spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Scott Pouliot
2026-04-23 21:38:24 -04:00
commit 63e12a9636
1762 changed files with 1672620 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Web/Controllers/UnsubscribeController.cs
+120
View File
@@ -0,0 +1,120 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.RateLimiting;
using Microsoft.EntityFrameworkCore;
using PowderCoating.Infrastructure.Data;
using PowderCoating.Shared.Constants;
namespace PowderCoating.Web.Controllers;
/// <summary>
/// Handles customer self-service email opt-out via tokenized links.
/// No authentication required — the token IS the proof of identity.
/// </summary>
[AllowAnonymous]
[EnableRateLimiting(AppConstants.RateLimitPolicies.Public)]
public class UnsubscribeController : Controller
{
private readonly ApplicationDbContext _context;
private readonly ILogger<UnsubscribeController> _logger;
public UnsubscribeController(ApplicationDbContext context, ILogger<UnsubscribeController> logger)
{
_context = context;
_logger = logger;
}
/// <summary>
/// GET /Unsubscribe/Email/{token}
/// Called when a customer clicks the unsubscribe link in an email.
/// Sets NotifyByEmail = false and shows a confirmation page.
/// </summary>
[HttpGet]
[Route("Unsubscribe/Email/{token}")]
public async Task<IActionResult> Email(string token)
{
if (string.IsNullOrWhiteSpace(token))
return View("Invalid");
try
{
// Bypass global query filters so we can find the customer by token
// regardless of company context (the user clicking is not authenticated)
var customer = await _context.Customers
.IgnoreQueryFilters()
.FirstOrDefaultAsync(c => c.UnsubscribeToken == token && !c.IsDeleted);
if (customer == null)
{
_logger.LogWarning("Unsubscribe attempt with unknown token: {Token}", token);
return View("Invalid");
}
if (!customer.NotifyByEmail)
{
// Already unsubscribed — show success page anyway (idempotent)
ViewBag.CustomerName = customer.CompanyName ?? $"{customer.ContactFirstName} {customer.ContactLastName}".Trim();
ViewBag.AlreadyUnsubscribed = true;
return View("EmailConfirm");
}
customer.NotifyByEmail = false;
customer.UpdatedAt = DateTime.UtcNow;
await _context.SaveChangesAsync();
_logger.LogInformation("Customer {CustomerId} unsubscribed from email notifications via link", customer.Id);
ViewBag.CustomerName = customer.CompanyName ?? $"{customer.ContactFirstName} {customer.ContactLastName}".Trim();
ViewBag.AlreadyUnsubscribed = false;
return View("EmailConfirm");
}
catch (Exception ex)
{
_logger.LogError(ex, "Error processing unsubscribe for token {Token}", token);
return View("Invalid");
}
}
/// <summary>
/// GET /Unsubscribe/BroadcastEmail/{token}
/// Opts a company's primary contact out of platform broadcast/marketing emails.
/// </summary>
[HttpGet]
[Route("Unsubscribe/BroadcastEmail/{token}")]
public async Task<IActionResult> BroadcastEmail(string token)
{
if (string.IsNullOrWhiteSpace(token))
return View("Invalid");
try
{
var company = await _context.Companies
.IgnoreQueryFilters()
.FirstOrDefaultAsync(c => c.MarketingUnsubscribeToken == token && !c.IsDeleted);
if (company == null)
{
_logger.LogWarning("Broadcast unsubscribe attempt with unknown token: {Token}", token);
return View("Invalid");
}
ViewBag.CompanyName = company.CompanyName;
ViewBag.AlreadyUnsubscribed = company.MarketingEmailOptOut;
if (!company.MarketingEmailOptOut)
{
company.MarketingEmailOptOut = true;
company.UpdatedAt = DateTime.UtcNow;
await _context.SaveChangesAsync();
_logger.LogInformation("Company {CompanyId} opted out of broadcast emails via link", company.Id);
}
return View("BroadcastEmailConfirm");
}
catch (Exception ex)
{
_logger.LogError(ex, "Error processing broadcast unsubscribe for token {Token}", token);
return View("Invalid");
}
}
}