw new ApiError.BadRequest("Email is invalid", "email", req.Email);
+
+        var state = await keyCacheSvc.GenerateRegisterEmailStateAsync(req.Email, userId: null, ct);
+        if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Email && a.RemoteId == req.Email, ct))
+            return NoContent();
+
+        mailSvc.QueueAccountCreationEmail(req.Email, state);
+        return NoContent();
+    }
+
+    [HttpPost("callback")]
+    public async Task<IActionResult> CallbackAsync([FromBody] CallbackRequest req, CancellationToken ct = default)
+    {
+        var state = await keyCacheSvc.GetRegisterEmailStateAsync(req.State, ct);
+        if (state == null) throw new ApiError.BadRequest("Invalid state", "state", req.State);
+
+        if (state.ExistingUserId != null)
+        {
+            var authMethod =
+                await authSvc.AddAuthMethodAsync(state.ExistingUserId.Value, AuthType.Email, state.Email, ct: ct);
+            _logger.Debug("Added email auth {AuthId} for user {UserId}", authMethod.Id, state.ExistingUserId);
+            return NoContent();
+        }
+
+        var ticket = AuthUtils.RandomToken();
+        await keyCacheSvc.SetKeyAsync($"email:{ticket}", state.Email, Duration.FromMinutes(20));
+
+        return Ok(new AuthController.CallbackResponse(false, ticket, state.Email));
+    }
+
     [HttpPost("login")]
     [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
-    public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req)
+    public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req, CancellationToken ct = default)
     {
-        var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password);
+        var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password, ct);
         if (authenticationResult == AuthService.EmailAuthenticationResult.MfaRequired)
             throw new NotImplementedException("MFA is not implemented yet");
 
-        var frontendApp = await db.GetFrontendApplicationAsync();
+        var frontendApp = await db.GetFrontendApplicationAsync(ct);
 
         _logger.Debug("Logging user {Id} in with email and password", user.Id);
 
@@ -33,14 +72,18 @@ public class EmailAuthController(
 
         _logger.Debug("Generated token {TokenId} for {UserId}", token.Id, user.Id);
 
-        await db.SaveChangesAsync();
+        await db.SaveChangesAsync(ct);
 
         return Ok(new AuthController.AuthResponse(
-            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false),
+            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false, ct: ct),
             tokenStr,
             token.ExpiresAt
         ));
     }
 
     public record LoginRequest(string Email, string Password);
+
+    public record RegisterRequest(string Email);
+
+    public record CallbackRequest(string State);
 }