MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware

Browse Source 
- Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups)
- Implement RLS policies with SET LOCAL for tenant isolation
- Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback
- Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header
- Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor)
- Configure AppDbContext with tenant scoping and RLS support
- Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture
- Write TDD integration tests for multi-tenant isolation and RLS enforcement
- Add health check null safety for connection string

Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
This commit is contained in:
WorkClub Automation
2026-03-03 14:32:21 +01:00
parent b9edbb8a65
commit 28964c6767
35 changed files with 4006 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs Normal file
View File

@@ -0,0 +1,42 @@
using System.Security.Claims;
using System.Text.Encodings.Web;
using System.Text.Json;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace WorkClub.Tests.Integration.Infrastructure;
public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public TestAuthHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder)
: base(options, logger, encoder)
{
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var clubsClaim = Context.Request.Headers["X-Test-Clubs"].ToString();
var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, "test-user"),
new Claim(ClaimTypes.Email, string.IsNullOrEmpty(emailClaim) ? "test@test.com" : emailClaim),
};
if (!string.IsNullOrEmpty(clubsClaim))
{
claims.Add(new Claim("clubs", clubsClaim));
}
var identity = new ClaimsIdentity(claims, "Test");
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, "Test");
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}