@onahhas/hello-dev 1.0.0 → 1.0.1

package/backend/Models/AppUser.cs

@@ -0,0 +1,17 @@
+using DevTasks.Api.Enums;
+
+namespace DevTasks.Api.Models;
+
+public sealed class AppUser
+{
+    public Guid Id { get; set; } = Guid.NewGuid();
+    public string FullName { get; set; } = string.Empty;
+    public string Email { get; set; } = string.Empty;
+    public string PasswordHash { get; set; } = string.Empty;
+    public UserRole Role { get; set; } = UserRole.User;
+    public bool IsActive { get; set; } = true;
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+
+    public ICollection<TaskItem> CreatedTasks { get; set; } = new List<TaskItem>();
+    public ICollection<TaskItem> AssignedTasks { get; set; } = new List<TaskItem>();
+}

package/backend/Models/TaskEditRequest.cs

@@ -0,0 +1,31 @@
+using DevTasks.Api.Enums;
+
+namespace DevTasks.Api.Models;
+
+public sealed class TaskEditRequest
+{
+    public Guid Id { get; set; } = Guid.NewGuid();
+
+    public int TaskItemId { get; set; }
+    public TaskItem? TaskItem { get; set; }
+
+    public Guid RequestedByUserId { get; set; }
+    public AppUser? RequestedByUser { get; set; }
+
+    public string? Title { get; set; }
+    public string? Description { get; set; }
+    public TaskState? Status { get; set; }
+    public TaskPriority? Priority { get; set; }
+    public TaskVisibility? Visibility { get; set; }
+    public DateTime? DueDate { get; set; }
+    public bool ClearDueDate { get; set; }
+    public Guid? AssignedToUserId { get; set; }
+    public AppUser? AssignedToUser { get; set; }
+    public bool ClearAssignedUser { get; set; }
+
+    public EditRequestStatus StatusOfRequest { get; set; } = EditRequestStatus.Pending;
+    public string? OwnerNote { get; set; }
+
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime? ResolvedAt { get; set; }
+}

package/backend/Models/TaskItem.cs

@@ -0,0 +1,25 @@
+using DevTasks.Api.Enums;
+
+namespace DevTasks.Api.Models;
+
+public sealed class TaskItem
+{
+    public int Id { get; set; }
+    public string Title { get; set; } = string.Empty;
+    public string Description { get; set; } = string.Empty;
+    public TaskState Status { get; set; } = TaskState.Todo;
+    public TaskPriority Priority { get; set; } = TaskPriority.Medium;
+    public TaskVisibility Visibility { get; set; } = TaskVisibility.Private;
+    public DateTime? DueDate { get; set; }
+
+    public Guid CreatedByUserId { get; set; }
+    public AppUser? CreatedByUser { get; set; }
+
+    public Guid? AssignedToUserId { get; set; }
+    public AppUser? AssignedToUser { get; set; }
+
+    public ICollection<TaskEditRequest> EditRequests { get; set; } = new List<TaskEditRequest>();
+
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime UpdatedAt { get; set; } = DateTime.UtcNow;
+}

