MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
0a4d99b65bb535c0c61fd8fd3682d890f66eda18
work-club-manager/backend/WorkClub.Infrastructure/Data/Interceptors/TenantDbConnectionInterceptor.cs

104 lines
4.0 KiB
C#
Raw Normal View History

fix(infra): add explicit transaction management to TenantDbConnectionInterceptor for RLS PostgreSQL SET LOCAL only persists within a transaction scope. Added explicit transaction creation if none exists, ensuring tenant context is properly set before queries execute. Fixes tenant isolation for multi-tenant RLS filtering. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-05 16:30:50 +01:00
using System.Data;
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
using System.Data.Common;
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
using Microsoft.AspNetCore.Http;
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
using Microsoft.EntityFrameworkCore.Diagnostics;
using Microsoft.Extensions.Logging;
using Npgsql;
namespace WorkClub.Infrastructure.Data.Interceptors;
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
public class TenantDbConnectionInterceptor : DbCommandInterceptor
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
{
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
private readonly IHttpContextAccessor _httpContextAccessor;
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
private readonly ILogger<TenantDbConnectionInterceptor> _logger;
public TenantDbConnectionInterceptor(
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
IHttpContextAccessor httpContextAccessor,
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
ILogger<TenantDbConnectionInterceptor> logger)
{
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
_httpContextAccessor = httpContextAccessor;
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
_logger = logger;
}
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
public override ValueTask<InterceptionResult<DbDataReader>> ReaderExecutingAsync(
DbCommand command,
CommandEventData eventData,
InterceptionResult<DbDataReader> result,
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
CancellationToken cancellationToken = default)
{
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
SetTenantContext(command);
return base.ReaderExecutingAsync(command, eventData, result, cancellationToken);
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
public override InterceptionResult<DbDataReader> ReaderExecuting(
DbCommand command,
CommandEventData eventData,
InterceptionResult<DbDataReader> result)
{
SetTenantContext(command);
return base.ReaderExecuting(command, eventData, result);
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
}
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
public override ValueTask<InterceptionResult<int>> NonQueryExecutingAsync(
DbCommand command,
CommandEventData eventData,
InterceptionResult<int> result,
CancellationToken cancellationToken = default)
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
{
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
SetTenantContext(command);
return base.NonQueryExecutingAsync(command, eventData, result, cancellationToken);
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
public override InterceptionResult<int> NonQueryExecuting(
DbCommand command,
CommandEventData eventData,
InterceptionResult<int> result)
{
SetTenantContext(command);
return base.NonQueryExecuting(command, eventData, result);
}
style(backend): apply dotnet format whitespace normalization - Applied dotnet format to 24 files in backend/ - Corrects spacing, indentation, and formatting consistency - No functional changes to code logic Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-05 11:07:19 +01:00
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
private void SetTenantContext(DbCommand command)
{
var tenantId = _httpContextAccessor.HttpContext?.Items["TenantId"] as string;
if (!string.IsNullOrWhiteSpace(tenantId) && command.Connection is NpgsqlConnection conn)
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
{
fix(infra): add explicit transaction management to TenantDbConnectionInterceptor for RLS PostgreSQL SET LOCAL only persists within a transaction scope. Added explicit transaction creation if none exists, ensuring tenant context is properly set before queries execute. Fixes tenant isolation for multi-tenant RLS filtering. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-05 16:30:50 +01:00
try
{
// If no transaction exists AND connection is open, start one
// SET LOCAL only persists within a transaction, so we need explicit transaction scope
if (command.Transaction == null && conn.State == ConnectionState.Open)
{
command.Transaction = (NpgsqlTransaction)conn.BeginTransaction();
_logger.LogInformation("SetTenantContext: Started transaction for tenant context");
}
// Execute SET LOCAL as a separate command on the same connection
// This ensures the session variable is properly set before the main query executes
using var setLocalCmd = conn.CreateCommand();
setLocalCmd.CommandText = $"SET LOCAL app.current_tenant_id = '{tenantId}'";
// Use the same transaction if one exists (which it should now)
if (command.Transaction is NpgsqlTransaction transaction)
{
setLocalCmd.Transaction = transaction;
}
// Execute synchronously (safe in interceptor context)
setLocalCmd.ExecuteNonQuery();
_logger.LogInformation("SetTenantContext: Executed SET LOCAL for tenant {TenantId}", tenantId);
}
catch (Exception ex)
{
_logger.LogError(ex, "SetTenantContext: Failed to execute SET LOCAL for tenant {TenantId}", tenantId);
throw;
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
}
Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext Allow SET LOCAL execution for all database commands by removing the transaction check. EF Core creates implicit transactions for queries, so SET LOCAL works regardless. This fixes the issue where read operations without explicit transactions were not getting tenant context set properly, leading to incorrect RLS filtering and data visibility.
2026-03-05 16:08:09 +01:00
else
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
{
fix(infra): add explicit transaction management to TenantDbConnectionInterceptor for RLS PostgreSQL SET LOCAL only persists within a transaction scope. Added explicit transaction creation if none exists, ensuring tenant context is properly set before queries execute. Fixes tenant isolation for multi-tenant RLS filtering. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-05 16:30:50 +01:00
_logger.LogWarning("SetTenantContext: No tenant context available (tenantId={TenantId})", tenantId ?? "null");
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
2026-03-03 14:32:21 +01:00
}
}
}
Reference in New Issue Copy Permalink