From 6c26657a622fd7fc1c38a064c6a213b73daac134 Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Tue, 4 Mar 2025 11:44:04 +0100 Subject: [PATCH 1/6] fix: remove IgnoreAntiforgeryToken attribute --- .../src/AdminApi/Controllers/ApiKeyValidationController.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs b/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs index d00864790f..b3edd6dd18 100644 --- a/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs +++ b/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs @@ -9,7 +9,6 @@ public class ApiKeyValidationController : ControllerBase { [HttpPost] [AllowAnonymous] - [IgnoreAntiforgeryToken] public IActionResult ValidateApiKey([FromBody] ValidateApiKeyRequest? request, [FromServices] ApiKeyValidator apiKeyValidator) { var apiKeyIsValid = apiKeyValidator.IsApiKeyValid(request?.ApiKey); From 31bbf661b27603e231e0329dd042b69aefe5feea Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Tue, 4 Mar 2025 16:13:05 +0100 Subject: [PATCH 2/6] fix: generate and use xsrf token for validateApiKey request --- .../lib/src/admin_api_sdk_base.dart | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart b/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart index e073569eca..eb1f06e46d 100644 --- a/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart +++ b/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart @@ -32,23 +32,27 @@ class AdminApiClient { static Future create({required String baseUrl, required String apiKey}) async { final client = AdminApiClient._(baseUrl, apiKey); - await client._setupXsrf(); + await AdminApiClient._setupXsrf(client._dio); return client; } - Future _setupXsrf() async { - final xsrf = await _dio.get('/api/v1/xsrf'); + static Future _setupXsrf(Dio dio) async { + final xsrf = await dio.get('/api/v1/xsrf'); final xsrfToken = xsrf.data!; final xsrfCookie = xsrf.headers.value('Set-Cookie'); - _dio.options.headers['X-XSRF-TOKEN'] = xsrfToken; - _dio.options.headers['Cookie'] = xsrfCookie; + dio.options.headers['X-XSRF-TOKEN'] = xsrfToken; + dio.options.headers['Cookie'] = xsrfCookie; } static Future validateApiKey({required String baseUrl, required String apiKey}) async { - final isValidResponse = await Dio( + final dio = Dio( BaseOptions(baseUrl: baseUrl, validateStatus: (status) => status == 200), - ).post>('/api/v1/validateApiKey', data: {'apiKey': apiKey}); + ); + + await AdminApiClient._setupXsrf(dio); + + final isValidResponse = await dio.post>('/api/v1/validateApiKey', data: {'apiKey': apiKey}); final isValid = isValidResponse.data!['isValid'] as bool; return isValid; From 46b103e48c72494f31ce7382e35628d886aaf321 Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Tue, 4 Mar 2025 16:19:35 +0100 Subject: [PATCH 3/6] chore: add Authorize attribute to ApiKeyValidationController --- .../src/AdminApi/Controllers/ApiKeyValidationController.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs b/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs index b3edd6dd18..ad1272b6b1 100644 --- a/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs +++ b/Applications/AdminApi/src/AdminApi/Controllers/ApiKeyValidationController.cs @@ -5,6 +5,7 @@ namespace Backbone.AdminApi.Controllers; [Route("api/v1/ValidateApiKey")] +[Authorize("ApiKey")] public class ApiKeyValidationController : ControllerBase { [HttpPost] From 9b2fe3e0beebc937f089c7bfd25c231a84a2a9de Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Tue, 4 Mar 2025 16:21:37 +0100 Subject: [PATCH 4/6] chore: add missing call to AsSplitQuery --- .../Persistence/Repository/IdentitiesRepository.