package/backend/Program.cs

@@ -0,0 +1,138 @@
+using System.Text;
+using System.Text.Json.Serialization;
+using System.Threading.RateLimiting;
+using DevTasks.Api.Data;
+using DevTasks.Api.Services;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.RateLimiting;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+
+var builder = WebApplication.CreateBuilder(args);
+
+var dbFolder = Path.Combine(builder.Environment.ContentRootPath, "data");
+Directory.CreateDirectory(dbFolder);
+
+builder.Services
+    .AddControllers()
+    .AddJsonOptions(options =>
+    {
+        options.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
+    });
+
+builder.Services.AddDbContext<AppDbContext>(options =>
+{
+    var provider = builder.Configuration["Database:Provider"] ?? "Sqlite";
+
+    if (provider.Equals("Postgres", StringComparison.OrdinalIgnoreCase) ||
+        provider.Equals("PostgreSQL", StringComparison.OrdinalIgnoreCase) ||
+        provider.Equals("Npgsql", StringComparison.OrdinalIgnoreCase))
+    {
+        var connectionString = builder.Configuration.GetConnectionString("PostgresConnection")
+            ?? builder.Configuration.GetConnectionString("DefaultConnection")
+            ?? throw new InvalidOperationException("Postgres connection string is missing.");
+
+        options.UseNpgsql(connectionString);
+    }
+    else
+    {
+        var connectionString = builder.Configuration.GetConnectionString("DefaultConnection")
+            ?? throw new InvalidOperationException("SQLite connection string is missing.");
+
+        options.UseSqlite(connectionString);
+    }
+});
+
+builder.Services.AddScoped<PasswordHasher>();
+builder.Services.AddScoped<TokenService>();
+builder.Services.AddScoped<ActivityService>();
+
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy("Frontend", policy =>
+    {
+        policy
+            .WithOrigins("http://localhost:5173", "http://127.0.0.1:5173")
+            .AllowAnyHeader()
+            .AllowAnyMethod();
+    });
+});
+
+builder.Services.AddRateLimiter(options =>
+{
+    options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
+
+    options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(context =>
+    {
+        var ipAddress = context.Connection.RemoteIpAddress?.ToString() ?? "unknown";
+
+        return RateLimitPartition.GetFixedWindowLimiter(
+            partitionKey: ipAddress,
+            factory: _ => new FixedWindowRateLimiterOptions
+            {
+                PermitLimit = 100,
+                Window = TimeSpan.FromMinutes(1),
+                QueueLimit = 0,
+                AutoReplenishment = true
+            });
+    });
+
+    options.OnRejected = async (context, token) =>
+    {
+        context.HttpContext.Response.ContentType = "application/json";
+        await context.HttpContext.Response.WriteAsJsonAsync(
+            new { message = "Too many requests. Please try again later." },
+            token);
+    };
+});
+
+var jwtKey = builder.Configuration["Jwt:Key"];
+if (string.IsNullOrWhiteSpace(jwtKey) || jwtKey.Length < 32)
+{
+    throw new InvalidOperationException("Jwt:Key must be at least 32 characters.");
+}
+
+builder.Services
+    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.TokenValidationParameters = new TokenValidationParameters
+        {
+            ValidateIssuer = true,
+            ValidIssuer = builder.Configuration["Jwt:Issuer"],
+            ValidateAudience = true,
+            ValidAudience = builder.Configuration["Jwt:Audience"],
+            ValidateLifetime = true,
+            ValidateIssuerSigningKey = true,
+            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey)),
+            ClockSkew = TimeSpan.Zero
+        };
+    });
+
+builder.Services.AddAuthorization();
+
+var app = builder.Build();
+
+app.UseCors("Frontend");
+app.UseRateLimiter();
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapGet("/", () => Results.Ok(new
+{
+    Name = "DevTasks API",
+    Status = "Running",
+    Url = "http://localhost:5058"
+}));
+
+app.MapControllers();
+
+using (var scope = app.Services.CreateScope())
+{
+    var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
+    var hasher = scope.ServiceProvider.GetRequiredService<PasswordHasher>();
+    await db.Database.EnsureCreatedAsync();
+    await DbSeeder.SeedAsync(db, hasher);
+}
+
+app.Run();

package/backend/Properties/launchSettings.json

@@ -0,0 +1,13 @@
+{
+  "profiles": {
+    "DevTasks.Api": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": false,
+      "applicationUrl": "http://localhost:5058",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

package/backend/Services/ActivityService.cs

@@ -0,0 +1,28 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Models;
+
+namespace DevTasks.Api.Services;
+
+public sealed class ActivityService
+{
+    private readonly AppDbContext _db;
+
+    public ActivityService(AppDbContext db)
+    {
+        _db = db;
+    }
+
+    public async Task AddAsync(string action, string entityName, string entityId, Guid userId)
+    {
+        _db.ActivityLogs.Add(new ActivityLog
+        {
+            Action = action,
+            EntityName = entityName,
+            EntityId = entityId,
+            UserId = userId,
+            CreatedAt = DateTime.UtcNow
+        });
+
+        await _db.SaveChangesAsync();
+    }
+}

