# Module: Azaion.Common.Database.AzaionDb ## Purpose linq2db `DataConnection` subclass representing the application's database context. > **Cycle 1 (2026-05-13)** — `DetectionClasses` ITable added (AZ-513). > > **Cycle 2 (2026-05-14)** — `AuditEvents` ITable added (AZ-537+534), `Sessions` ITable added (AZ-531+535+533+534). ## Public Interface | Member | Type | Description | |--------|------|-------------| | Constructor | `AzaionDb(DataOptions dataOptions)` | Initializes connection with pre-configured options | | `Users` | `ITable` | Typed accessor for `public.users` | | `DetectionClasses` | `ITable` | Typed accessor for `public.detection_classes` | | `AuditEvents` | `ITable` | **AZ-537+534** — typed accessor for `public.audit_events` | | `Sessions` | `ITable` | **AZ-531+535+533+534** — typed accessor for `public.sessions` (one row per refresh-token rotation; mission tokens live here too) | ## Internal Logic Delegates all connection management to the base `DataConnection` class. Each property calls `this.GetTable()`. The actual column mapping and conversions live in `AzaionDbShemaHolder`. ## Dependencies - `User`, `DetectionClass`, `AuditEvent`, `Session` entities - linq2db (`LinqToDB.Data.DataConnection`, `LinqToDB.ITable`) ## Consumers - `DbFactory` — creates `AzaionDb` instances inside `Run`/`RunAdmin` - `UserService`, `DetectionClassService`, `RefreshTokenService`, `SessionService`, `MissionTokenService`, `MfaService`, `AuditLog` — all consume the ITables via `IDbFactory.Run`/`RunAdmin` lambdas ## Data Models Provides access to four tables: `users`, `detection_classes`, `audit_events`, `sessions`. ## Configuration Receives `DataOptions` (containing connection string + mapping schema) from `DbFactory`. The schema instance is shared between read and write `DataOptions` — produced by `AzaionDbShemaHolder.GetSchema()` once and reused. ## External Integrations PostgreSQL via Npgsql. ## Security None at this level. `IDbFactory.Run` selects the read-only connection (`AzaionDb` connection string), `RunAdmin` selects the read/write one (`AzaionDbAdmin`). The grant set on each table determines what each connection can do — see `data_model.md` §Permissions. ## Tests Exercised end-to-end via the e2e suite (`e2e/Azaion.E2E/Tests/*`). All cycle-2 services have dedicated test files (`RefreshTokenFlowTests`, `LogoutRevocationTests`, `MissionTokenTests`, `MfaLoginTests`, `LoginRateLimitTests`, `PasswordHashingTests`, `AsymmetricSigningTests`, `CorsHttpsTests`).