dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Phase 1 WP-2–10: Repositories, audit service, security & auth (LDAP, JWT, roles, policies, data protection)

Browse Source 
- WP-2: SecurityRepository + CentralUiRepository with audit log queries
- WP-3: AuditService with transactional guarantee (same SaveChangesAsync)
- WP-4: Optimistic concurrency tests (deployment records vs template last-write-wins)
- WP-5: Seed data (SCADA-Admins → Admin role mapping)
- WP-6: LdapAuthService (direct bind, TLS enforcement, group query)
- WP-7: JwtTokenService (HMAC-SHA256, 15-min refresh, 30-min idle timeout)
- WP-8: RoleMapper (LDAP groups → roles with site-scoped deployment)
- WP-9: Authorization policies (Admin/Design/Deployment + site scope handler)
- WP-10: Shared Data Protection keys via EF Core
141 tests pass, zero warnings.
This commit is contained in:
Joseph Doherty
2026-03-16 19:32:43 -04:00
parent 1996b21961
commit cafb7d2006
31 changed files with 3356 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/ScadaLink.ConfigurationDatabase/Configurations/SecurityConfiguration.cs
View File

@@ -20,6 +20,9 @@ public class LdapGroupMappingConfiguration : IEntityTypeConfiguration<LdapGroupM
.HasMaxLength(100);
builder.HasIndex(m => m.LdapGroupName).IsUnique();
// Seed default admin mapping
builder.HasData(new LdapGroupMapping("SCADA-Admins", "Admin") { Id = 1 });
}
}

1152
src/ScadaLink.ConfigurationDatabase/Migrations/20260316231942_SeedData.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
src/ScadaLink.ConfigurationDatabase/Migrations/20260316231942_SeedData.cs Normal file
View File

@@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace ScadaLink.ConfigurationDatabase.Migrations
{
/// <inheritdoc />
public partial class SeedData : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.InsertData(
table: "LdapGroupMappings",
columns: new[] { "Id", "LdapGroupName", "Role" },
values: new object[] { 1, "SCADA-Admins", "Admin" });
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DeleteData(
table: "LdapGroupMappings",
keyColumn: "Id",
keyValue: 1);
}
}
}

8
src/ScadaLink.ConfigurationDatabase/Migrations/ScadaLinkDbContextModelSnapshot.cs
View File

@@ -631,6 +631,14 @@ namespace ScadaLink.ConfigurationDatabase.Migrations
.IsUnique();
b.ToTable("LdapGroupMappings");
b.HasData(
new
{
Id = 1,
LdapGroupName = "SCADA-Admins",
Role = "Admin"
});
});
modelBuilder.Entity("ScadaLink.Commons.Entities.Security.SiteScopeRule", b =>

147
src/ScadaLink.ConfigurationDatabase/Repositories/CentralUiRepository.cs Normal file
View File