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Quotas/src/Quotas.Infrastructure/Persistence/Repository/IdentitiesRepository.cs b/Modules/Quotas/src/Quotas.Infrastructure/Persistence/Repository/IdentitiesRepository.cs index 270518d4a1..55e8ad7aaf 100644 --- a/Modules/Quotas/src/Quotas.Infrastructure/Persistence/Repository/IdentitiesRepository.cs +++ b/Modules/Quotas/src/Quotas.Infrastructure/Persistence/Repository/IdentitiesRepository.cs @@ -55,6 +55,7 @@ public async Task> FindWithTier(TierId tierId, Cancellatio { var identities = await (track ? _identitiesDbSet : _readOnlyIdentities) .IncludeAll(_dbContext) + .AsSplitQuery() .Where(i => i.TierId == tierId) .ToListAsync(cancellationToken); From 5233562c3c54e01412013e7db482e7b0df678172 Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Wed, 5 Mar 2025 07:17:58 +0100 Subject: [PATCH 5/6] chore: move stuff to correct namespace --- .../DomainEvents/{Out => Outgoing}/FileUploadedDomainEvent.cs | 2 +- Modules/Files/src/Files.Domain/Entities/File.cs | 2 +- .../DomainEvents/{ => Outgoing}/TokenCreatedDomainEvent.cs | 2 +- .../DomainEvents/{ => Outgoing}/TokenLockedDomainEvent.cs | 2 +- Modules/Tokens/src/Tokens.Domain/Entities/Token.cs | 2 +- .../Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TokenTests.cs | 2 +- .../test/Tokens.Domain.Tests/Tests/Tokens/TryToAccessTests.cs | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) rename Modules/Files/src/Files.Domain/DomainEvents/{Out => Outgoing}/FileUploadedDomainEvent.cs (87%) rename Modules/Tokens/src/Tokens.Domain/DomainEvents/{ => Outgoing}/TokenCreatedDomainEvent.cs (86%) rename Modules/Tokens/src/Tokens.Domain/DomainEvents/{ => Outgoing}/TokenLockedDomainEvent.cs (85%) diff --git a/Modules/Files/src/Files.Domain/DomainEvents/Out/FileUploadedDomainEvent.cs b/Modules/Files/src/Files.Domain/DomainEvents/Outgoing/FileUploadedDomainEvent.cs similarity index 87% rename from Modules/Files/src/Files.Domain/DomainEvents/Out/FileUploadedDomainEvent.cs rename to Modules/Files/src/Files.Domain/DomainEvents/Outgoing/FileUploadedDomainEvent.cs index 675c81ac16..9495acc8c0 100644 --- a/Modules/Files/src/Files.Domain/DomainEvents/Out/FileUploadedDomainEvent.cs +++ b/Modules/Files/src/Files.Domain/DomainEvents/Outgoing/FileUploadedDomainEvent.cs @@ -1,7 +1,7 @@ using Backbone.BuildingBlocks.Domain.Events; using File = Backbone.Modules.Files.Domain.Entities.File; -namespace Backbone.Modules.Files.Domain.DomainEvents.Out; +namespace Backbone.Modules.Files.Domain.DomainEvents.Outgoing; public class FileUploadedDomainEvent : DomainEvent { diff --git a/Modules/Files/src/Files.Domain/Entities/File.cs b/Modules/Files/src/Files.Domain/Entities/File.cs index 2ffc8b8934..7d4ed4c81c 100644 --- a/Modules/Files/src/Files.Domain/Entities/File.cs +++ b/Modules/Files/src/Files.Domain/Entities/File.cs @@ -2,7 +2,7 @@ using Backbone.BuildingBlocks.Domain; using Backbone.BuildingBlocks.Domain.Exceptions; using Backbone.DevelopmentKit.Identity.ValueObjects; -using Backbone.Modules.Files.Domain.DomainEvents.Out; +using Backbone.Modules.Files.Domain.DomainEvents.Outgoing; using Backbone.Tooling; namespace Backbone.Modules.Files.Domain.Entities; diff --git a/Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenCreatedDomainEvent.cs b/Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenCreatedDomainEvent.cs similarity index 86% rename from Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenCreatedDomainEvent.cs rename to Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenCreatedDomainEvent.cs index 6ac4822bf3..db857655af 100644 --- a/Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenCreatedDomainEvent.cs +++ b/Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenCreatedDomainEvent.cs @@ -1,7 +1,7 @@ using Backbone.BuildingBlocks.Domain.Events; using Backbone.Modules.Tokens.Domain.Entities; -namespace