[AZ-513] [AZ-196] [AZ-183] Add /classes CRUD, /devices, fleet OTA

AZ-513: POST/PATCH/DELETE /classes for detection-class CRUD; new DetectionClass entity, schema, DTOs, IDetectionClassService. Unblocks ui/AZ-512. AZ-196: POST /devices auto-assigns sequential azj-NNNN serial+email +password and inserts a CompanionPC user. Returns plaintext credentials for the provisioning script. AZ-183: Resources table + POST /get-update + POST /resources/publish for fleet OTA. Per-resource encryption_key column AES-256-CBC encrypted at rest with ResourcesConfig.EncryptionMasterKey; ICache wraps the per-(arch,stage) latest-versions lookup and is invalidated on publish. Adds IDbFactory.RunAdmin<T> overload for write-and-return. Backfills _docs/02_document/module-layout.md to satisfy the implement skill's File Ownership prerequisite (the _docs/ artifact set predates the Step 1.5 module-layout addition). Code review: PASS_WITH_WARNINGS — see _docs/03_implementation/reviews/batch_05_review.md. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-21 20:41:10 +00:00 · 2026-05-13 04:34:42 +03:00
parent f13c57b314
commit 5ca9ccab2c
29 changed files with 1319 additions and 21 deletions
@@ -0,0 +1,57 @@
+using Azaion.Common.Database;
+using Azaion.Common.Entities;
+using Azaion.Common.Requests;
+using LinqToDB;
+
+namespace Azaion.Services;
+
+public interface IDetectionClassService
+{
+    Task<DetectionClass> Create(CreateDetectionClassRequest request, CancellationToken ct = default);
+    Task<DetectionClass?> Update(int id, UpdateDetectionClassRequest request, CancellationToken ct = default);
+    Task<bool> Delete(int id, CancellationToken ct = default);
+}
+
+public class DetectionClassService(IDbFactory dbFactory) : IDetectionClassService
+{
+    public async Task<DetectionClass> Create(CreateDetectionClassRequest request, CancellationToken ct = default) =>
+        await dbFactory.RunAdmin(async db =>
+        {
+            var entity = new DetectionClass
+            {
+                Name      = request.Name,
+                ShortName = request.ShortName,
+                Color     = request.Color,
+                MaxSizeM  = request.MaxSizeM,
+                PhotoMode = request.PhotoMode,
+                CreatedAt = DateTime.UtcNow
+            };
+            var newId = await db.InsertWithInt32IdentityAsync(entity, token: ct);
+            entity.Id = newId;
+            return entity;
+        });
+
+    public async Task<DetectionClass?> Update(int id, UpdateDetectionClassRequest request, CancellationToken ct = default) =>
+        await dbFactory.RunAdmin(async db =>
+        {
+            var existing = await db.DetectionClasses.FirstOrDefaultAsync(x => x.Id == id, token: ct);
+            if (existing == null)
+                return null;
+
+            if (request.Name      != null) existing.Name      = request.Name;
+            if (request.ShortName != null) existing.ShortName = request.ShortName;
+            if (request.Color     != null) existing.Color     = request.Color;
+            if (request.MaxSizeM.HasValue) existing.MaxSizeM  = request.MaxSizeM.Value;
+            if (request.PhotoMode != null) existing.PhotoMode = request.PhotoMode;
+
+            await db.UpdateAsync(existing, token: ct);
+            return existing;
+        });
+
+    public async Task<bool> Delete(int id, CancellationToken ct = default) =>
+        await dbFactory.RunAdmin(async db =>
+        {
+            var deleted = await db.DetectionClasses.DeleteAsync(x => x.Id == id, token: ct);
+            return deleted > 0;
+        });
+}
@@ -0,0 +1,140 @@
+using System.Security.Cryptography;
+using System.Text;
+using Azaion.Common.Configs;
+using Azaion.Common.Database;
+using Azaion.Common.Entities;
+using Azaion.Common.Requests;
+using LinqToDB;
+using Microsoft.Extensions.Options;
+
+namespace Azaion.Services;
+
+public interface IResourceUpdateService
+{
+    Task<List<ResourceUpdateItem>> GetUpdate(GetUpdateRequest request, CancellationToken ct = default);
+    Task Publish(PublishResourceRequest request, CancellationToken ct = default);
+}
+
+public class ResourceUpdateService(