@@ -0,0 +1,147 @@
using Microsoft.EntityFrameworkCore;
using ScadaLink.Commons.Entities.Audit;
using ScadaLink.Commons.Entities.Deployment;
using ScadaLink.Commons.Entities.Instances;
using ScadaLink.Commons.Entities.Sites;
using ScadaLink.Commons.Entities.Templates;
using ScadaLink.Commons.Interfaces.Repositories;
namespace ScadaLink.ConfigurationDatabase.Repositories;
public class CentralUiRepository : ICentralUiRepository
{
private readonly ScadaLinkDbContext _context;
public CentralUiRepository(ScadaLinkDbContext context)
{
_context = context ?? throw new ArgumentNullException(nameof(context));
}
public async Task<IReadOnlyList<Site>> GetAllSitesAsync(CancellationToken cancellationToken = default)
{
return await _context.Sites
.AsNoTracking()
.OrderBy(s => s.Name)
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<DataConnection>> GetDataConnectionsBySiteIdAsync(int siteId, CancellationToken cancellationToken = default)
{
return await _context.SiteDataConnectionAssignments
.AsNoTracking()
.Where(a => a.SiteId == siteId)
.Join(_context.DataConnections, a => a.DataConnectionId, d => d.Id, (_, d) => d)
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<SiteDataConnectionAssignment>> GetAllSiteDataConnectionAssignmentsAsync(CancellationToken cancellationToken = default)
{
return await _context.SiteDataConnectionAssignments
.AsNoTracking()
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<Template>> GetTemplateTreeAsync(CancellationToken cancellationToken = default)
{
return await _context.Templates
.AsNoTracking()
.Include(t => t.Attributes)
.Include(t => t.Alarms)
.Include(t => t.Scripts)
.Include(t => t.Compositions)
.OrderBy(t => t.Name)
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<Instance>> GetInstancesFilteredAsync(
int? siteId = null,
int? templateId = null,
string? searchTerm = null,
CancellationToken cancellationToken = default)
{
var query = _context.Instances.AsNoTracking().AsQueryable();
if (siteId.HasValue)
query = query.Where(i => i.SiteId == siteId.Value);
if (templateId.HasValue)
query = query.Where(i => i.TemplateId == templateId.Value);
if (!string.IsNullOrWhiteSpace(searchTerm))
query = query.Where(i => i.UniqueName.Contains(searchTerm));
return await query
.OrderBy(i => i.UniqueName)
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<DeploymentRecord>> GetRecentDeploymentsAsync(int count, CancellationToken cancellationToken = default)
{
return await _context.DeploymentRecords
.AsNoTracking()
.OrderByDescending(d => d.DeployedAt)
.Take(count)
.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<Area>> GetAreaTreeBySiteIdAsync(int siteId, CancellationToken cancellationToken = default)
{
return await _context.Areas
.AsNoTracking()
.Where(a => a.SiteId == siteId)
.Include(a => a.Children)
.OrderBy(a => a.Name)
.ToListAsync(cancellationToken);
}
public async Task<(IReadOnlyList<AuditLogEntry> Entries, int TotalCount)> GetAuditLogEntriesAsync(
string? user = null,
string? entityType = null,
string? action = null,
DateTimeOffset? from = null,
DateTimeOffset? to = null,
string? entityId = null,
string? entityName = null,
int page = 1,
int pageSize = 50,
CancellationToken cancellationToken = default)
{
var query = _context.AuditLogEntries.AsNoTracking().AsQueryable();
if (!string.IsNullOrWhiteSpace(user))
query = query.Where(a => a.User == user);
if (!string.IsNullOrWhiteSpace(entityType))
query = query.Where(a => a.EntityType == entityType);
if (!string.IsNullOrWhiteSpace(action))
query = query.Where(a => a.Action == action);
if (from.HasValue)
query = query.Where(a => a.Timestamp >= from.Value);
if (to.HasValue)
query = query.Where(a => a.Timestamp <= to.Value);
if (!string.IsNullOrWhiteSpace(entityId))
query = query.Where(a => a.EntityId == entityId);
if (!string.IsNullOrWhiteSpace(entityName))
query = query.Where(a => a.EntityName.Contains(entityName));
var totalCount = await query.CountAsync(cancellationToken);
var entries = await query
.OrderByDescending(a => a.Timestamp)
.Skip((page - 1) * pageSize)
.Take(pageSize)
.ToListAsync(cancellationToken);
return (entries, totalCount);
}
public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
{
return await _context.SaveChangesAsync(cancellationToken);
}
}

93
src/ScadaLink.ConfigurationDatabase/Repositories/SecurityRepository.cs Normal file
View File

@@ -0,0 +1,93 @@
using Microsoft.EntityFrameworkCore;
using ScadaLink.Commons.Entities.Security;
using ScadaLink.Commons.Interfaces.Repositories;
namespace ScadaLink.ConfigurationDatabase.Repositories;
public class SecurityRepository : ISecurityRepository
{
private readonly ScadaLinkDbContext _context;
public SecurityRepository(ScadaLinkDbContext context)
{
_context = context ?? throw new ArgumentNullException(nameof(context));
}
// LdapGroupMapping
public async Task<LdapGroupMapping?> GetMappingByIdAsync(int id, CancellationToken cancellationToken = default)
{
return await _context.LdapGroupMappings.FindAsync(new object[] { id }, cancellationToken);
}
public async Task<IReadOnlyList<LdapGroupMapping>> GetAllMappingsAsync(CancellationToken cancellationToken = default)
{
return await _context.LdapGroupMappings.ToListAsync(cancellationToken);
}
public async Task<IReadOnlyList<LdapGroupMapping>> GetMappingsByRoleAsync(string role, CancellationToken cancellationToken = default)
{
return await _context.LdapGroupMappings
.Where(m => m.Role == role)
.ToListAsync(cancellationToken);
}
public async Task AddMappingAsync(LdapGroupMapping mapping, CancellationToken cancellationToken = default)
{
await _context.LdapGroupMappings.AddAsync(mapping, cancellationToken);
}
public Task UpdateMappingAsync(LdapGroupMapping mapping, CancellationToken cancellationToken = default)
{
_context.LdapGroupMappings.Update(mapping);
return Task.CompletedTask;
}
public async Task DeleteMappingAsync(int id, CancellationToken cancellationToken = default)
{
var mapping = await _context.LdapGroupMappings.FindAsync(new object[] { id }, cancellationToken);
if (mapping != null)
{
_context.LdapGroupMappings.Remove(mapping);
}
}
// SiteScopeRule
public async Task<SiteScopeRule?> GetScopeRuleByIdAsync(int id, CancellationToken cancellationToken = default)
{
return await _context.SiteScopeRules.FindAsync(new object[] { id }, cancellationToken);
}
public async Task<IReadOnlyList<SiteScopeRule>> GetScopeRulesForMappingAsync(int ldapGroupMappingId, CancellationToken cancellationToken = default)
{
return await _context.SiteScopeRules
.Where(r => r.LdapGroupMappingId == ldapGroupMappingId)
.ToListAsync(cancellationToken);
}
public async Task AddScopeRuleAsync(SiteScopeRule rule, CancellationToken cancellationToken = default)
{
await _context.SiteScopeRules.AddAsync(rule, cancellationToken);
}
public Task UpdateScopeRuleAsync(SiteScopeRule rule, CancellationToken cancellationToken = default)
{
_context.SiteScopeRules.Update(rule);
return Task.CompletedTask;
}
public async Task DeleteScopeRuleAsync(int id, CancellationToken cancellationToken = default)
{
var rule = await _context.SiteScopeRules.FindAsync(new object[] { id }, cancellationToken);
if (rule != null)
{
_context.SiteScopeRules.Remove(rule);
}
}
public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
{
return await _context.SaveChangesAsync(cancellationToken);
}
}

