Add XML documentation across gateway, worker, and .NET client

2026-04-30 11:49:58 -04:00
parent 4731ab535c
commit eed1e88a37
269 changed files with 4555 additions and 13 deletions
@@ -12,6 +12,7 @@ public sealed class GatewayGrpcAuthorizationInterceptor(
    IGatewayRequestIdentityAccessor identityAccessor,
    IOptions<GatewayOptions> options) : Interceptor
 {
+    /// <inheritdoc />
    public override async Task<TResponse> UnaryServerHandler<TRequest, TResponse>(
        TRequest request,
        ServerCallContext context,
@@ -25,6 +26,7 @@ public sealed class GatewayGrpcAuthorizationInterceptor(
        }
    }

+    /// <inheritdoc />
    public override async Task ServerStreamingServerHandler<TRequest, TResponse>(
        TRequest request,
        IServerStreamWriter<TResponse> responseStream,
@@ -39,6 +41,11 @@ public sealed class GatewayGrpcAuthorizationInterceptor(
        }
    }

+    /// <summary>Authenticates the API key and authorizes the RPC call by required scope.</summary>
+    /// <typeparam name="TRequest">Request message type.</typeparam>
+    /// <param name="request">Request payload.</param>
+    /// <param name="context">RPC server call context.</param>
+    /// <returns>Authenticated API key identity, or null if authentication is disabled.</returns>
    private async Task<ApiKeyIdentity?> AuthenticateAndAuthorizeAsync<TRequest>(
        TRequest request,
        ServerCallContext context)
@@ -5,6 +5,11 @@ namespace MxGateway.Server.Security.Authorization;

 public sealed class GatewayGrpcScopeResolver
 {
+    /// <summary>
+    /// Resolves the required authorization scope for a gRPC request.
+    /// </summary>
+    /// <param name="request">The gRPC request.</param>
+    /// <returns>Required authorization scope.</returns>
    public string ResolveRequiredScope(object request)
    {
        return request switch
@@ -6,8 +6,12 @@ public sealed class GatewayRequestIdentityAccessor : IGatewayRequestIdentityAcce
 {
    private readonly AsyncLocal<ApiKeyIdentity?> currentIdentity = new();

+    /// <summary>Gets the current request identity.</summary>
    public ApiKeyIdentity? Current => currentIdentity.Value;

+    /// <summary>Sets the current identity and returns a scope that restores the previous identity.</summary>
+    /// <param name="identity">The identity to push.</param>
+    /// <returns>Disposable scope.</returns>
    public IDisposable Push(ApiKeyIdentity identity)
    {
        ArgumentNullException.ThrowIfNull(identity);
@@ -24,6 +28,7 @@ public sealed class GatewayRequestIdentityAccessor : IGatewayRequestIdentityAcce
    {
        private bool disposed;

+        /// <summary>Restores the previous identity.</summary>
        public void Dispose()
        {
            if (disposed)
@@ -2,8 +2,15 @@ using Grpc.Core.Interceptors;

 namespace MxGateway.Server.Security.Authorization;

+/// <summary>
+/// Extension methods for configuring gRPC authorization services.
+/// </summary>
 public static class GrpcAuthorizationServiceCollectionExtensions
 {
+    /// <summary>
+    /// Registers gRPC authorization middleware and scope resolver.
+    /// </summary>
+    /// <param name="services">Service collection to register dependencies into.</param>
    public static IServiceCollection AddGatewayGrpcAuthorization(this IServiceCollection services)
    {
        services.AddSingleton<GatewayGrpcScopeResolver>();
@@ -2,9 +2,13 @@ using MxGateway.Server.Security.Authentication;

 namespace MxGateway.Server.Security.Authorization;

+/// <summary>Provides scoped access to the current request's API key identity within a gRPC call context.</summary>
 public interface IGatewayRequestIdentityAccessor
 {
+    /// <summary>The API key identity of the current request, or null if not set.</summary>
    ApiKeyIdentity? Current { get; }

+    /// <summary>Temporarily pushes an identity onto the scope stack, returning a handle to restore the previous state.</summary>
+    /// <param name="identity">API key identity to push.</param>
    IDisposable Push(ApiKeyIdentity identity);
 }