# Auth Service Refactoring Design

## Summary

Move `IAuthService` interface to Core layer and implementations (`FakeAuthService`, `LdapAuthService`) to Infrastructure layer, merging the two diverged versions.

## Target Structure

### Interface & Models (Core layer)

```
JdeScoping.Core/
├── Interfaces/
│   └── IAuthService.cs      # Merged interface
└── Models/
    ├── UserInfo.cs          # Already exists
    └── AuthResult.cs        # Move from Api.Models
```

### Implementations (Infrastructure layer)

```
JdeScoping.Infrastructure/
└── Auth/
    ├── FakeAuthService.cs   # Replace with richer Api version
    └── LdapAuthService.cs   # Replace with richer Api version
```

## Merged Interface

```csharp
namespace JdeScoping.Core.Interfaces;

public interface IAuthService
{
    Task<AuthResult> AuthenticateAsync(string username, string password, CancellationToken ct = default);
    Task<UserInfo?> GetUserInfoAsync(string username, CancellationToken ct = default);
    Task<bool> IsInGroupAsync(string username, string groupName, CancellationToken ct = default);
}
```

## AuthResult Record

Move to `JdeScoping.Core.Models`:

```csharp
namespace JdeScoping.Core.Models;

public record AuthResult(
    bool Success,
    UserInfo? User,
    string? ErrorMessage);
```

## Files to Delete

From Api layer:
- `src/JdeScoping.Api/Services/IAuthService.cs`
- `src/JdeScoping.Api/Services/FakeAuthService.cs`
- `src/JdeScoping.Api/Services/LdapAuthService.cs`
- `src/JdeScoping.Api/Models/AuthResult.cs`

From Core layer (replaced with merged version):
- `src/JdeScoping.Core/Interfaces/IAuthService.cs`

## Files to Update

| File | Change |
|------|--------|
| `Api/Controllers/AuthController.cs` | `Api.Services` -> `Core.Interfaces` |
| `Api/ServiceCollectionExtensions.cs` | `Api.Services` -> `Core.Interfaces` + `Infrastructure.Auth` |
| `Api.Tests/Services/FakeAuthServiceTests.cs` | Move to Infrastructure.Tests or update namespace |
| `Api.Tests/Controllers/AuthControllerTests.cs` | Update namespace |
| `Api.Tests/Configuration/ServiceRegistrationTests.cs` | Update namespace |
| `Api.IntegrationTests/TestWebApplicationFactory.cs` | Update namespace |
| `Infrastructure.Tests/Unit/LdapAuthServiceTests.cs` | Already correct namespace target |
| `Infrastructure.Tests/Integration/LdapIntegrationTests.cs` | Update to use Infrastructure.Auth |

## Implementation Notes

### FakeAuthService
- Use richer Api version as base
- Add `IsInGroupAsync` -> always returns `true`
- Update namespace to `JdeScoping.Infrastructure.Auth`

### LdapAuthService
- Use richer Api version (multi-server, admin bypass, proper error handling)
- Add public `IsInGroupAsync(username, groupName, ct)` method
- Ensure `LdapOptions` and `AuthOptions` are in `JdeScoping.Core.Options`
- Update namespace to `JdeScoping.Infrastructure.Auth`

## Dependency Flow

```
Api -> Core.Interfaces.IAuthService
Api -> Infrastructure.Auth (for DI registration only)
Infrastructure.Auth -> Core.Interfaces + Core.Models + Core.Options
```