azaion/missions
1
0
Fork 0
mirror of https://github.com/azaion/missions.git synced 2026-06-22 15:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: enhance JWT authentication and CORS configuration

Browse Source 
Updated JWT authentication to use configuration values instead of hardcoded secrets, improving security and flexibility. Enhanced CORS policy to conditionally allow origins based on configuration settings, with logging for permissive defaults. Updated README to reflect project renaming and clarify service context.
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-14 19:48:25 +03:00
parent 2fe394d732
commit 7025f4d075
74 changed files with 8494 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_document/diagrams/flows/flow_health_probe.md
+64
View File
@@ -0,0 +1,64 @@
# Flow F7 — Health probe
> Trivial flow. Documented for completeness because it is the contract every external orchestrator (Watchtower, docker compose healthcheck, reverse proxy) relies on.
## Description
`GET /health` returns `{ "status": "healthy" }` with no auth. Confirms the process is up and the HTTP pipeline is serving — does NOT confirm DB connectivity, JWT validation works, or any feature endpoint is reachable.
## Preconditions
- HTTP pipeline is serving (i.e., F6 reached `app.Run()`).
## Sequence Diagram
```mermaid
sequenceDiagram
autonumber
participant Probe as Watchtower / compose / reverse proxy
participant Host as 07_host
Probe->>Host: GET /health (no Authorization header)
Host-->>Probe: 200 OK + { "status": "healthy" }
```
## Flowchart
```mermaid
flowchart LR
Start([GET /health]) --> Resp([200 OK + healthy])
```
## Data Flow
| Step | From | To | Data | Format |
|------|------|----|------|--------|
| 1 | Probe | `MapGet("/health")` | (no body, no auth) | HTTP GET |
| 2 | `MapGet("/health")` | Probe | `{ "status": "healthy" }` | JSON (PascalCase irrelevant — single key) |
## Error Scenarios
| Error | Where | Detection | Recovery |
|-------|-------|-----------|----------|
| Process down | TCP layer | Probe gets `ECONNREFUSED` | Orchestrator restarts container |
| Pipeline not yet at `app.Run()` (mid-startup) | TCP layer | TCP connect succeeds but no response | Probe times out; orchestrator typically retries with backoff |
## Performance Expectations
| Metric | Target | Notes |
|--------|--------|-------|
| Latency | <5ms | Pure pipeline execution; no I/O |
| Throughput | bounded only by ASP.NET Core's request handling | Not load-tested |
## Future improvement (carry-forward, NOT this Epic)
Add a DB ping:
```csharp
app.MapGet("/health", async (AppDataConnection db) =>
{
await db.ExecuteAsync("SELECT 1");
return Results.Ok(new { status = "healthy" });
});
```
This would let `flight-gate` and reverse-proxy checks reflect actual readiness rather than process liveness. Today the migrator runs at startup and crashes the process on DB failure (F6), which is a coarse but workable substitute for one-shot bring-up. In a steady-state running device, a transient DB outage AFTER startup would not be caught by `/health` today.