package/backend/Services/PasswordHasher.cs

@@ -0,0 +1,58 @@
+using System.Security.Cryptography;
+
+namespace DevTasks.Api.Services;
+
+public sealed class PasswordHasher
+{
+    private const int SaltSize = 16;
+    private const int HashSize = 32;
+    private const int Iterations = 100_000;
+
+    public string Hash(string password)
+    {
+        if (string.IsNullOrWhiteSpace(password))
+        {
+            throw new ArgumentException("Password is required.", nameof(password));
+        }
+
+        var salt = RandomNumberGenerator.GetBytes(SaltSize);
+        var hash = Rfc2898DeriveBytes.Pbkdf2(
+            password,
+            salt,
+            Iterations,
+            HashAlgorithmName.SHA256,
+            HashSize);
+
+        return $"PBKDF2${Iterations}${Convert.ToBase64String(salt)}${Convert.ToBase64String(hash)}";
+    }
+
+    public bool Verify(string password, string storedHash)
+    {
+        if (string.IsNullOrWhiteSpace(password) || string.IsNullOrWhiteSpace(storedHash))
+        {
+            return false;
+        }
+
+        var parts = storedHash.Split('$');
+        if (parts.Length != 4 || parts[0] != "PBKDF2")
+        {
+            return false;
+        }
+
+        if (!int.TryParse(parts[1], out var iterations))
+        {
+            return false;
+        }
+
+        var salt = Convert.FromBase64String(parts[2]);
+        var expectedHash = Convert.FromBase64String(parts[3]);
+        var actualHash = Rfc2898DeriveBytes.Pbkdf2(
+            password,
+            salt,
+            iterations,
+            HashAlgorithmName.SHA256,
+            expectedHash.Length);
+
+        return CryptographicOperations.FixedTimeEquals(actualHash, expectedHash);
+    }
+}

package/backend/Services/TokenService.cs

@@ -0,0 +1,49 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using DevTasks.Api.Models;
+using Microsoft.IdentityModel.Tokens;
+
+namespace DevTasks.Api.Services;
+
+public sealed class TokenService
+{
+    private readonly IConfiguration _configuration;
+
+    public TokenService(IConfiguration configuration)
+    {
+        _configuration = configuration;
+    }
+
+    public string CreateToken(AppUser user)
+    {
+        var key = _configuration["Jwt:Key"]
+            ?? throw new InvalidOperationException("Jwt:Key is missing.");
+
+        var expiresDays = int.TryParse(_configuration["Jwt:ExpiresDays"], out var days)
+            ? days
+            : 7;
+
+        var claims = new List<Claim>
+        {
+            new(ClaimTypes.NameIdentifier, user.Id.ToString()),
+            new(ClaimTypes.Name, user.FullName),
+            new(ClaimTypes.Email, user.Email),
+            new(ClaimTypes.Role, user.Role.ToString()),
+            new("fullName", user.FullName)
+        };
+
+        var credentials = new SigningCredentials(
+            new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
+            SecurityAlgorithms.HmacSha256);
+
+        var token = new JwtSecurityToken(
+            issuer: _configuration["Jwt:Issuer"],
+            audience: _configuration["Jwt:Audience"],
+            claims: claims,
+            expires: DateTime.UtcNow.AddDays(expiresDays),
+            signingCredentials: credentials);
+
+        return new JwtSecurityTokenHandler().WriteToken(token);
+    }
+}

package/backend/appsettings.Development.json

@@ -0,0 +1,10 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Warning",
+      "Microsoft.AspNetCore": "Warning",
+      "Microsoft.Hosting.Lifetime": "Warning",
+      "Microsoft.EntityFrameworkCore.Database.Command": "Warning"
+    }
+  }
+}

package/backend/appsettings.json

@@ -0,0 +1,24 @@
+{
+  "Database": {
+    "Provider": "Sqlite"
+  },
+  "ConnectionStrings": {
+    "DefaultConnection": "Data Source=data/devtasks.db",
+    "PostgresConnection": "Host=localhost;Port=5432;Database=devtasks;Username=postgres;Password=postgres"
+  },
+  "Logging": {
+    "LogLevel": {
+      "Default": "Warning",
+      "Microsoft.AspNetCore": "Warning",
+      "Microsoft.Hosting.Lifetime": "Warning",
+      "Microsoft.EntityFrameworkCore.Database.Command": "Warning"
+    }
+  },
+  "Jwt": {
+    "Key": "CHANGE_THIS_DEV_ONLY_SECRET_KEY_32_CHARS_MINIMUM",
+    "Issuer": "DevTasks.Api",
+    "Audience": "DevTasks.Web",
+    "ExpiresDays": 7
+  },
+  "AllowedHosts": "*"
+}

package/frontend/index.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>DevTasks</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>