mirror of https://github.com/azaion/annotations.git synced 2026-06-21 06:51:06 +00:00

Files

T

Oleksandr Bezdieniezhnykh 03f879206e docs+src: complete Steps 1-3 outcomes + auth re-sync baseline

This commit captures everything produced during autodev existing-code
Steps 1 (Document), 2 (Architecture Baseline Scan), and 3 (Test Spec),
together with the targeted auth + CORS re-sync triggered on 2026-05-14
when codebase drift was detected at Step 4 entry. None of this work was
previously committed.

Step 1 (Document) — 50+ _docs/02_document/ files: problem, solution,
architecture, system flows, glossary, module-layout, per-component
specs (01..06), modules, deployment, diagrams, data model, FINAL
report, verification log, discovery.

Step 2 (Architecture Baseline) — architecture_compliance_baseline.md.
Verdict PASS_WITH_WARNINGS (0 Critical, 0 High, 1 Medium, 2 Low). No
High/Critical findings; auto-chained to Step 3 per existing-code flow.

Step 3 (Test Spec) — _docs/02_document/tests/* (67 scenarios across
blackbox, security, resilience, resource-limit, performance), plus
e2e/docker-compose.test.yml, e2e/seed/run.sh, scripts/run-tests.sh,
scripts/run-performance-tests.sh. Coverage 88% over the active scope
(40 of 45 items covered, 6 RB-deferred, 5 documented-as-uncovered).

Targeted auth + CORS re-sync — replaces the deleted in-house token
issuer with a JWKS-verifier model. AuthController and TokenService
removed; JwtExtensions switched from HS256 symmetric to ES256 over
admin's JWKS. ConfigurationResolver and CorsConfigurationValidator
added under src/Infrastructure/. ADR-002 and ADR-006 retired; SEC-01,
SEC-02, SEC-03 marked Closed. One new testability risk recorded in
architecture.md Open Risks Section 6 (JWKS HTTPS gating).

Source changes:
- src/Auth/JwtExtensions.cs (modified) — ES256, JWKS, alg pinning
- src/Program.cs (modified) — DI wiring for ConfigurationResolver
  and CorsConfigurationValidator
- src/Controllers/AuthController.cs (deleted) — no in-service issuance
- src/Services/TokenService.cs (deleted) — same
- src/Infrastructure/ConfigurationResolver.cs (new)
- src/Infrastructure/CorsConfigurationValidator.cs (new)
- .env.example (new) — required env var documentation
- .gitignore (updated)

Cross-repo coordination: _docs/cross-repo/flights_h1_h2_h3_change_spec
captures the change-spec for downstream services that consumed the now
deleted /auth endpoints.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-14 20:19:05 +03:00

5.5 KiB

Raw Blame History

Azaion.Annotations — Input data parameters

Inventory of every external input the service accepts, with shape, evidence, and validation behavior. Sources: REST DTOs, multipart form fields, env vars, database seed contract.

REST API inputs

`POST /annotations`

Field	Type	Required	Constraint	Evidence
`image_bytes`	`byte[]` (base64-encoded JSON or multipart)	yes	none enforced; sampled by `XxHash3.Hash128` (per RB-04) for id derivation	`Services/AnnotationService.cs` `GenerateAnnotationId(...)`
`mission_id`	`Guid` (post RB-07; today `flight_id`)	yes	foreign-key style, but no FK enforced in schema today	`Entities/AnnotationEntity.cs`, `_docs/02_document/glossary.md`
`media_type`	`MediaType` enum	yes	`Image=10` or `Video=20`; integer wire format	`Models/Wire/MediaType.cs`
`detections`	`Detection[]`	yes (≥0)	each detection: class id, normalised cx/cy/w/h, confidence	`Models/Dto/DetectionDto.cs`
`metadata`	optional payload	no	passes through to row	`AnnotationDto.cs`

`PUT /annotations/{id}` and `PATCH /annotations/{id}/status`

Same DTO shape on the body; id from path. Status transition values come from the AnnotationStatus wire enum: Pending=10, Accepted=20, Rejected=30, Deleted=40.

`DELETE /annotations/{id}`

Path param only. Soft-deletes the row (sets status to Deleted=40) and relocates files to deleted_dir (per RB-01 + glossary "Soft-delete").

