azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 17:31:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e1ded73f5381cc940a585b67138bc9b0c24df63
admin/_docs/02_document/modules/services_security.md
T
Oleksandr Bezdieniezhnykh 3a925b9b0f
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
refactor: remove obsolete resource download and installer endpoints 
- Deleted the `POST /resources/get/{dataFolder?}` and `GET /resources/get-installer` endpoints as part of the architectural shift towards simplified resource management.
- Removed associated methods and configurations, including `ResourcesService.GetEncryptedResource`, `ResourcesService.GetInstaller`, and related properties in `ResourcesConfig`.
- Cleaned up environment variables and configuration files to reflect the removal of installer-related settings.
- Eliminated the `GetResourceRequest` DTO and its validator, along with the `WrongResourceName` error code.
- Updated documentation to clarify the changes in resource handling and the retirement of per-user file encryption.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 04:17:55 +03:00

1.8 KiB
Raw Blame History

Module: Azaion.Services.Security

Purpose

Static utility class providing the SHA-384 password hashing helper used by UserService.

Cycle 1 (2026-05-13) noteGetHWHash was deleted and GetApiEncryptionKey was simplified from (email, password, hardwareHash) to (email, password) by AZ-197.

Cycle 2 (2026-05-14) noteGetApiEncryptionKey, EncryptTo, and DecryptTo were all removed along with the encrypted-download endpoint. Only ToHash remains; it still backs SHA-384 password hashing in UserService (PasswordHash = request.Password.ToHash()). The Azaion.Test/SecurityTest.cs unit tests went with the removed methods, leaving the Azaion.Test project empty (also removed from the solution). See _docs/06_metrics/retro_2026-05-14.md once cycle 2's retro lands.

Public Interface

Method Signature Description
ToHash static string ToHash(this string str) Extension: SHA-384 hash of input, returned as Base64

Internal Logic

  • ToHash uses SHA-384 with UTF-8 encoding, outputting Base64.

Dependencies

  • System.Security.Cryptography (SHA384)
  • System.Text.Encoding

Consumers

  • Azaion.Services/UserService.csRegisterUser (password storage) and ValidateUser (login comparison) both call request.Password.ToHash()

Data Models

None.

Configuration

None.

External Integrations

None.

Security

  • Password hashing uses SHA-384 with no per-user salt and no key stretching. Not resistant to rainbow-table attacks (security audit F-7 — open). Unchanged by cycles 1 and 2.

Tests

None at the unit-test level after the Azaion.Test project was removed in cycle 2. ToHash is exercised end-to-end through every login / register e2e test (e2e/Azaion.E2E/Tests/).

Reference in New Issue View Git Blame Copy Permalink