[AZ-513] [AZ-196] [AZ-183] Add /classes CRUD, /devices, fleet OTA

AZ-513: POST/PATCH/DELETE /classes for detection-class CRUD; new DetectionClass entity, schema, DTOs, IDetectionClassService. Unblocks ui/AZ-512. AZ-196: POST /devices auto-assigns sequential azj-NNNN serial+email +password and inserts a CompanionPC user. Returns plaintext credentials for the provisioning script. AZ-183: Resources table + POST /get-update + POST /resources/publish for fleet OTA. Per-resource encryption_key column AES-256-CBC encrypted at rest with ResourcesConfig.EncryptionMasterKey; ICache wraps the per-(arch,stage) latest-versions lookup and is invalidated on publish. Adds IDbFactory.RunAdmin<T> overload for write-and-return. Backfills _docs/02_document/module-layout.md to satisfy the implement skill's File Ownership prerequisite (the _docs/ artifact set predates the Step 1.5 module-layout addition). Code review: PASS_WITH_WARNINGS — see _docs/03_implementation/reviews/batch_05_review.md. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-21 21:01:09 +00:00 · 2026-05-13 04:34:42 +03:00
parent f13c57b314
commit 5ca9ccab2c
29 changed files with 1319 additions and 21 deletions
@@ -97,6 +97,8 @@ builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(n
 builder.Services.AddScoped<IUserService, UserService>();
 builder.Services.AddScoped<IAuthService, AuthService>();
 builder.Services.AddScoped<IResourcesService, ResourcesService>();
+builder.Services.AddScoped<IDetectionClassService, DetectionClassService>();
+builder.Services.AddScoped<IResourceUpdateService, ResourceUpdateService>();
 builder.Services.AddSingleton<IDbFactory, DbFactory>();

 builder.Services.AddLazyCache();
@@ -153,6 +155,12 @@ app.MapPost("/users",
    .RequireAuthorization(apiAdminPolicy)
    .WithSummary("Creates a new user");

+app.MapPost("/devices",
+    async (IUserService userService, CancellationToken cancellationToken)
+        => await userService.RegisterDevice(cancellationToken))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Creates a new device (server-assigned serial, email and password)");
+
 app.MapGet("/users/current",
    async (IAuthService authService) => await authService.GetCurrentUser())
    .RequireAuthorization()
@@ -273,6 +281,67 @@ app.MapPost("/resources/check",
        return true;
    });

+app.MapPost("/classes",
+    async (CreateDetectionClassRequest request, IValidator<CreateDetectionClassRequest> validator,
+        IDetectionClassService detectionClassService, CancellationToken ct) =>
+    {
+        var validation = await validator.ValidateAsync(request, ct);
+        if (!validation.IsValid)
+            return Results.ValidationProblem(validation.ToDictionary());
+        var created = await detectionClassService.Create(request, ct);
+        return Results.Ok(created);
+    })
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Creates a new detection class");
+
+app.MapPatch("/classes/{id:int}",
+    async (int id, UpdateDetectionClassRequest request, IValidator<UpdateDetectionClassRequest> validator,
+        IDetectionClassService detectionClassService, CancellationToken ct) =>
+    {
+        var validation = await validator.ValidateAsync(request, ct);
+        if (!validation.IsValid)
+            return Results.ValidationProblem(validation.ToDictionary());
+        var updated = await detectionClassService.Update(id, request, ct);
+        return updated == null ? Results.NotFound() : Results.Ok(updated);
+    })
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Updates an existing detection class (partial-merge accepted)");
+
+app.MapDelete("/classes/{id:int}",
+    async (int id, IDetectionClassService detectionClassService, CancellationToken ct) =>
+    {
+        var ok = await detectionClassService.Delete(id, ct);
+        return ok ? Results.NoContent() : Results.NotFound();
+    })
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Deletes a detection class");
+
+app.MapPost("/get-update",
+    async (GetUpdateRequest request, IValidator<GetUpdateRequest> validator,
+        IResourceUpdateService resourceUpdateService, CancellationToken ct) =>
+    {
+        var validation = await validator.ValidateAsync(request, ct);
+        if (!validation.IsValid)
+            return Results.ValidationProblem(validation.ToDictionary());
+        var updates = await resourceUpdateService.GetUpdate(request, ct);
+        return Results.Ok(updates);
+    })
+    .RequireAuthorization()
+    .WithSummary("Returns resources newer than the device's reported current versions");
+
+app.MapPost("/resources/publish",
+    async (PublishResourceRequest request, IValidator<PublishResourceRequest> validator,
+        IResourceUpdateService resourceUpdateService, CancellationToken ct) =>
+    {
+        var validation = await validator.ValidateAsync(request, ct);
+        if (!validation.IsValid)
+            return Results.ValidationProblem(validation.ToDictionary());
+        await resourceUpdateService.Publish(request, ct);
+        return Results.Ok();
+    })
+    .RequireAuthorization(apiUploaderPolicy)
+    .WithSummary("CI/CD: publish a new resource version (encrypts encryption_key at rest, invalidates the per-(arch,stage) latest-versions cache)");
+
 app.UseExceptionHandler(_ => {});

 app.Run();
@@ -9,7 +9,8 @@
  "ResourcesConfig": {
    "ResourcesFolder": "Content",
    "SuiteInstallerFolder": "suite",
-    "SuiteStageInstallerFolder": "suite-stage"
+    "SuiteStageInstallerFolder": "suite-stage",
+    "EncryptionMasterKey": ""
  },
  "JwtConfig": {
    "Issuer": "AzaionApi",