Phase 1 WP-2–10: Repositories, audit service, security & auth (LDAP, JWT, roles, policies, data protection)

- WP-2: SecurityRepository + CentralUiRepository with audit log queries - WP-3: AuditService with transactional guarantee (same SaveChangesAsync) - WP-4: Optimistic concurrency tests (deployment records vs template last-write-wins) - WP-5: Seed data (SCADA-Admins → Admin role mapping) - WP-6: LdapAuthService (direct bind, TLS enforcement, group query) - WP-7: JwtTokenService (HMAC-SHA256, 15-min refresh, 30-min idle timeout) - WP-8: RoleMapper (LDAP groups → roles with site-scoped deployment) - WP-9: Authorization policies (Admin/Design/Deployment + site scope handler) - WP-10: Shared Data Protection keys via EF Core 141 tests pass, zero warnings.
2026-03-16 19:32:43 -04:00
parent 1996b21961
commit cafb7d2006
31 changed files with 3356 additions and 8 deletions
--- a/src/ScadaLink.ConfigurationDatabase/Repositories/CentralUiRepository.cs
+++ b/src/ScadaLink.ConfigurationDatabase/Repositories/CentralUiRepository.cs
@@ -0,0 +1,147 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.Audit;
+using ScadaLink.Commons.Entities.Deployment;
+using ScadaLink.Commons.Entities.Instances;
+using ScadaLink.Commons.Entities.Sites;
+using ScadaLink.Commons.Entities.Templates;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.ConfigurationDatabase.Repositories;
+
+public class CentralUiRepository : ICentralUiRepository
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public CentralUiRepository(ScadaLinkDbContext context)
+    {
+        _context = context ?? throw new ArgumentNullException(nameof(context));
+    }
+
+    public async Task<IReadOnlyList<Site>> GetAllSitesAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.Sites
+            .AsNoTracking()
+            .OrderBy(s => s.Name)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<DataConnection>> GetDataConnectionsBySiteIdAsync(int siteId, CancellationToken cancellationToken = default)
+    {
+        return await _context.SiteDataConnectionAssignments
+            .AsNoTracking()
+            .Where(a => a.SiteId == siteId)
+            .Join(_context.DataConnections, a => a.DataConnectionId, d => d.Id, (_, d) => d)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<SiteDataConnectionAssignment>> GetAllSiteDataConnectionAssignmentsAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.SiteDataConnectionAssignments
+            .AsNoTracking()
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<Template>> GetTemplateTreeAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.Templates
+            .AsNoTracking()
+            .Include(t => t.Attributes)
+            .Include(t => t.Alarms)
+            .Include(t => t.Scripts)
+            .Include(t => t.Compositions)
+            .OrderBy(t => t.Name)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<Instance>> GetInstancesFilteredAsync(
+        int? siteId = null,
+        int? templateId = null,
+        string? searchTerm = null,
+        CancellationToken cancellationToken = default)
+    {
+        var query = _context.Instances.AsNoTracking().AsQueryable();
+
+        if (siteId.HasValue)
+            query = query.Where(i => i.SiteId == siteId.Value);
+
+        if (templateId.HasValue)
+            query = query.Where(i => i.TemplateId == templateId.Value);
+
+        if (!string.IsNullOrWhiteSpace(searchTerm))
+            query = query.Where(i => i.UniqueName.Contains(searchTerm));
+
+        return await query
+            .OrderBy(i => i.UniqueName)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<DeploymentRecord>> GetRecentDeploymentsAsync(int count, CancellationToken cancellationToken = default)
+    {
+        return await _context.DeploymentRecords
+            .AsNoTracking()
+            .OrderByDescending(d => d.DeployedAt)
+            .Take(count)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<Area>> GetAreaTreeBySiteIdAsync(int siteId, CancellationToken cancellationToken = default)
+    {
+        return await _context.Areas
+            .AsNoTracking()
+            .Where(a => a.SiteId == siteId)
+            .Include(a => a.Children)
+            .OrderBy(a => a.Name)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task<(IReadOnlyList<AuditLogEntry> Entries, int TotalCount)> GetAuditLogEntriesAsync(
+        string? user = null,
+        string? entityType = null,
+        string? action = null,
+        DateTimeOffset? from = null,
+        DateTimeOffset? to = null,
+        string? entityId = null,
+        string? entityName = null,
+        int page = 1,
+        int pageSize = 50,
+        CancellationToken cancellationToken = default)
+    {
