AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refaktorisierung: Absicherung von DB-Operationen und Verbesserung der Geschäftslogik

Browse Source 
- Implementierung von LINQ-Abfragen innerhalb der Core-Bibliothek zur Minderung von SQL-Injection-Anfälligkeiten für DB-Operationen von Umschlägen und Empfängern.
- Aktualisierung der Geschäftslogik in der Service-Schicht für verbessertes Transaktionshandling.
- Erweiterung der ServiceMessage um eine neue Flag-Funktion zum Verfolgen von Cybersecurity- und Datenintegritätsproblemen.
- Hinzufügen spezifischer Benutzerverhaltensflags zur besseren Erkennung und Behandlung potenzieller Datenverletzungen.
This commit is contained in:
Developer 02
2024-04-24 13:45:03 +02:00
parent f2e718565d
commit 6338b81571
47 changed files with 644 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
EnvelopeGenerator.Application/Services/EnvelopeReceiverService.cs
View File

@@ -6,7 +6,6 @@ using EnvelopeGenerator.Application.Contracts;
using EnvelopeGenerator.Application.DTOs;
using EnvelopeGenerator.Domain.Entities;
using EnvelopeGenerator.Infrastructure.Contracts;
using Microsoft.EntityFrameworkCore;
namespace EnvelopeGenerator.Application.Services
{
@@ -17,10 +16,84 @@ namespace EnvelopeGenerator.Application.Services
{
}
public async Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode)
public async Task<IServiceResult<IEnumerable<EnvelopeReceiverDto>>> ReadBySignatureAsync(string signature, bool withEnvelope = false, bool withReceiver = true)
{
var envelopeAccessCode = await _repository.ReadAccessCodeByEnvelopeUuid(envelopeUuid);
return CreateMessage(isSuccess: accessCode == envelopeAccessCode) ;
var env_rcvs = await _repository.ReadBySignatureAsync(signature: signature, withEnvelope: withEnvelope, withReceiver: withReceiver);
return Successful(_mapper.MapOrThrow<IEnumerable<EnvelopeReceiverDto>>(env_rcvs));
}
public async Task<IServiceResult<IEnumerable<EnvelopeReceiverDto>>> ReadByUuidAsync(string uuid, bool withEnvelope = true, bool withReceiver = false)
{
var env_rcvs = await _repository.ReadByUuidAsync(uuid: uuid, withEnvelope: withEnvelope, withReceiver: withReceiver);
return Successful(_mapper.MapOrThrow<IEnumerable<EnvelopeReceiverDto>>(env_rcvs));
}
public async Task<IServiceResult<EnvelopeReceiverDto>> ReadByUuidSignatureAsync(string uuid, string signature, bool withEnvelope = true, bool withReceiver = true)
{
var env_rcv = await _repository.ReadByUuidSignatureAsync(uuid: uuid, signature: signature, withEnvelope: withEnvelope, withReceiver: withReceiver);
if (env_rcv is null)
return Failed<EnvelopeReceiverDto>()
.WithClientMessageKey(MessageKey.EnvelopeReceiverNotFound);
return Successful(_mapper.MapOrThrow<EnvelopeReceiverDto>(env_rcv));
}
public async Task<IServiceResult<EnvelopeReceiverDto>> ReadByEnvelopeReceiverIdAsync(string envelopeReceiverId, bool withEnvelope = true, bool withReceiver = true)
{
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
if (uuid is null || signature is null)
return Failed<EnvelopeReceiverDto>()
.WithClientMessageKey(MessageKey.WrongEnvelopeReceiverId2Client)
.WithWarningMessage((uuid, signature).ToTitle())
.WithWarningMessageKey(MessageKey.WrongEnvelopeReceiverId2Logger)
.WithWarningMessageKey(MessageKey.PossibleSecurityBreach)
.WithFlag(Flag.PossibleSecurityBreach);
return await ReadByUuidSignatureAsync(uuid: uuid, signature: signature, withEnvelope: withEnvelope, withReceiver: withReceiver);
}
public async Task<IServiceResult<bool>> VerifyAccessCodeAsync(string uuid, string signature, string accessCode)
{
var er = await _repository.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);
if (er is null)
return Failed<bool>()
.WithClientMessageKey(MessageKey.EnvelopeOrReceiverNonexists)
.WithWarningMessage((uuid, signature).ToTitle())
.WithWarningMessageKey(MessageKey.EnvelopeOrReceiverNonexists)
.WithWarningMessageKey(MessageKey.PossibleDataIntegrityIssue)
.WithFlag(MessageKey.PossibleDataIntegrityIssue);
var actualAccessCode = er.AccessCode;
if (actualAccessCode is null)
return Failed<bool>()
.WithClientMessageKey(MessageKey.AccessCodeNull2Client)
.WithCriticalMessage((uuid, signature).ToTitle())
.WithCriticalMessageKey(MessageKey.AccessCodeNull2Logger)
.WithCriticalMessageKey(MessageKey.DataIntegrityIssue)
.WithFlag(Flag.DataIntegrityIssue);
else if(accessCode != actualAccessCode)
return Successful(false).WithClientMessageKey(MessageKey.WrongAccessCode);
else
return Successful(true);
}
public async Task<IServiceResult<bool>> VerifyAccessCodeAsync(string envelopeReceiverId, string accessCode)
{
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
if (uuid is null || signature is null)
return Failed<bool>()
.WithClientMessageKey(MessageKey.WrongEnvelopeReceiverId2Client)
.WithCriticalMessageKey(MessageKey.WrongEnvelopeReceiverId2Logger)
.WithCriticalMessageKey(MessageKey.SecurityBreach)
.WithCriticalMessage("Attempt to verify access code detected. Such actions are generally not initiated by well-intentioned users. Potential security breach suspected. Immediate investigation required.")
.WithFlag(Flag.SecurityBreach);
return await VerifyAccessCodeAsync(uuid: uuid, signature: signature, accessCode: accessCode);
}
}
}