Janus007/SWPCore
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit: SWP.Core enterprise framework with multi-tenant architecture, configuration management, security, telemetry and comprehensive test suite

Browse source
This commit is contained in:
Janus C. H. Knudsen 2025-08-02 22:16:39 +02:00
commit 5275a75502
87 changed files with 6140 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

106
Database/Core/DCL/SetupApplicationUser.cs Normal file
View file

@ -0,0 +1,106 @@
using System.Data;
using Insight.Database;
using PlanTempus.Core.Database.ConnectionFactory;
using PlanTempus.Database.Common;
namespace PlanTempus.Database.Core.DCL
{
/// <summary>
/// Only a superadmin or similar can create Application Users
/// </summary>
public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
Command _command;
private readonly IDbConnectionFactory _connectionFactory;
public SetupApplicationUser(IDbConnectionFactory connectionFactory)
{
_connectionFactory = connectionFactory;
}
public void With(Command command, ConnectionStringParameters parameters = null)
{
_command = command;
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using var conn = parameters is null ? _connectionFactory.Create() : _connectionFactory.Create(parameters);
using var transaction = conn.OpenWithTransaction();
try
{
CreateSchema(conn);
CreateRole(conn);
GrantSchemaRights(conn);
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
}
}
private void CreateSchema(IDbConnection db)
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
db.ExecuteSql(sql);
}
private void CreateRole(IDbConnection db)
{
var sql = $@"
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
END IF;
END $$;";
db.ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
db.ExecuteSql(sql1);
}
private void GrantSchemaRights(IDbConnection db)
{
// Grant USAGE og alle CREATE rettigheder på schema niveau
var sql = $@"
GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql);
// Grant rettigheder på eksisterende og fremtidige tabeller
var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql1);
var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
db.ExecuteSql(sql2);
// Grant sequence rettigheder
var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql3);
// Grant execute på functions
var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql4);
// Grant for fremtidige functions
var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
db.ExecuteSql(sql5);
// Grant for fremtidige sequences
var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
db.ExecuteSql(sql6);
}
}
}

89
Database/Core/DCL/SetupDbAdmin.cs Normal file
View file

@ -0,0 +1,89 @@
using System.Data;
using Insight.Database;
using PlanTempus.Core.Database.ConnectionFactory;
using PlanTempus.Database.Common;
namespace PlanTempus.Database.Core.DCL
{
/// <summary>
/// Only a superadmin or similar can create Application Users
/// </summary>
public class SetupDbAdmin : IDbConfigure<SetupDbAdmin.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
Command _command;
private readonly IDbConnectionFactory _connectionFactory;
public SetupDbAdmin(IDbConnectionFactory connectionFactory)
{
_connectionFactory = connectionFactory;
}
public void With(Command command, ConnectionStringParameters parameters = null)
{
_command = command;
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using var conn = parameters is null ? _connectionFactory.Create() : _connectionFactory.Create(parameters);
using var transaction = conn.OpenWithTransaction();
try
{
CreateSchema(conn);
CreateRole(conn);
GrantSchemaRights(conn);
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
}
}
private void CreateSchema(IDbConnection db)
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
db.ExecuteSql(sql);
}
private void CreateRole(IDbConnection db)
{
var sql = $@"
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
END IF;
END $$;";
db.ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
db.ExecuteSql(sql1);
var sql2 = $"ALTER SCHEMA {_command.Schema} OWNER TO {_command.User};";
db.ExecuteSql(sql2);
}
private void GrantSchemaRights(IDbConnection db)
{
var sql = $@"GRANT CREATE ON SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql);
}
}
}