+    IDbFactory dbFactory,
+    ICache cache,
+    IOptions<ResourcesConfig> resourcesConfig) : IResourceUpdateService
+{
+    public static string CacheKey(string architecture, string devStage)
+        => $"Resources.Latest.{architecture}.{devStage}";
+
+    public async Task<List<ResourceUpdateItem>> GetUpdate(GetUpdateRequest request, CancellationToken ct = default)
+    {
+        var latest = await cache.GetFromCacheAsync(
+            CacheKey(request.Architecture, request.DevStage),
+            () => LoadLatest(request.Architecture, request.DevStage, ct));
+
+        var updates = new List<ResourceUpdateItem>();
+        foreach (var (resourceName, resource) in latest)
+        {
+            var currentVersion = request.CurrentVersions.GetValueOrDefault(resourceName, "");
+            if (string.CompareOrdinal(resource.Version, currentVersion) <= 0)
+                continue;
+
+            updates.Add(new ResourceUpdateItem
+            {
+                ResourceName  = resource.ResourceName,
+                Version       = resource.Version,
+                CdnUrl        = resource.CdnUrl,
+                Sha256        = resource.Sha256,
+                EncryptionKey = ResourceColumnEncryption.Decrypt(resource.EncryptionKey, MasterKey),
+                SizeBytes     = resource.SizeBytes
+            });
+        }
+        return updates;
+    }
+
+    public async Task Publish(PublishResourceRequest request, CancellationToken ct = default)
+    {
+        await dbFactory.RunAdmin(async db =>
+        {
+            await db.InsertAsync(new Resource
+            {
+                Id            = Guid.NewGuid(),
+                ResourceName  = request.ResourceName,
+                DevStage      = request.DevStage,
+                Architecture  = request.Architecture,
+                Version       = request.Version,
+                CdnUrl        = request.CdnUrl,
+                Sha256        = request.Sha256,
+                EncryptionKey = ResourceColumnEncryption.Encrypt(request.EncryptionKey, MasterKey),
+                SizeBytes     = request.SizeBytes,
+                CreatedAt     = DateTime.UtcNow
+            }, token: ct);
+        });
+        cache.Invalidate(CacheKey(request.Architecture, request.DevStage));
+    }
+
+    private async Task<Dictionary<string, Resource>> LoadLatest(string architecture, string devStage, CancellationToken ct) =>
+        await dbFactory.Run(async db =>
+        {
+            var rows = await db.Resources
+                .Where(r => r.Architecture == architecture && r.DevStage == devStage)
+                .ToListAsync(token: ct);
+
+            return rows
+                .GroupBy(r => r.ResourceName)
+                .Select(g => g.OrderByDescending(r => r.Version, StringComparer.Ordinal).First())
+                .ToDictionary(r => r.ResourceName);
+        });
+
+    private string MasterKey
+    {
+        get
+        {
+            var key = resourcesConfig.Value.EncryptionMasterKey;
+            if (string.IsNullOrEmpty(key))
+                throw new InvalidOperationException(
+                    "ResourcesConfig.EncryptionMasterKey is not configured. Set it via " +
+                    "appsettings ResourcesConfig:EncryptionMasterKey or env ResourcesConfig__EncryptionMasterKey.");
+            return key;
+        }
+    }
+}
+
+internal static class ResourceColumnEncryption
+{
+    public static string Encrypt(string plaintext, string masterKey)
+    {
+        using var aes = Aes.Create();
+        aes.Mode    = CipherMode.CBC;
+        aes.Padding = PaddingMode.PKCS7;
+        aes.Key     = SHA256.HashData(Encoding.UTF8.GetBytes(masterKey));
+        aes.GenerateIV();
+
+        var input = Encoding.UTF8.GetBytes(plaintext);
+        using var encryptor = aes.CreateEncryptor();
+        var cipher = encryptor.TransformFinalBlock(input, 0, input.Length);
+
+        var combined = new byte[aes.IV.Length + cipher.Length];
+        Buffer.BlockCopy(aes.IV, 0, combined, 0,             aes.IV.Length);
+        Buffer.BlockCopy(cipher, 0, combined, aes.IV.Length, cipher.Length);
