azaion/missions
1
0
Fork 0
mirror of https://github.com/azaion/missions.git synced 2026-06-21 15:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e68d8e7f2d855824f413d8fcb2d239e27a9ad7f5
missions/_docs/02_document/modules/controller_vehicles.md
T
Oleksandr Bezdieniezhnykh 7025f4d075 refactor: enhance JWT authentication and CORS configuration 
Updated JWT authentication to use configuration values instead of hardcoded secrets, improving security and flexibility. Enhanced CORS policy to conditionally allow origins based on configuration settings, with logging for permissive defaults. Updated README to reflect project renaming and clarify service context.
2026-05-14 19:48:25 +03:00

3.2 KiB
Raw Blame History

Module: Azaion.Missions.Controllers.VehiclesController

File: Controllers/VehiclesController.cs

NOTE (forward-looking): post-rename. Today's source is Controllers/AircraftsController.cs mounted at [Route("aircrafts")]. Renames + route changes tracked under Jira AZ-EPIC children B6 (domain rename) and B8 (HTTP route prefix rename).

Purpose

REST surface for the vehicles resource. Thin HTTP wrapper over VehicleService -- every action delegates 1:1 with no extra logic.

Public Interface

HTTP Route Action Body / Query Returns
POST /vehicles Create body: CreateVehicleRequest 201 Created + Location: /vehicles/{id}, body: Vehicle
PUT /vehicles/{id:guid} Update body: UpdateVehicleRequest 200 OK, body: Vehicle
DELETE /vehicles/{id:guid} Delete -- 204 No Content
GET /vehicles GetAll query: GetVehiclesQuery (Name?, IsDefault?) 200 OK, body: List<Vehicle> (no pagination)
GET /vehicles/{id:guid} Get -- 200 OK, body: Vehicle
PATCH /vehicles/{id:guid}/default SetDefault body: SetDefaultRequest 204 No Content

Class-level decorators:

  • [ApiController] -- automatic 400 for model-binding/validation errors (note: there are no validation attributes, so this rarely triggers).
  • [Route("vehicles")] -- base path.
  • [Authorize(Policy = "FL")] -- every action requires the FL JWT permission claim.

Internal Logic

Each action is a one-liner: await the service, return Created/Ok/NoContent.

Create returns the persisted entity (including server-generated Id). Update, Get, GetAll return entities directly (no DTO mapping -- the entity IS the response shape).

Dependencies

  • Azaion.Missions.Services.VehicleService (constructor-injected)
  • Azaion.Missions.DTOs (request/query types)
  • ASP.NET Core MVC: ControllerBase, [ApiController], [Route], [Authorize], route-binding attributes.

Consumers

  • HTTP clients (frontend, other services, Swagger UI, integration tests).

Data Models

Returns the Vehicle entity directly on the wire -- fields are serialized as PascalCase properties (System.Text.Json default; no camelCase configuration is set in Program.cs).

Configuration

None directly.

External Integrations

None directly -- service does the DB work.

Security

  • Every action gated by Policy = "FL" (JWT claim permissions = FL).
  • No anti-CSRF (REST API, JWT auth -- typical).
  • No rate limiting at this layer.

Tests

None present.

Notes / Smells

  1. Entity leakage on the wire -- controllers return Vehicle entities. For Vehicle there are no associations, so no over-fetch happens. (Compare to MissionsController which returns Mission -- that DOES have Vehicle and List<Waypoint> associations; lazy-load behavior depends on LinqToDB defaults.)
  2. No HEAD / OPTIONS explicit handlers -- relies on framework defaults.
  3. PATCH for SetDefault is semantically a partial update -- appropriate. Body is a tiny { IsDefault: bool } dedicated DTO.
  4. Created body includes the entity -- consistent with REST best practice (avoids a follow-up GET).
Reference in New Issue View Git Blame Copy Permalink