dohertj2/jdescopingtool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: JDE Scoping Tool migration project

Browse Source 
Set up repository with legacy .NET Framework 4.8 source (OLD/),
new .NET 10 Blazor solution (NEW/), OpenSpec specifications,
documentation, and project configuration.
This commit is contained in:
Joseph Doherty
2026-01-02 07:43:29 -05:00
commit 26ff8d9b4f
1761 changed files with 596509 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
openspec/changes/archive/2026-01-01-implement-web-api/proposal.md
+91
View File
@@ -0,0 +1,91 @@
# Implement Web API
## Summary
Implement the REST API layer and real-time SignalR hub for the JDE Scoping Tool, providing HTTP endpoints for search management, lookup operations, file upload/download, and authentication. This phase creates the web-facing interface that connects the Blazor WebAssembly client to the backend search processing and data access layers.
## Scope
### In Scope
- `AuthController` with login, logout, and current user endpoints
- `SearchController` with CRUD operations and result downloads
- `LookupController` with autocomplete APIs for items, profit centers, work centers, and operators
- `FileController` with Excel upload/download for bulk data import
- `StatusHub` SignalR hub for real-time status and search updates
- `IAuthService` interface with LDAP and fake authentication implementations
- `LdapAuthService` using `System.DirectoryServices.Protocols` (cross-platform)
- `FakeAuthService` for development mode authentication bypass
- `LdapOptions` and `AuthOptions` configuration classes
- `UserInfo` model (renamed from legacy `LDAPEntry`)
- API model DTOs (`LoginRequest`, `AuthResult`, `FileUploadResult<T>`, etc.)
- Cookie-based session management with ASP.NET Core authentication
- Service registration extension methods (`AddWebApi`, `AddAuthentication`)
- OpenAPI/Swagger documentation
- Unit tests with xUnit, Shouldly, and NSubstitute
### Out of Scope
- Blazor WebAssembly client implementation (Phase 9)
- Background worker service (Phase 5: implement-data-sync)
- Search execution logic (Phase 6: implement-search-processing)
- Excel export generation (Phase 7: implement-excel-export)
- Database schema changes (Phase 1: migrate-database-schema)
- Rate limiting and advanced security (future enhancement)
## Motivation
The Web API layer is the bridge between the Blazor WebAssembly client and the backend services. This phase delivers:
- **REST API Endpoints**: Standard HTTP APIs for search, lookup, and file operations
- **Real-Time Updates**: SignalR hub for live status updates during search processing
- **Cross-Platform Authentication**: LDAP authentication using `System.DirectoryServices.Protocols` (not the Windows-only `System.DirectoryServices`)
- **Development Mode Support**: Fake authentication for local development without LDAP server
- **OpenAPI Documentation**: Auto-generated API documentation for Blazor client development
## Acceptance Criteria
1. `AuthController` implements login, logout, and current user endpoints
2. `SearchController` implements all CRUD operations with proper authorization
3. `LookupController` implements autocomplete APIs without authorization (public access)
4. `FileController` implements Excel upload/download with caching
5. `StatusHub` broadcasts status and search updates to all connected clients
6. `LdapAuthService` authenticates against LDAP with group membership verification
7. `FakeAuthService` accepts any credentials when `AuthOptions.UseFakeAuth = true`
8. Cookie authentication configured with proper timeout and no redirect on 401
9. All protected endpoints return HTTP 401 (not redirect) for Blazor WASM compatibility
10. SignalR hub maps to `/hubs/status` endpoint
11. OpenAPI documentation generated via Swagger
12. All services registered via `AddWebApi()` extension method
13. Unit tests achieve >80% code coverage for controllers and services
14. `openspec validate implement-web-api --strict` passes
## Dependencies
| Phase | Dependency | Type |
|-------|------------|------|
| Phase 4: implement-data-access | `ILotFinderRepository` for lookups and search storage | Required |
| Phase 5: implement-data-sync | Worker service publishes status updates (soft dependency) | Soft |
| Phase 6: implement-search-processing | Search execution produces results | Required |
| Phase 7: implement-excel-export | `IExcelExportService` for file downloads | Required |
**Note:** Controllers can be implemented with interface dependencies, allowing parallel development with mock implementations for testing.
## Risks
| Risk | Likelihood | Impact | Mitigation |
|------|------------|--------|------------|
| LDAP connectivity issues | Medium | High | Implement `FakeAuthService` for development; add connection retry logic |
| `System.DirectoryServices.Protocols` complexity | Medium | Medium | Follow Microsoft documentation; create comprehensive LDAP integration tests |
| SignalR connection management | Low | Medium | Use ASP.NET Core SignalR defaults; implement client reconnection in Blazor |
| Cookie authentication with Blazor WASM | Low | Medium | Configure `SuppressAuthenticationChallengeOnUnauthorized`; test cross-origin scenarios |
| File upload size limits | Low | Low | Configure `IFormFile` limits in `Program.cs`; document limits |
| Memory cache expiration for file downloads | Low | Low | Use 1-minute expiration matching legacy; remove after download |
## Related Specs
- `web-api-auth/spec.md` - Base specification for Web API and authentication
- `domain-models/spec.md` - Domain entities used by controllers
- `data-access/spec.md` - Repository interfaces for data operations
- `search-processing/spec.md` - Search processing service interfaces
- `excel-export/spec.md` - Excel export service for result downloads