1
src/ScadaLink.ConfigurationDatabase/ScadaLink.ConfigurationDatabase.csproj
View File

@@ -17,6 +17,7 @@
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="10.0.5" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.5" />
<PackageReference Include="Microsoft.Extensions.Options" Version="10.0.5" />
<PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="10.0.5" />
</ItemGroup>
<ItemGroup>

6
src/ScadaLink.ConfigurationDatabase/ScadaLinkDbContext.cs
View File

@@ -1,3 +1,4 @@
using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
using ScadaLink.Commons.Entities.Audit;
using ScadaLink.Commons.Entities.Deployment;
@@ -12,7 +13,7 @@ using ScadaLink.Commons.Entities.Templates;
namespace ScadaLink.ConfigurationDatabase;
public class ScadaLinkDbContext : DbContext
public class ScadaLinkDbContext : DbContext, IDataProtectionKeyContext
{
public ScadaLinkDbContext(DbContextOptions<ScadaLinkDbContext> options) : base(options)
{
@@ -64,6 +65,9 @@ public class ScadaLinkDbContext : DbContext
// Audit
public DbSet<AuditLogEntry> AuditLogEntries => Set<AuditLogEntry>();
// Data Protection Keys (for shared ASP.NET Data Protection across nodes)
public DbSet<DataProtectionKey> DataProtectionKeys => Set<DataProtectionKey>();
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.ApplyConfigurationsFromAssembly(typeof(ScadaLinkDbContext).Assembly);

12
src/ScadaLink.ConfigurationDatabase/ServiceCollectionExtensions.cs
View File

@@ -1,5 +1,10 @@
using Microsoft.AspNetCore.DataProtection;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using ScadaLink.Commons.Interfaces.Repositories;
using ScadaLink.Commons.Interfaces.Services;
using ScadaLink.ConfigurationDatabase.Repositories;
using ScadaLink.ConfigurationDatabase.Services;
namespace ScadaLink.ConfigurationDatabase;
@@ -13,6 +18,13 @@ public static class ServiceCollectionExtensions
services.AddDbContext<ScadaLinkDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddScoped<ISecurityRepository, SecurityRepository>();
services.AddScoped<ICentralUiRepository, CentralUiRepository>();
services.AddScoped<IAuditService, AuditService>();
services.AddDataProtection()
.PersistKeysToDbContext<ScadaLinkDbContext>();
return services;
}

37
src/ScadaLink.ConfigurationDatabase/Services/AuditService.cs Normal file
View File

@@ -0,0 +1,37 @@
using System.Text.Json;
using ScadaLink.Commons.Entities.Audit;
using ScadaLink.Commons.Interfaces.Services;
namespace ScadaLink.ConfigurationDatabase.Services;
public class AuditService : IAuditService
{
private readonly ScadaLinkDbContext _context;
public AuditService(ScadaLinkDbContext context)
{
_context = context ?? throw new ArgumentNullException(nameof(context));
}
public async Task LogAsync(
string user,
string action,
string entityType,
string entityId,
string entityName,
object? afterState,
CancellationToken cancellationToken = default)
{
var entry = new AuditLogEntry(user, action, entityType, entityId, entityName)
{
Timestamp = DateTimeOffset.UtcNow,
AfterStateJson = afterState != null
? JsonSerializer.Serialize(afterState)
: null
};
// Add to change tracker only — caller is responsible for calling SaveChangesAsync
// to ensure atomicity with the entity change.
await _context.AuditLogEntries.AddAsync(entry, cancellationToken);
}
}