[AZ-189] [AZ-190] [AZ-191] [AZ-192] [AZ-193] [AZ-194] [AZ-195] Add e2e blackbox test suite

Made-with: Cursor

_docs/02_document/diagrams/components.md

@@ -0,0 +1,75 @@
+# Component Diagram
+
+```mermaid
+graph TD
+    subgraph "Common Helpers"
+        EXT["Extensions<br/>(Enum, String, Stream, Queryable)"]
+        BEX["BusinessException<br/>(ExceptionEnum)"]
+    end
+
+    subgraph "01 Data Layer"
+        DB["AzaionDb + SchemaHolder"]
+        DBF["DbFactory<br/>(IDbFactory)"]
+        CACHE["MemoryCache<br/>(ICache)"]
+        ENT["User, RoleEnum"]
+        CFG["Configs<br/>(ConnectionStrings, JwtConfig, ResourcesConfig)"]
+    end
+
+    subgraph "02 User Management"
+        US["UserService<br/>(IUserService)"]
+        REQ["Request DTOs<br/>+ Validators"]
+    end
+
+    subgraph "03 Auth & Security"
+        AUTH["AuthService<br/>(IAuthService)"]
+        SEC["Security<br/>(static: hash, encrypt, decrypt)"]
+    end
+
+    subgraph "04 Resource Management"
+        RES["ResourcesService<br/>(IResourcesService)"]
+    end
+
+    subgraph "05 Admin API"
+        API["Program.cs<br/>(Minimal API endpoints)"]
+        EXH["BusinessExceptionHandler"]
+    end
+
+    DB --> ENT
+    DB --> EXT
+    DBF --> DB
+    DBF --> CFG
+
+    US --> DBF
+    US --> CACHE
+    US --> SEC
+    US --> BEX
+    US --> EXT
+
+    AUTH --> US
+    AUTH --> CFG
+
+    RES --> CFG
+    RES --> SEC
+    RES --> BEX
+
+    API --> US
+    API --> AUTH
+    API --> RES
+    API --> DBF
+    API --> CACHE
+    EXH --> BEX
+```
+
+## Component Summary
+
+| # | Component | Modules | Purpose |
+|---|-----------|---------|---------|
+| 01 | Data Layer | 9 | DB access, entities, configs, caching |
+| 02 | User Management | 5 | User CRUD, hardware binding, role management |
+| 03 | Auth & Security | 2 | JWT tokens, cryptographic utilities |
+| 04 | Resource Management | 3 | File upload/download/encryption |
+| 05 | Admin API | 2 | HTTP endpoints, middleware, DI composition |
+| — | Common Helpers | 6 | Extensions, BusinessException |
+| — | Tests | 2 | SecurityTest, UserServiceTest |
+
+**Total**: 27 modules across 5 components + common helpers + tests.

_docs/02_document/diagrams/flows/flow_encrypted_resource_download.md

@@ -0,0 +1,29 @@
+# Flow: Encrypted Resource Download
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant API as Admin API
+    participant Auth as AuthService
+    participant US as UserService
+    participant Sec as Security
+    participant RS as ResourcesService
+    participant FS as Filesystem
+
+    Client->>API: POST /resources/get {password, hardware, fileName}
+    API->>Auth: GetCurrentUser()
+    Auth-->>API: User
+    API->>US: CheckHardwareHash(user, hardware)
+    US->>Sec: GetHWHash(hardware)
+    Sec-->>US: hash
+    US-->>API: hwHash
+    API->>Sec: GetApiEncryptionKey(email, password, hwHash)
+    Sec-->>API: AES key
+    API->>RS: GetEncryptedResource(folder, fileName, key)
+    RS->>FS: Read file
+    FS-->>RS: FileStream
+    RS->>Sec: EncryptTo(stream, key) [AES-256-CBC]
+    Sec-->>RS: Encrypted MemoryStream
+    RS-->>API: Stream
+    API-->>Client: 200 OK (application/octet-stream)
+```

_docs/02_document/diagrams/flows/flow_hardware_check.md

@@ -0,0 +1,17 @@
+# Flow: Hardware Check
+
+```mermaid
+flowchart TD
+    Start([POST /resources/check]) --> GetUser[AuthService.GetCurrentUser]
+    GetUser --> CheckNull{User null?}
+    CheckNull -->|Yes| Unauth[401 Unauthorized]
+    CheckNull -->|No| CheckHW[UserService.CheckHardwareHash]
+    CheckHW --> HasHW{User has stored hardware?}
+    HasHW -->|No - first time| StoreHW[Store hardware string in DB]
+    StoreHW --> UpdateLogin[Update last_login]
+    UpdateLogin --> ReturnHash([Return hwHash])
+    HasHW -->|Yes| CompareHash{Hashes match?}
+    CompareHash -->|Yes| UpdateLogin2[Update last_login]
+    UpdateLogin2 --> ReturnHash2([Return hwHash])
+    CompareHash -->|No| Mismatch([409: HardwareIdMismatch])
+```

_docs/02_document/diagrams/flows/flow_login.md

@@ -0,0 +1,20 @@
+# Flow: User Login
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant API as Admin API
+    participant US as UserService
+    participant DB as PostgreSQL
+    participant Auth as AuthService
+
+    Client->>API: POST /login {email, password}
+    API->>US: ValidateUser(request)
+    US->>DB: SELECT user WHERE email = ?
+    DB-->>US: User record
+    US->>US: Compare password hash (SHA-384)
+    US-->>API: User entity
+    API->>Auth: CreateToken(user)
+    Auth-->>API: JWT string (HMAC-SHA256)
+    API-->>Client: 200 OK {token}
+```