ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity
74 Commits 2 Branches 0 Tags
b3eb9d297ad2a17e7c98c69b5c6bec33e798b5a8
Commit Graph

10 Commits

Author SHA1 Message Date
Chris Chen f6f06d841c feat(ministry): add Ministry entity, seed (10), and read endpoint 2026-05-29 18:03:28 -07:00
Chris Chen b5a15dd9f2 feat(giving): add offering-sessions controller 2026-05-28 16:54:24 -07:00
Chris Chen 586551aec0 feat(giving): add givings controller 2026-05-28 16:43:06 -07:00
Chris Chen 81efaedbc2 feat(giving): add giving-categories controller 2026-05-28 16:34:18 -07:00
Chris Chen a525c71baa WIP 2026-05-28 15:25:31 -07:00
Chris Chen 8249b3fe3e feat: add UsersController and register all services 
Adds UsersController with CRUD endpoints (list, get, create, update,
deactivate, reset-password) restricted to super_admin role. Registers
IUserManagementService in Program.cs alongside existing services.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 14:10:46 -07:00
Chris Chen 0986233d9b feat: add MembersController (CRUD + paged list) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 14:03:23 -07:00
Chris Chen 2aa095c158 Task 11: Smoke test fixes (all 5 scenarios pass) 
TokenService.GenerateRefreshToken():
  - Switched to URL-safe Base64 (RFC 4648 §5): +→-, /→_, no = padding.
  - Characters are unreserved per RFC 6265, so Response.Cookies.Append
    does NOT percent-encode the value.  Request.Cookies reads back exact value.

AuthController:
  - CookieOptions.Secure = !env.IsDevelopment()
    Plain HTTP in local dev works; HTTPS-only in staging/production.
  - Inject IWebHostEnvironment for environment-aware Secure flag.

TokenServiceTests:
  - Updated GenerateRefreshToken test: 86-char URL-safe Base64 instead
    of 64-byte standard Base64.  16/16 tests pass.

Smoke test results (http://localhost:5209):
  1. POST /api/auth/login       → 200 + rolac_rt cookie + JWT
  2. POST /api/auth/refresh     → 200 + new token (rotation)
  3. POST /api/auth/logout      → 204 + cookie cleared
  4. Refresh with revoked token → 401
  5. Wrong password             → 401

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 19:28:20 -07:00
Chris Chen 8b86bd573e Tasks 7-9: AuthController, appsettings, Program.cs 
Task 7 – AuthController (POST /api/auth/login|refresh|logout)
  - Refresh token in HttpOnly; Secure; SameSite=Strict cookie (rolac_rt)
  - Cookie Path scoped to /api/auth; cleared on logout/invalid refresh

Task 8 – appsettings.json (non-secret JWT values + CORS origins)
  - appsettings.Development.json carries connection string + JWT secret
    (file is gitignored)

Task 9 – Program.cs wiring
  - EF Core + Npgsql, ASP.NET Core Identity, JWT Bearer auth
  - RoleClaimType=role matches the short JWT claim name written by TokenService
  - CORS: AllowCredentials for Angular app
  - Swagger UI with Bearer security definition
  - Startup: MigrateAsync + DbSeeder.SeedAsync (roles + dev admin)
  - DbSeeder: added SeedAsync(IServiceProvider) entry point

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 17:40:52 -07:00
Chris Chen 4da8806bfc Init API 2026-05-25 17:38:23 -07:00