Configured the application to use SQL Server as a distributed
cache provider. Added `AddDistributedSqlServerCache` to
`Program.cs` and set up the connection string, schema name,
and table name from the `Cache:SqlServer` configuration
section. This enables persistent and shared caching across
multiple application instances.
Introduced a new `CacheController` to manage cached data for
receiver signatures using distributed caching. Added endpoints
to save, retrieve, and delete cached signatures.
Created a `SignatureCacheRequest` model for caching payloads
and a `CacheOptions` class to configure cache settings,
including optional expiration. Updated `Program.cs` to bind
`CacheOptions` to the `Cache` section in `appsettings.json`.
Added a new `Cache` section in `appsettings.json` with a
`SignatureCacheExpiration` property, defaulting to `null`
(no expiration).
Updated the project version in `EnvelopeGenerator.API.csproj`
from `1.3.0` to `1.3.1`, including `<Version>`, `<FileVersion>`,
and `<AssemblyVersion>` properties, indicating a minor update.
Simplified the YARP proxy mapping in `Program.cs` by replacing
the conditional `app.MapWhen` logic with a direct call to
`app.MapReverseProxy()`, allowing all requests to be forwarded
through the reverse proxy without path filtering.
Introduced a preprocessor directive `#if NET9_0_OR_GREATER` to conditionally include the `app.MapOpenApi();` method call. This ensures that the `MapOpenApi` functionality is only executed when the application targets .NET 9.0 or later, maintaining compatibility with earlier .NET versions.
Introduced a conditional compilation directive (`#if NET9_0_OR_GREATER`) to register the `AddOpenApi` service only when the application is targeting .NET 9.0 or later. This ensures compatibility and avoids unnecessary service registration for earlier .NET versions.
Updated the middleware pipeline in `Program.cs` to use `app.MapWhen()` for conditional routing. The reverse proxy now excludes requests to `/swagger`, `/scalar`, and `/openapi` paths, ensuring these endpoints are handled separately. This change replaces the direct `app.MapReverseProxy()` call with a more selective approach, improving request handling for specific API paths.
Enhanced token validation logic by introducing an `OnTokenValidated` event handler. This ensures the `envelopeKey` in the request path matches the token's subject (`sub` claim). Added `return Task.CompletedTask;` to complete asynchronous operations. These changes improve security by preventing mismatches or unauthorized access.
Introduced a new `EnvelopeReceiverJwt` authentication scheme to support per-envelope JWT validation using cookies specific to envelope keys. Added the `CheckEnvelopeReceiver` endpoint in `AuthController.cs` to validate these tokens, protected by the `AuthPolicy.Receiver` policy.
Configured the `EnvelopeReceiverJwt` scheme to dynamically resolve issuer signing keys and validate tokens. Enhanced `JwtBearerEvents.OnMessageReceived` to extract envelope keys from the request path and retrieve tokens from corresponding cookies.
Updated the `AuthPolicy.Receiver` policy to use the `EnvelopeReceiverJwt` scheme, ensuring isolated authentication for per-envelope scenarios. Added XML documentation for the `CheckEnvelopeReceiver` method.
- Added `using DigitalData.Auth.Claims` to support claims handling.
- Improved EF Core DbContext comment for better clarity.
- Added logic to dynamically select connection strings based on
`MIGRATION_TEST_MODE` or `UseDbMigration` configuration.
- Updated `AuthPolicy.Receiver` to include the `"receiver"` role.
Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
Replaced direct role-based [Authorize] attributes with named
authorization policies (e.g., AuthPolicy.Receiver,
AuthPolicy.SenderOrReceiver) in AnnotationController,
DocumentController, and ReadOnlyController. Added and registered
new policies in Program.cs and updated AuthPolicy constants.
This centralizes and simplifies authorization management.
Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.
Renamed AuthorizationPolicies to AuthPolicy and updated all references to use the new naming convention for authorization policy constants. This improves consistency and clarity across the codebase.
Switched from AddAuthorization to AddAuthorizationBuilder for
defining authorization policies, resulting in more concise and
modern code. Policy logic and requirements remain unchanged.
Introduce SenderOrReceiverFullyAuth and ReceiverFullyAuth policies for role-based authorization. Register these policies in Program.cs. Also, fix OpenApiReference type for Swagger security configuration.
Introduced AuthProxyDocumentFilter to programmatically document the POST /api/auth proxy login endpoint in Swagger. The filter defines request body schemas, example values, query parameter, and response codes. Registered the filter in Program.cs for OpenAPI generation.
Integrated YARP by adding the Yarp.ReverseProxy package, including yarp.json for proxy configuration, and updating Program.cs to load and map reverse proxy routes. This enables the API to forward requests based on yarp.json settings.
Replaced all EnvelopeGenerator.GeneratorAPI namespaces with EnvelopeGenerator.API across controllers, models, extensions, middleware, and annotation-related files. Updated using/import statements and namespace declarations accordingly. Added wwwroot folder to project file. Minor code adjustments made for consistency. This unifies API naming for improved clarity and maintainability.
Deleted dotnet-tools.json (dotnet-ef config) and IIS publish profiles for .NET 7 and .NET 9 (IISProfileNet7Win64.pubxml, IISProfileNet9Win64.pubxml) to clean up unused deployment and tooling files.
