FullStackHero 10 .NET Starter Kit Release Merge #1152
Draft
+69,653
−54,984
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated the `Serilog` package version in `Directory.Packages.props` from `4.3.1-dev-02390` to `4.3.1-dev-02395`. Added a new `Architecture.md` file to the solution under the `/Solution Items/` folder. This document provides a detailed overview of the FullStackHero .NET 10 Starter Kit architecture, including solution structure, technology stack, development guidelines, and future plans for Aspire orchestration. The `Architecture.md` file serves as a single source of truth for developers, ensuring clarity and consistency across the project.
Introduced a configuration-driven rate limiting feature to protect APIs from abuse, with tenant- and user-aware policies. Added `RateLimitingOptions` for global and auth-specific limits, exempting health endpoints. Updated the pipeline to include rate limiting middleware. Replaced `DatabaseOptionsLogger` with `DatabaseOptionsStartupLogger` as a hosted service for logging database provider details at startup. Removed OpenAPI annotations from health endpoints and ensured static files are unaffected by rate limiting. Added `Microsoft.AspNetCore.RateLimiting` dependency, `MailOptions` configuration, and placeholders for `AppHost` and `ServiceDefaults`. Performed code cleanup and updated documentation to reflect these changes.
Introduced a new HTTP Auditing module with request/response logging, W3C Trace Context correlation, body capture with masking, and default exclusions. Automatically integrates into the pipeline when referenced. Enhanced logging with structured Serilog configuration, correlation ID enrichment, and noise control for common frameworks. Added production best practices and example `appsettings` for JSON sinks. Improved middleware pipeline in `Extensions.cs`: - Added `ServeStaticFiles` option for early static file serving. - Adjusted CORS middleware placement. - Auto-wired Auditing middleware if referenced. Enhanced `AuditHttpMiddleware`: - Masked sensitive fields in request/response bodies. - Replaced route pattern logging with exact path logging. - Improved exception auditing and updated source identifier. Expanded sensitive field masking in `JsonMaskingService` to include `accessToken` and `refreshToken`. Introduced `AppHost + ServiceDefaults` in `Architecture.md` to outline plans for resource orchestration and deployment bridges.
Renamed and rebranded the FullStackHero (FSH) framework to Hero across the codebase. This includes updates to method names, class names, namespaces, and configuration references to ensure consistency with the new naming convention. Key changes: - Updated `AddFshPlatform` and `UseFshPlatform` to `AddHeroPlatform` and `UseHeroPlatform`. - Renamed `ConfigureDatabase` to `ConfigureHeroDatabase` in database-related classes. - Replaced `BindDbContext` with `AddHeroDbContext` in all modules. - Updated CORS, OpenAPI, and health check methods to use the `Hero` prefix. - Refactored multi-tenant database configuration to `UseHeroMultiTenantDatabases`. These changes ensure a consistent and unified naming convention for the Hero framework.
Introduced a new `Architecture.Tests` project to enforce solution-wide architectural rules, including modularity, namespace conventions, and decoupling between modules and host projects. - Added new package references in `Directory.Packages.props` for testing libraries (`xunit`, `Shouldly`, `AutoFixture`, etc.). - Updated `FSH.Framework.slnx` to include the `Architecture.Tests` project under `/Tests/`. - Created `Architecture.Tests.csproj` targeting `net10.0` with references to building blocks, modules, and the Playground API. - Added `ModuleArchitectureTests` to ensure module runtime projects do not reference other module runtime projects directly. - Added `NamespaceConventionsTests` to enforce namespace alignment with folder structure in `BuildingBlocks/Core/Domain`. - Added `PlaygroundArchitectureTests` to ensure modules do not depend on Playground host assemblies. - Introduced `ModuleArchitectureTestsFixture` for dynamic solution root discovery. - Updated `README.md` to document the purpose, structure, and usage of the `Architecture.Tests` project.
…build and push actions for API and Blazor containers
Replaced all "FSH" NuGet package references in templates with "FullStackHero" prefix. TemplateEngine now gets framework version from assembly metadata. Updated publish-nuget.yml to use --no-build for CLI tool packaging.