Backbone.Modules.Tokens.Domain.DomainEvents; +namespace Backbone.Modules.Tokens.Domain.DomainEvents.Outgoing; public class TokenCreatedDomainEvent : DomainEvent { diff --git a/Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenLockedDomainEvent.cs b/Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenLockedDomainEvent.cs similarity index 85% rename from Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenLockedDomainEvent.cs rename to Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenLockedDomainEvent.cs index 9912b75980..d29a1b30a5 100644 --- a/Modules/Tokens/src/Tokens.Domain/DomainEvents/TokenLockedDomainEvent.cs +++ b/Modules/Tokens/src/Tokens.Domain/DomainEvents/Outgoing/TokenLockedDomainEvent.cs @@ -1,7 +1,7 @@ using Backbone.BuildingBlocks.Domain.Events; using Backbone.Modules.Tokens.Domain.Entities; -namespace Backbone.Modules.Tokens.Domain.DomainEvents; +namespace Backbone.Modules.Tokens.Domain.DomainEvents.Outgoing; public class TokenLockedDomainEvent : DomainEvent { diff --git a/Modules/Tokens/src/Tokens.Domain/Entities/Token.cs b/Modules/Tokens/src/Tokens.Domain/Entities/Token.cs index 155b0c09e1..4ab906f2f6 100644 --- a/Modules/Tokens/src/Tokens.Domain/Entities/Token.cs +++ b/Modules/Tokens/src/Tokens.Domain/Entities/Token.cs @@ -2,7 +2,7 @@ using Backbone.BuildingBlocks.Domain; using Backbone.BuildingBlocks.Domain.Exceptions; using Backbone.DevelopmentKit.Identity.ValueObjects; -using Backbone.Modules.Tokens.Domain.DomainEvents; +using Backbone.Modules.Tokens.Domain.DomainEvents.Outgoing; using Backbone.Tooling; namespace Backbone.Modules.Tokens.Domain.Entities; diff --git a/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TokenTests.cs b/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TokenTests.cs index 6eed2aac0b..d5f0b32442 100644 --- a/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TokenTests.cs +++ b/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TokenTests.cs @@ -1,5 +1,5 @@ using Backbone.BuildingBlocks.Domain.Exceptions; -using Backbone.Modules.Tokens.Domain.DomainEvents; +using Backbone.Modules.Tokens.Domain.DomainEvents.Outgoing; using Backbone.Modules.Tokens.Domain.Entities; using Backbone.Modules.Tokens.Domain.Tests.TestHelpers; diff --git a/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TryToAccessTests.cs b/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TryToAccessTests.cs index 4d6fb3ec1c..bcd1990252 100644 --- a/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TryToAccessTests.cs +++ b/Modules/Tokens/test/Tokens.Domain.Tests/Tests/Tokens/TryToAccessTests.cs @@ -1,5 +1,5 @@ using Backbone.DevelopmentKit.Identity.ValueObjects; -using Backbone.Modules.Tokens.Domain.DomainEvents; +using Backbone.Modules.Tokens.Domain.DomainEvents.Outgoing; using Backbone.Modules.Tokens.Domain.Entities; using Backbone.Modules.Tokens.Domain.Tests.TestHelpers; using Backbone.Tooling; From ae8427c96de086f89b8e34ad4ae29e56d3a2e8cd Mon Sep 17 00:00:00 2001 From: Timo Notheisen Date: Wed, 5 Mar 2025 08:28:21 +0100 Subject: [PATCH 6/6] chore: fix formatting --- .../packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart b/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart index eb1f06e46d..65b9e38c63 100644 --- a/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart +++ b/Applications/AdminUi/packages/admin_api_sdk/lib/src/admin_api_sdk_base.dart @@ -46,9 +46,7 @@ class AdminApiClient { } static Future validateApiKey({required String baseUrl, required String apiKey}) async { - final dio = Dio( - BaseOptions(baseUrl: baseUrl, validateStatus: (status) => status == 200), - ); + final dio = Dio(BaseOptions(baseUrl: baseUrl, validateStatus: (status) => status == 200)); await AdminApiClient._setupXsrf(dio);