`GET /annotations` and `/dataset`

Query string filters: mission_id, status, class_id, paging (offset, limit). Validation is implicit through [FromQuery] model binding — no explicit validators visible at controller level.

`POST /media` and `POST /media/batch`

Multipart form: IFormFile / IFormFileCollection, mission_id, media_type. No format whitelist visible at controller layer (verify in Step 14).

`GET /media/{id}/file`, `GET /media/{id}/thumbnail`

Path param only; returns binary stream.

Auth endpoints

Annotations no longer hosts POST /auth/login, POST /auth/refresh, or POST /auth/register. Token issuance and refresh are owned by the admin service. The only auth-related input on the annotations surface is the Authorization: Bearer <token> HTTP header on every non-/health request, validated by JwtBearerHandler against admin's JWKS:

Header	Required	Notes
`Authorization`	yes (everywhere except `/health`)	`Bearer <ES256 JWT>` issued by admin; `iss` / `aud` / `exp` / signature all validated; `alg` pinned to `ES256`

`/settings/*`

Each controller binds JSON DTOs from Models/Dto/* mirroring the system_settings, directory_settings, camera_settings, user_settings shapes in Database/DatabaseMigrator.cs.

Database seed inputs (boot-time)

DatabaseMigrator issues ON CONFLICT DO NOTHING inserts on:

Table	Seeded rows
`directory_settings`	one row with default paths
`system_settings`	one row (today still includes `silent_detection`; removal tracked by RB-02)
`detection_classes`	19 rows (ids 0–18): `ArmorVehicle, Truck, Vehicle, Artillery, Shadow, Trenches, MilitaryMan, TyreTracks, AdditionArmoredTank, Smoke, Plane, Moto, CamouflageNet, CamouflageBranches, Roof, Building, Caponier, Ammo, Protect.Struct` (`Smoke` and `Plane` share color `#000080` — pre-existing data quirk, fixed by RB-06)
(There is no `users` table in this service — identity is owned by the admin service.)

Detection class catalog becomes admin-CRUD after RB-06.

Environment variables (process inputs)

Name	Required	Default	Purpose
`DATABASE_URL`	yes	none — fail-fast (`ConfigurationResolver`)	Postgres connection; URI form auto-converted to Linq2DB form
`JWT_ISSUER`	yes	none — fail-fast	Expected `iss` claim (admin's issuer)
`JWT_AUDIENCE`	yes	none — fail-fast	Expected `aud` claim (this service)
`JWT_JWKS_URL`	yes	none — fail-fast; HTTPS required	Admin's JWKS endpoint for ES256 key resolution
`CorsConfig:AllowedOrigins`	yes (prod, unless `AllowAnyOrigin=true`)	empty	Configured origins for the default CORS policy
`CorsConfig:AllowAnyOrigin`	optional	`false`	Explicit opt-in to permissive CORS (validator blocks empty allow-list in `Production` unless this is set)
`RABBITMQ_HOST`	optional	`127.0.0.1`	stream broker host
`RABBITMQ_STREAM_PORT`	optional	`5552`	stream listener port
`RABBITMQ_PRODUCER_USER`	optional	`azaion_producer`	stream auth user
`RABBITMQ_PRODUCER_PASS`	optional	`producer_pass`	stream auth pass
`AZAION_REVISION`	optional	`unknown`	image build stamp; logged at boot
`ASPNETCORE_URLS`	optional	`http://+:8080`	bind address
`ASPNETCORE_ENVIRONMENT`	optional	`Production`	bound to ASP.NET host

Stream consumer wire format

Outbound (this service is producer-only):

Stream name: azaion-annotations
Body: gzip(MessagePack(AnnotationStreamMessage))
Schema fields (post RB-09): annotation_id, operation (QueueOperation), date_time, payload — see _docs/02_document/components/02_annotations-realtime-sync/description.md and ADR-013.

Cross-references

Wire enum table: _docs/02_document/modules/wire-enums.md
ER diagram: _docs/02_document/data_model.md
Common error envelope: _docs/02_document/common-helpers/01_http-error-envelope.md

5.5 KiB Raw Blame History Unescape Escape

Azaion.Annotations — Input data parameters

REST API inputs

POST /annotations

PUT /annotations/{id} and PATCH /annotations/{id}/status

DELETE /annotations/{id}

GET /annotations and /dataset

POST /media and POST /media/batch

GET /media/{id}/file, GET /media/{id}/thumbnail