89
Database/Core/DCL/SetupOrganizationUser.cs Normal file
View file

@ -0,0 +1,89 @@
using System.Data;
using Insight.Database;
using PlanTempus.Core.Database.ConnectionFactory;
using PlanTempus.Database.Common;
using PlanTempus.Database.Core;
namespace PlanTempus.Database.Core.DCL
{
public class SetupOrganization : IDbConfigure<SetupOrganization.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
Command _command;
private readonly IDbConnectionFactory _connectionFactory;
public SetupOrganization(IDbConnectionFactory connectionFactory)
{
_connectionFactory = connectionFactory;
}
public void With(Command command, ConnectionStringParameters parameters = null)
{
_command = command;
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using var conn = parameters is null ? _connectionFactory.Create() : _connectionFactory.Create(parameters);
using var transaction = conn.OpenWithTransaction();
try
{
CreateSchema(conn);
CreateRole(conn);
GrantSchemaRights(conn);
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new InvalidOperationException("Failed to SetupOrganization in Database", ex);
}
}
private void CreateSchema(IDbConnection db)
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
db.ExecuteSql(sql);
}
private void CreateRole(IDbConnection db)
{
var sql = $"CREATE ROLE {_command.User} LOGIN PASSWORD '{_command.Password}';";
db.ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
db.ExecuteSql(sql1);
}
private void GrantSchemaRights(IDbConnection db)
{
var sql = $"GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql);
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} " +
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_command.User};";
db.ExecuteSql(sql1);
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql2);
var sql3 = $"GRANT CREATE TABLE ON SCHEMA {_command.Schema} TO {_command.User};";
db.ExecuteSql(sql3);
}
public void RevokeCreateTable(IDbConnection db)
{
var sql = $"REVOKE CREATE TABLE ON SCHEMA {_command.Schema} FROM {_command.User};";
db.ExecuteSql(sql);
}
}
}

140
Database/Core/DDL/SetupIdentitySystem.cs Normal file
View file

@ -0,0 +1,140 @@
using Insight.Database;
using System.Data;
using PlanTempus.Core.Database.ConnectionFactory;
namespace PlanTempus.Database.Core.DDL
{
/// <summary>
/// This is by purpose not async await
/// It is intended that this is created with the correct Application User, which is why the schema name is omitted.
/// </summary>
public class SetupIdentitySystem : IDbConfigure<SetupIdentitySystem.Command>
{
public class Command
{
public required string Schema { get; init; }
}
Command _command;
private readonly IDbConnectionFactory _connectionFactory;
public SetupIdentitySystem(IDbConnectionFactory connectionFactory)
{
_connectionFactory = connectionFactory;
}
/// <summary>
/// Creates the system tables in the specified schema within a transaction.
/// </summary>
/// <param name="schema">The schema name where the tables will be created.</param>
public void With(Command command, ConnectionStringParameters parameters = null)
{
_command = command;
using var conn = parameters is null ? _connectionFactory.Create() : _connectionFactory.Create(parameters);
using var transaction = conn.OpenWithTransaction();
try
{
CreateUsersTable(conn);
CreateOrganizationsTable(conn);
CreateUserOrganizationsTable(conn);
SetupRLS(conn);
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new InvalidOperationException("Failed to SetupIdentitySystem. Transaction is rolled back", ex);
}
}
/// <summary>
/// Creates the users table
/// </summary>
void CreateUsersTable(IDbConnection db)
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.users (
id SERIAL PRIMARY KEY,
email VARCHAR(256) NOT NULL UNIQUE,
password_hash VARCHAR(256) NOT NULL,
security_stamp VARCHAR(36) NOT NULL,
email_confirmed BOOLEAN NOT NULL DEFAULT FALSE,
access_failed_count INTEGER NOT NULL DEFAULT 0,
lockout_enabled BOOLEAN NOT NULL DEFAULT TRUE,
lockout_end TIMESTAMPTZ NULL,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
last_login_at TIMESTAMPTZ NULL
);";
db.ExecuteSql(sql);
}
/// <summary>
/// Creates the organizations table
/// </summary>
void CreateOrganizationsTable(IDbConnection db)
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.organizations (
id SERIAL PRIMARY KEY,
connection_string VARCHAR(500) NOT NULL,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
);";
db.ExecuteSql(sql);
}
/// <summary>
/// Creates the user_organizations table
/// </summary>
void CreateUserOrganizationsTable(IDbConnection db)
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.user_organizations (
user_id INTEGER NOT NULL REFERENCES {_command.Schema}.users(id),
organization_id INTEGER NOT NULL REFERENCES {_command.Schema}.organizations(id),
pin_code VARCHAR(10) NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (user_id, organization_id)
);";
db.ExecuteSql(sql);
}
/// <summary>
/// Sets up Row Level Security (RLS) for the organizations and user_organizations tables.
/// </summary>
void SetupRLS(IDbConnection db)
{
var sql = new[]
{
$"ALTER TABLE {_command.Schema}.organizations ENABLE ROW LEVEL SECURITY;",
$"ALTER TABLE {_command.Schema}.user_organizations ENABLE ROW LEVEL SECURITY;",
$"DROP POLICY IF EXISTS organization_access ON {_command.Schema}.organizations;",
@$"CREATE POLICY organization_access ON {_command.Schema}.organizations
USING (id IN (
SELECT organization_id
FROM {_command.Schema}.user_organizations
WHERE user_id = current_setting('app.user_id', TRUE)::INTEGER
)) WITH CHECK (true);",
$"DROP POLICY IF EXISTS user_organization_access ON {_command.Schema}.user_organizations;",
@$"CREATE POLICY user_organization_access ON {_command.Schema}.user_organizations
USING (user_id = current_setting('app.user_id', TRUE)::INTEGER) WITH CHECK (true);"
};
foreach (var statement in sql)
{
db.ExecuteSql(statement);
}
}
}
}

