azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 09:31:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ca9ccab2cf07ae14292c178228630f6dc9bc05b
admin/Azaion.Services/UserService.cs
T
Oleksandr Bezdieniezhnykh 5ca9ccab2c [AZ-513] [AZ-196] [AZ-183] Add /classes CRUD, /devices, fleet OTA 
AZ-513: POST/PATCH/DELETE /classes for detection-class CRUD; new
DetectionClass entity, schema, DTOs, IDetectionClassService. Unblocks
ui/AZ-512.

AZ-196: POST /devices auto-assigns sequential azj-NNNN serial+email
+password and inserts a CompanionPC user. Returns plaintext credentials
for the provisioning script.

AZ-183: Resources table + POST /get-update + POST /resources/publish
for fleet OTA. Per-resource encryption_key column AES-256-CBC encrypted
at rest with ResourcesConfig.EncryptionMasterKey; ICache wraps the
per-(arch,stage) latest-versions lookup and is invalidated on publish.

Adds IDbFactory.RunAdmin<T> overload for write-and-return.

Backfills _docs/02_document/module-layout.md to satisfy the implement
skill's File Ownership prerequisite (the _docs/ artifact set predates
the Step 1.5 module-layout addition).

Code review: PASS_WITH_WARNINGS — see
_docs/03_implementation/reviews/batch_05_review.md.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 04:34:42 +03:00