- Add --git and --fsh-version options to `fsh new` for git repo initialization and custom FSH package version selection - Wizard now prompts for FSH version and displays a clearer, more concise summary - Generated solutions can auto-initialize git and include a .gitignore - Templates updated: use latest FSH packages, improved references, and modern .NET patterns (e.g., await app.RunAsync) - Sample module renamed to "Catalog" for consistency - CLI output and next steps instructions improved for clarity and style - Add test-cli.ps1 script for local CLI testing - Update dependencies to latest versions and perform code cleanup - Add settings.json for local configuration
- Consolidate and squash all Identity migrations into new 20251222232937_Initial, removing old migration files and resetting the migration baseline. - Update IdentityDbContextModelSnapshot to match new schema: add LastPasswordChangeDate, PasswordHistory, composite UserNameIndex, and EF Core 10.0.1 changes. - Refactor HealthPage.razor: remove overall status card, redesign per-service cards to modern "stats card" layout, and improve styling. - Enhance TemplateEngine: generate richer appsettings (OpenTelemetry, Serilog, SecurityHeaders, etc.), update connection string logic, and bump Aspire/EF Core/SonarAnalyzer versions. - Add new initial migration and designer files reflecting the full, current Identity schema.
- Introduce UserSession entity and migration for session tracking - Implement ISessionService for session CRUD, validation, and cleanup - Add API endpoints for listing/revoking sessions (user & admin) - Integrate session logic into token issuance/refresh flows - Add session management permissions and register dependencies - Update Blazor UI: new /sessions page, navigation link, and tenant settings stub - Update OpenAPI client for new session endpoints and DTOs - Add UAParser for device info; improve tenant provisioning startup logic
- Introduce Group, GroupRole, UserGroup entities and migrations
- Add permissions and endpoints for group CRUD and membership
- Implement group-based role inheritance for users
- Seed system groups ("All Users", "Administrators")
- Update claims generation to include group roles
- Add Blazor UI for group management and membership
- Extend API client for new group endpoints and DTOs
- Automatically add new users to default groups
- Add IGroupRoleService for resolving group-derived roles
- Introduce comprehensive unit tests for Auditing, Identity, and Multitenancy modules, including validators, options, services, and domain entities - Add new test projects: Auditing.Tests, Identity.Tests, Generic.Tests, and enhance Multitenacy.Tests - Enforce sealed classes for all validators and handlers; fix naming for consistency - Replace old build/publish workflows with unified ci.yml: build, test (matrix), code coverage, artifact upload, and container/NuGet publishing - Add coverlet.collector and NSubstitute for coverage and mocking; update Directory.Packages.props - Update solution file to include all test projects - Add InternalsVisibleTo for test access; document all test code - Major quality, maintainability, and release process improvement
Refactored ci.yml to cache NuGet packages and upload build artifacts in the build job. Test and coverage jobs now download and use these artifacts, eliminating redundant restore/build steps. Updated job dependencies and streamlined the publish job for improved efficiency and faster CI runs.
…d Release Drafter
- Added RabbitMQ event bus provider with config and retry logic - Introduced OutboxDispatcherHostedService for periodic dispatch - Extended EventingOptions for outbox scheduling and provider selection - Added DownloadAsync/ExistsAsync to IStorageService and implementations - Introduced FileDownloadResponse DTO for file downloads - Implemented phone confirmation and external user creation in UserService - Updated TenantThemeService to track updater via ICurrentUser - Updated NuGet dependencies for hosting and RabbitMQ support
- Added ForgotPassword, Register, and ResetPassword Blazor pages with modern, accessible UI and tenant support - Updated SimpleLogin to link to new auth pages - Enhanced ITenantService and TenantService to use CancellationToken and consistent async naming - Added "Retry Provisioning" to TenantDetailPage for failed tenant provisioning - Renamed and improved Multitenancy test project and restored domain/feature tests; added handler tests with NSubstitute - Replaced Extensions.cs with PersistenceExtensions.cs and JwtAuthenticationExtensions.cs for clarity - Updated .gitignore and solution/project file paths for consistency - General code cleanup and improved async and error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 8 new architecture test files enforcing: - Layer dependency rules (Core shouldn't depend on EF/ASP.NET) - Contracts purity (DTOs only, no infrastructure deps) - Handler/validator pairing conventions - Endpoint naming and namespace conventions - BuildingBlocks independence from Modules - Circular reference detection - API versioning consistency - Domain entity patterns - Fix namespace violations: - UserService: FSH.Framework.Infrastructure.Identity.Users.Services -> FSH.Modules.Identity.Services - SelfRegisterUserEndpoint: correct namespace - GenerateTokenEndpoint: correct namespace - RefreshTokenEndpoint: correct namespace - ToggleUserStatusEndpoint: fix method naming - Remove ASP.NET Core dependencies from handlers: - Add IRequestContext abstraction in Core - Add RequestContextService implementation - Update handlers to use IRequestContext instead of IHttpContextAccessor - Add missing GetTenantsQueryValidator for paginated query Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change Auditing.Contracts to reference Shared instead of Web - Add Web as direct reference to Auditing implementation project - Contracts now only depends on Shared (for IPagedQuery/PagedResponse) - Heavy dependencies (Web, FluentValidation, ASP.NET Core) stay in implementation This improves module isolation by keeping Contracts lightweight. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create IPasswordExpiryService and IPasswordHistoryService in Contracts - Create PasswordExpiryStatusDto in Contracts/DTOs - Update service implementations to use userId (string) instead of FshUser - Make service methods async to support database lookups - Update ChangePasswordValidator to use interface from Contracts - Update tests to use NSubstitute mocks for UserManager This follows proper dependency inversion - Contracts should contain interfaces that consumers depend on, while implementations stay in the module project. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create PagedQueryValidator<T> in Web/Validation for IPagedQuery types - Consolidate pagination rules: PageNumber > 0, PageSize 1-100, Sort max 200 - Update SearchUsersQueryValidator to use shared validator - Update GetAuditsQueryValidator to use shared validator - Update GetTenantsQueryValidator to use shared validator Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Eventing no longer references Persistence project - Add Microsoft.EntityFrameworkCore.Relational package directly for ToTable() - Add explicit Shared reference to Modules.Identity.Contracts (was relying on transitive dependency through Eventing -> Persistence) This reduces coupling and makes Eventing a lower-layer component. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Moves all domain entities from scattered Feature folders to a centralized Domain folder with namespace FSH.Modules.Identity.Domain for clearer architectural separation between domain and application concerns. Entities moved: - FshUser, FshRole, FshRoleClaim (Identity entities) - Group, GroupRole, UserGroup (Group entities) - UserSession, PasswordHistory (Supporting entities) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CA2227: Suppress in Identity module (EF Core requires collection setters) - CA1307: Add StringComparison.OrdinalIgnoreCase to Contains() in SessionService - CA1002: Use IReadOnlyList<string> instead of List<string> in endpoint DTOs - CA2016: Forward CancellationToken in CreateTenantCommandValidator - S6667: Pass exception to logger in S3StorageService catch clause - S2930/CA2000: Add using declaration for CancellationTokenSource in tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Package updates: - Microsoft.* packages: 10.0.1 -> 10.0.2 - Finbuckle.MultiTenant.*: 10.0.1 -> 10.0.2 - SonarAnalyzer.CSharp: 10.17.0 -> 10.18.0 - Asp.Versioning.*: 8.1.0 -> 8.1.1 - Scalar.AspNetCore: 2.11.8 -> 2.12.10 - RabbitMQ.Client: 7.1.2 -> 7.2.0 - Other minor version bumps Breaking change fixes (Finbuckle 10.0.2): - Convert AppTenantInfo from record to class - Add [SetsRequiredMembers] to constructors - Update command DTOs to use IReadOnlyList<string> Warning fixes: - Add StringComparison.Ordinal to string methods - Add CultureInfo.InvariantCulture to StringBuilder - Remove unused variables in test files - Add assertions to informational tests - Suppress analyzer warnings for test-specific code - Fix params array syntax in test methods Add zero warnings policy to CLAUDE.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes #1158 - Redis timeout issue when SSL is required - Add EnableSsl option to CachingOptions (nullable bool) - Apply SSL setting only when explicitly configured - Enable SSL by default for Aspire Redis in AppHost Behavior: - No Redis: falls back to in-memory cache - EnableSsl not set: uses connection string default - EnableSsl: true/false: overrides connection string Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Updated appsettings.Development.json to include MultitenancyOptions and OpenTelemetryOptions. Multitenancy now supports auto-provisioning and disables tenant migrations on startup. OpenTelemetry OTLP exporter is explicitly disabled.
- Add CircuitTokenCache to store refreshed tokens per Blazor circuit (httpContext.User claims are cached per circuit and don't update after SignInAsync) - Update circuit cache BEFORE SignInAsync to handle expected failures in SignalR context - Add IAuthStateNotifier to notify components when session expires - Add RedirectToLogin component for AuthorizeRouteView - Update Routes.razor to use AuthorizeRouteView with proper authorization - Add [AllowAnonymous] to public pages (login, register, forgot/reset password) - Add sign-out deduplication flag to prevent multiple sign-out attempts - Only show default credentials in development environment - Handle concurrent refresh requests with lock and cache - Track failed refresh tokens to prevent endless retry loops Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create FshStatCard shared component with hover animations - Update FshPageHeader with modern styling and elevation - Create Eventing.Abstractions project for lightweight interfaces - Move FileUploadRequest DTO from Storage to Shared project - Update Modules.Identity.Contracts to use Eventing.Abstractions - Update Modules.Multitenancy.Contracts to remove Storage dependency - Update architecture tests for new dependency structure Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#Architecture
scripts/openapi/generate-api-clients.ps1 -SpecUrl "<spec>"); Blazor consumes generated clients.