+        return Convert.ToBase64String(combined);
+    }
+
+    public static string Decrypt(string ciphertextBase64, string masterKey)
+    {
+        var combined = Convert.FromBase64String(ciphertextBase64);
+        using var aes = Aes.Create();
+        aes.Mode    = CipherMode.CBC;
+        aes.Padding = PaddingMode.PKCS7;
+        aes.Key     = SHA256.HashData(Encoding.UTF8.GetBytes(masterKey));
+
+        var ivLen = aes.BlockSize / 8;
+        var iv    = new byte[ivLen];
+        Buffer.BlockCopy(combined, 0, iv, 0, ivLen);
+        aes.IV = iv;
+
+        var cipher = new byte[combined.Length - ivLen];
+        Buffer.BlockCopy(combined, ivLen, cipher, 0, cipher.Length);
+
+        using var decryptor = aes.CreateDecryptor();
+        var plain = decryptor.TransformFinalBlock(cipher, 0, cipher.Length);
+        return Encoding.UTF8.GetString(plain);
+    }
+}
@@ -1,4 +1,5 @@
-using Azaion.Common;
+using System.Security.Cryptography;
+using Azaion.Common;
 using Azaion.Common.Database;
 using Azaion.Common.Entities;
 using Azaion.Common.Extensions;
@@ -10,6 +11,7 @@ namespace Azaion.Services;
 public interface IUserService
 {
    Task RegisterUser(RegisterUserRequest request, CancellationToken ct = default);
+    Task<RegisterDeviceResponse> RegisterDevice(CancellationToken ct = default);
    Task<User> ValidateUser(LoginRequest request, CancellationToken ct = default);
    Task<User?> GetByEmail(string? email, CancellationToken ct = default);
    Task UpdateHardware(string email, string? hardware = null, CancellationToken ct = default);
@@ -23,6 +25,12 @@ public interface IUserService

 public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
 {
+    private const string DeviceEmailPrefix    = "azj-";
+    private const string DeviceEmailDomain    = "@azaion.com";
+    private const int    SerialNumberStart    = 4; // index of NNNN inside "azj-NNNN..." (length of DeviceEmailPrefix)
+    private const int    SerialNumberLength   = 4;
+    private const int    DevicePasswordBytes  = 16; // hex-encoded → 32 chars
+
    public async Task RegisterUser(RegisterUserRequest request, CancellationToken ct = default)
    {
        await dbFactory.RunAdmin(async db =>
@@ -43,6 +51,47 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
        });
    }

+    public async Task<RegisterDeviceResponse> RegisterDevice(CancellationToken ct = default)
+    {
+        return await dbFactory.RunAdmin(async db =>
+        {
+            var lastEmail = await db.Users
+                .Where(u => u.Role == RoleEnum.CompanionPC)
+                .OrderByDescending(u => u.CreatedAt)
+                .Select(u => u.Email)
+                .FirstOrDefaultAsync(token: ct);
+
+            var nextNumber = 0;
+            if (!string.IsNullOrEmpty(lastEmail) && lastEmail.Length >= SerialNumberStart + SerialNumberLength)
+            {
+                var serialPart = lastEmail.Substring(SerialNumberStart, SerialNumberLength);
+                if (int.TryParse(serialPart, out var current))
+                    nextNumber = current + 1;
+            }
+
+            var serial   = $"{DeviceEmailPrefix}{nextNumber.ToString($"D{SerialNumberLength}")}";
+            var email    = $"{serial}{DeviceEmailDomain}";
+            var password = Convert.ToHexString(RandomNumberGenerator.GetBytes(DevicePasswordBytes)).ToLowerInvariant();
+
+            await db.InsertAsync(new User
+            {
+                Id           = Guid.NewGuid(),
+                Email        = email,
+                PasswordHash = password.ToHash(),
+                Role         = RoleEnum.CompanionPC,
+                CreatedAt    = DateTime.UtcNow,
+                IsEnabled    = true
+            }, token: ct);
+
+            return new RegisterDeviceResponse
+            {
+                Serial   = serial,
+                Email    = email,
+                Password = password
+            };
+        });
+    }
+
    public async Task<User?> GetByEmail(string? email, CancellationToken ct = default)
    {
        if (string.IsNullOrWhiteSpace(email)) throw new ArgumentNullException(nameof(email));