unblinking / trappykeepy Goto Github PK

Add the ability to request results that are sorted, filtered, paginated, etc.

For this requirement, do not create new APIs – instead, enable sorting, filtering, and pagination capabilities in resource collection API and pass the input parameters as query parameters. e.g.

http://api.example.com/device-management/managed-devices
http://api.example.com/device-management/managed-devices?region=USA
http://api.example.com/device-management/managed-devices?region=USA&brand=XYZ
http://api.example.com/device-management/managed-devices?region=USA&brand=XYZ&sort=installation-date

Add roles that users can have.

Currently using SimpleJWT which works great except that it automatically adds a 30 minute expiration to all tokens.

See the issue I created for this unexpected behavior.

Maybe switch to something like JWT which is much more recently updated and used.

Restrict the application from doing things like drop table in the database.

Add something to prevent XSS stuff, such as saving <SCRIPT>alert('hello from script')</SCRIPT> into a string property of an entity.

Looks like MS used to have this but its no longer a thing?

Add unit and end-to-end tests.

Authorize with a specific scheme in ASP.NET Core

services.AddAuthentication()
    .AddJwtBearer(options => {
        options.Audience = "http://localhost:5001/";
        options.Authority = "http://localhost:5000/";
    });

Large Objects

The Large Objects feature is a way of storing large files in a PostgreSQL database. Files can normally be stored in bytea columns but there are two downsides; a file can only be 1 GB and the backend buffers the whole file when reading or writing a column, which may use significant amounts of RAM on the backend.

With the Large Objects feature, objects are instead stored in a separate system table in smaller chunks and provides a streaming API for the user. Each object is given an integral identifier that is used for accessing the object, that can, for example, be stored in a user's table containing information about this object.

Example

// Retrieve a Large Object Manager for this connection
var manager = new NpgsqlLargeObjectManager(Conn);

// Create a new empty file, returning the identifier to later access it
uint oid = manager.Create();

// Reading and writing Large Objects requires the use of a transaction
using (var transaction = Conn.BeginTransaction())
{
    // Open the file for reading and writing
    using (var stream = manager.OpenReadWrite(oid))
    {
        var buf = new byte[] { 1, 2, 3 };
        stream.Write(buf, 0, buf.Length);
        stream.Seek(0, System.IO.SeekOrigin.Begin);

        var buf2 = new byte[buf.Length];
        stream.Read(buf2, 0, buf2.Length);

        // buf2 now contains 1, 2, 3
    }
    // Save the changes to the object
    transaction.Commit();
}

Mostly could be useful to log exceptions.

Logging in .NET Core and ASP.NET Core

private readonly ILogger<GroupController> _logger;

public GroupController(ILogger<GroupController> logger)
{
    _logger = logger;
}

Also, might be best to log some things in the database directly. When a function runs, log details about who ran it, when, etc.

I messed up saving the file data into the database when I was quickly putting that part together. See the dumb mistake below, trying to insert the binary data like a string.

using (var command = new NpgsqlCommand())
{
    command.CommandText = $"SELECT * FROM tk.filedatas_create('{filedata.KeeperId}', '{filedata.BinaryData}');";
    var result = await RunScalar(command);
    var newId = Guid.Empty;
    if (result is not null)
}

Did I accidentally add project references in such a way that could create some kind of circular reference problem?

Implement zxcvbn checking on user passwords before allowing them.

https://www.nuget.org/packages/zxcvbn-core/

Right now I just have the connection string stored as an env var. That is fine, but I have to load it inside of each service.

Can it be loaded once in the Program.cs and then shared to each service via dependency injection?