+        var query = _context.AuditLogEntries.AsNoTracking().AsQueryable();
+
+        if (!string.IsNullOrWhiteSpace(user))
+            query = query.Where(a => a.User == user);
+
+        if (!string.IsNullOrWhiteSpace(entityType))
+            query = query.Where(a => a.EntityType == entityType);
+
+        if (!string.IsNullOrWhiteSpace(action))
+            query = query.Where(a => a.Action == action);
+
+        if (from.HasValue)
+            query = query.Where(a => a.Timestamp >= from.Value);
+
+        if (to.HasValue)
+            query = query.Where(a => a.Timestamp <= to.Value);
+
+        if (!string.IsNullOrWhiteSpace(entityId))
+            query = query.Where(a => a.EntityId == entityId);
+
+        if (!string.IsNullOrWhiteSpace(entityName))
+            query = query.Where(a => a.EntityName.Contains(entityName));
+
+        var totalCount = await query.CountAsync(cancellationToken);
+
+        var entries = await query
+            .OrderByDescending(a => a.Timestamp)
+            .Skip((page - 1) * pageSize)
+            .Take(pageSize)
+            .ToListAsync(cancellationToken);
+
+        return (entries, totalCount);
+    }
+
+    public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.SaveChangesAsync(cancellationToken);
+    }
+}
--- a/src/ScadaLink.ConfigurationDatabase/Repositories/SecurityRepository.cs
+++ b/src/ScadaLink.ConfigurationDatabase/Repositories/SecurityRepository.cs
@@ -0,0 +1,93 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.Security;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.ConfigurationDatabase.Repositories;
+
+public class SecurityRepository : ISecurityRepository
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public SecurityRepository(ScadaLinkDbContext context)
+    {
+        _context = context ?? throw new ArgumentNullException(nameof(context));
+    }
+
+    // LdapGroupMapping
+
+    public async Task<LdapGroupMapping?> GetMappingByIdAsync(int id, CancellationToken cancellationToken = default)
+    {
+        return await _context.LdapGroupMappings.FindAsync(new object[] { id }, cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<LdapGroupMapping>> GetAllMappingsAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.LdapGroupMappings.ToListAsync(cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<LdapGroupMapping>> GetMappingsByRoleAsync(string role, CancellationToken cancellationToken = default)
+    {
+        return await _context.LdapGroupMappings
+            .Where(m => m.Role == role)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task AddMappingAsync(LdapGroupMapping mapping, CancellationToken cancellationToken = default)
+    {
+        await _context.LdapGroupMappings.AddAsync(mapping, cancellationToken);
+    }
+
+    public Task UpdateMappingAsync(LdapGroupMapping mapping, CancellationToken cancellationToken = default)
+    {
+        _context.LdapGroupMappings.Update(mapping);
+        return Task.CompletedTask;
+    }
+
+    public async Task DeleteMappingAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var mapping = await _context.LdapGroupMappings.FindAsync(new object[] { id }, cancellationToken);
+        if (mapping != null)
+        {
+            _context.LdapGroupMappings.Remove(mapping);
+        }
+    }
+
+    // SiteScopeRule
+
+    public async Task<SiteScopeRule?> GetScopeRuleByIdAsync(int id, CancellationToken cancellationToken = default)
+    {
+        return await _context.SiteScopeRules.FindAsync(new object[] { id }, cancellationToken);
+    }
+
+    public async Task<IReadOnlyList<SiteScopeRule>> GetScopeRulesForMappingAsync(int ldapGroupMappingId, CancellationToken cancellationToken = default)
+    {
+        return await _context.SiteScopeRules
+            .Where(r => r.LdapGroupMappingId == ldapGroupMappingId)
+            .ToListAsync(cancellationToken);
+    }
+
+    public async Task AddScopeRuleAsync(SiteScopeRule rule, CancellationToken cancellationToken = default)
+    {
+        await _context.SiteScopeRules.AddAsync(rule, cancellationToken);
+    }
+
+    public Task UpdateScopeRuleAsync(SiteScopeRule rule, CancellationToken cancellationToken = default)
+    {
+        _context.SiteScopeRules.Update(rule);
+        return Task.CompletedTask;
+    }
+
+    public async Task DeleteScopeRuleAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var rule = await _context.SiteScopeRules.FindAsync(new object[] { id }, cancellationToken);
+        if (rule != null)
+        {
+            _context.SiteScopeRules.Remove(rule);
+        }
+    }
+
+    public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
+    {
+        return await _context.SaveChangesAsync(cancellationToken);
+    }
+}