public LoginResponse Login(LoginRequest request)
{
var sha = new SHA512Managed();
string passwordHash = EncodeBase64(sha.ComputeHash(request.Password.EncodeUTF8()));
string dbHash = null;
using (var cmd = _connection.CreateCommand())
{
cmd.CommandText = "SELECT password_hash FROM users WHERE username = @userName";
cmd.Parameters.AddWithValue("@userName", NpgsqlDbType.Text, request?.UserID?.ToLower().IfNullThenDBNull());
dbHash = (string)cmd.ExecuteScalar();
}
if (dbHash != passwordHash)
{
throw new WebApiException(401, "Invalid username or password.");
}
var session = _cache.CreateSession(request.UserID.ToLower());
return(new LoginResponse()
{
SessionID = session.SessionID
});
}