212 lines
8.3 KiB
C#
Raw Blame History

using System.Security.Cryptography;
using Azaion.Common;
using Azaion.Common.Database;
using Azaion.Common.Entities;
using Azaion.Common.Extensions;
using Azaion.Common.Requests;
using LinqToDB;
namespace Azaion.Services;
public interface IUserService
{
Task RegisterUser(RegisterUserRequest request, CancellationToken ct = default);
Task<RegisterDeviceResponse> RegisterDevice(CancellationToken ct = default);
Task<User> ValidateUser(LoginRequest request, CancellationToken ct = default);
Task<User?> GetByEmail(string? email, CancellationToken ct = default);
Task UpdateHardware(string email, string? hardware = null, CancellationToken ct = default);
Task UpdateQueueOffsets(string email, UserQueueOffsets queueOffsets, CancellationToken ct = default);
Task<IEnumerable<User>> GetUsers(string? searchEmail, RoleEnum? searchRole, CancellationToken ct = default);
Task<string> CheckHardwareHash(User user, string hardware, CancellationToken ct = default);
Task ChangeRole(string email, RoleEnum newRole, CancellationToken ct = default);
Task SetEnableStatus(string email, bool isEnabled, CancellationToken ct = default);
Task RemoveUser(string email, CancellationToken ct = default);
}
public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
{
private const string DeviceEmailPrefix = "azj-";
private const string DeviceEmailDomain = "@azaion.com";
private const int SerialNumberStart = 4; // index of NNNN inside "azj-NNNN..." (length of DeviceEmailPrefix)
private const int SerialNumberLength = 4;
private const int DevicePasswordBytes = 16; // hex-encoded → 32 chars
public async Task RegisterUser(RegisterUserRequest request, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
{
var existingUser = await db.Users.FirstOrDefaultAsync(u => u.Email == request.Email, token: ct);
if (existingUser != null)
throw new BusinessException(ExceptionEnum.EmailExists);
await db.InsertAsync(new User
{
Id = Guid.NewGuid(),
Email = request.Email,
PasswordHash = request.Password.ToHash(),
Role = request.Role,
CreatedAt = DateTime.UtcNow,
IsEnabled = true
}, token: ct);
});
}
public async Task<RegisterDeviceResponse> RegisterDevice(CancellationToken ct = default)
{
return await dbFactory.RunAdmin(async db =>
{
var lastEmail = await db.Users
.Where(u => u.Role == RoleEnum.CompanionPC)
.OrderByDescending(u => u.CreatedAt)
.Select(u => u.Email)
.FirstOrDefaultAsync(token: ct);
var nextNumber = 0;
if (!string.IsNullOrEmpty(lastEmail) && lastEmail.Length >= SerialNumberStart + SerialNumberLength)
{
var serialPart = lastEmail.Substring(SerialNumberStart, SerialNumberLength);
if (int.TryParse(serialPart, out var current))
nextNumber = current + 1;
}
var serial = $"{DeviceEmailPrefix}{nextNumber.ToString($"D{SerialNumberLength}")}";
var email = $"{serial}{DeviceEmailDomain}";
var password = Convert.ToHexString(RandomNumberGenerator.GetBytes(DevicePasswordBytes)).ToLowerInvariant();
await db.InsertAsync(new User
{
Id = Guid.NewGuid(),
Email = email,
PasswordHash = password.ToHash(),
Role = RoleEnum.CompanionPC,
CreatedAt = DateTime.UtcNow,
IsEnabled = true
}, token: ct);
return new RegisterDeviceResponse
{
Serial = serial,
Email = email,
Password = password
};
});
}
public async Task<User?> GetByEmail(string? email, CancellationToken ct = default)
{
if (string.IsNullOrWhiteSpace(email)) throw new ArgumentNullException(nameof(email));
return await cache.GetFromCacheAsync(User.GetCacheKey(email),
async () => await dbFactory.Run(async db =>
await db.Users.FirstOrDefaultAsync(x => x.Email == email, ct)));
}
public async Task<User> ValidateUser(LoginRequest request, CancellationToken ct = default) =>
await dbFactory.Run(async db =>
{
var user = await db.Users.FirstOrDefaultAsync(x => x.Email == request.Email, token: ct);
if (user == null)
throw new BusinessException(ExceptionEnum.NoEmailFound);
if (request.Password.ToHash() != user.PasswordHash)
throw new BusinessException(ExceptionEnum.WrongPassword);
if (!user.IsEnabled)
throw new BusinessException(ExceptionEnum.UserDisabled);
return user;
});
public async Task UpdateHardware(string email, string? hardware = null, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
{
await db.Users.UpdateAsync(x => x.Email == email,
u => new User { Hardware = hardware }, token: ct);
});
cache.Invalidate(User.GetCacheKey(email));
}
public async Task UpdateQueueOffsets(string email, UserQueueOffsets queueOffsets, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
{
var userConfig = await db.Users.Where(x => x.Email == email).Select(x => x.UserConfig).FirstOrDefaultAsync(token: ct);
userConfig ??= new UserConfig();
userConfig.QueueOffsets = queueOffsets;
await db.Users.UpdateAsync(x => x.Email == email,
u => new User
{
UserConfig = userConfig
}, token: ct);
});
cache.Invalidate(User.GetCacheKey(email));
}
public async Task<IEnumerable<User>> GetUsers(string? searchEmail, RoleEnum? searchRole, CancellationToken ct) =>
await dbFactory.Run(async db =>
await db.Users
.WhereIf(!string.IsNullOrEmpty(searchEmail),
u => u.Email.ToLower().Contains(searchEmail!.ToLower()))
.WhereIf(searchRole != null,
u => u.Role == searchRole)
.ToListAsync(token: ct));
public async Task<string> CheckHardwareHash(User user, string hardware, CancellationToken ct = default)
{
var requestHWHash = Security.GetHWHash(hardware);
//For the new users Hardware would be empty, fill it with actual hardware on the very first request
if (string.IsNullOrEmpty(user.Hardware))
{
await UpdateHardware(user.Email, hardware, ct);
cache.Invalidate(User.GetCacheKey(user.Email));
await UpdateLastLoginDate(user, ct);
return requestHWHash;
}
var userHWHash = Security.GetHWHash(user.Hardware);
if (userHWHash != requestHWHash)
throw new BusinessException(ExceptionEnum.HardwareIdMismatch);
await UpdateLastLoginDate(user, ct);
return userHWHash;
}
private async Task UpdateLastLoginDate(User user, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
await db.Users.UpdateAsync(x => x.Email == user.Email, u => new User
{
LastLogin = DateTime.UtcNow
}, ct));
}
public async Task ChangeRole(string email, RoleEnum newRole, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
await db.Users.UpdateAsync(x => x.Email == email, u => new User
{
Role = newRole
}, ct));
}
public async Task SetEnableStatus(string email, bool isEnabled, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
await db.Users.UpdateAsync(x => x.Email == email, u => new User
{
IsEnabled = isEnabled
}, ct));
}
public async Task RemoveUser(string email, CancellationToken ct = default)
{
await dbFactory.RunAdmin(async db =>
await db.Users.DeleteAsync(x => x.Email == email, ct));
}
}
Reference in New Issue View Git Blame Copy Permalink