9
Database/Core/IDbConfigure.cs Normal file
View file

@ -0,0 +1,9 @@
using PlanTempus.Core.Database.ConnectionFactory;
namespace PlanTempus.Database.Core
{
public interface IDbConfigure<T>
{
void With(T command, ConnectionStringParameters parameters = null);
}
}

79
Database/Core/UserService.cs Normal file
View file

@ -0,0 +1,79 @@
using Insight.Database;
using PlanTempus.Core;
using PlanTempus.Core.Entities.Users;
using System.Data;
namespace PlanTempus.Database.Core
{
public class UserService
{
public record UserCreateCommand(string CorrelationId, string Email, string Password);
private readonly IDbConnection _db;
public UserService(IDbConnection db)
{
_db = db;
}
public async Task CreateUser(UserCreateCommand command)
{
var user = new User
{
Email = command.Email,
PasswordHash = new SecureTokenizer().TokenizeText(command.Password),
SecurityStamp = Guid.NewGuid().ToString(),
EmailConfirmed = false,
CreatedDate = DateTime.UtcNow
};
var userId = await _db.ExecuteScalarAsync<int>(@$"
INSERT INTO users (email, password_hash, security_stamp, email_confirmed, created_at)
VALUES (@Email, @PasswordHash, @SecurityStamp, @EmailConfirmed, @CreatedDate)
RETURNING id", user);
}
public async Task CreateOrganization(int userId, string organizationConnectionString)
{
var schema = "dev";
using var transaction = _db.OpenWithTransaction();
try
{
// Create organization
var organization = new Organization
{
ConnectionString = organizationConnectionString,
CreatedDate = DateTime.UtcNow,
CreatedBy = userId,
IsActive = true
};
var organizationId = await _db.ExecuteScalarAsync<int>(@$"
INSERT INTO {schema}.organizations (connection_string, created_date, is_active)
VALUES (@ConnectionString, @CreatedDate, @IsActive)
RETURNING id", organization);
// Link user to organization
var userOrganization = new UserOrganization
{
UserId = userId,
OrganizationId = organizationId,
CreatedDate = DateTime.UtcNow
};
await _db.ExecuteAsync(@$"
INSERT INTO {schema}.user_organizations (user_id, organization_id, created_date)
VALUES (@UserId, @OrganizationId, @CreatedDate)", userOrganization);
transaction.Commit();
}
catch
{
transaction.Rollback();
throw;
}
}
}
}