ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity
131 Commits 2 Branches 0 Tags
deff2264a6a410b9faf312811402dd652c31df99
Commit Graph

59 Commits

Author SHA1 Message Date
Chris Chen ef0098d5cc Task 10: EF Core InitialAuth migration 
Applied against ChurchCRM database on 192.168.68.55:49154.
Creates Identity tables (AspNetUsers, AspNetRoles, AspNetUserRoles, etc.)
+ RefreshTokens table with unique index on TokenHash.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 19:13:30 -07:00
Chris Chen 8b86bd573e Tasks 7-9: AuthController, appsettings, Program.cs 
Task 7 – AuthController (POST /api/auth/login|refresh|logout)
  - Refresh token in HttpOnly; Secure; SameSite=Strict cookie (rolac_rt)
  - Cookie Path scoped to /api/auth; cleared on logout/invalid refresh

Task 8 – appsettings.json (non-secret JWT values + CORS origins)
  - appsettings.Development.json carries connection string + JWT secret
    (file is gitignored)

Task 9 – Program.cs wiring
  - EF Core + Npgsql, ASP.NET Core Identity, JWT Bearer auth
  - RoleClaimType=role matches the short JWT claim name written by TokenService
  - CORS: AllowCredentials for Angular app
  - Swagger UI with Bearer security definition
  - Startup: MigrateAsync + DbSeeder.SeedAsync (roles + dev admin)
  - DbSeeder: added SeedAsync(IServiceProvider) entry point

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 17:40:52 -07:00
Chris Chen 9db8b34181 Task 6: AuthService + 9 unit tests (16/16 pass) 
- IAuthService: LoginAsync / RefreshAsync / LogoutAsync
- AuthService: refresh-token rotation, hashed storage, LastLoginAt update
- AuthServiceTests: 5 login + 3 refresh + 1 logout tests via Moq + EF InMemory

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 17:38:56 -07:00
Chris Chen f74563bb36 Task 5: TokenService + unit tests (7/7 pass) 
- ITokenService: GenerateAccessToken / GenerateRefreshToken / HashToken
- TokenService: JWT (HS256, 15-min), 64-byte CSPRNG refresh, SHA-256 hex hash
  - Role claims use short JWT name role (v7.x JsonWebTokenHandler compatible)
- TokenServiceTests: 7 xUnit tests, payload decoded via Base64Url+System.Text.Json
  to avoid Microsoft.IdentityModel 7.1.2/7.5.2 version-mismatch issues

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 17:34:56 -07:00
Chris Chen b335867b30 feat: add LoginRequest and LoginResponse DTOs 2026-05-25 19:07:36 -07:00
Chris Chen a66a3f7cb0 feat: add AppDbContext (Identity + RefreshTokens) and DbSeeder (13 roles + dev admin) 2026-05-25 19:05:02 -07:00
Chris Chen 40d740d6e0 feat: add AppUser, AppRole, RefreshToken entities 2026-05-25 19:02:22 -07:00
Chris Chen 5a789fb0c2 chore: add Identity, EF Core PostgreSQL, JWT Bearer packages 2026-05-25 19:00:30 -07:00
Chris Chen 4da8806bfc Init API 2026-05-25 17:38:23 -07:00