Skip to content
/ CleanArchitecture Public

The RESTful Api implements authentication and role based authorization using JWT access tokens and Silent Authentication. The Reach SPA client enables 'Create', 'Update' and 'Delete' operations for Products Admin user and 'Read' for Anonymous users. Cart persists across sessions. Front-end uses React/Typescript for sorting and filtering of products

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sduzair/CleanArchitecture

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
img
img
 
 
src
src
 
 
tests/Application.IntegrationTests
tests/Application.IntegrationTests
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
CleanArchitecture.sln
CleanArchitecture.sln
 
 
README.md
README.md
 
 

Repository files navigation

CleanArchitecture

C# TypeScript AWS Azure .Net Bootstrap NPM NodeJS React MySQL Docker Postman Swagger

Description

This is a sample project that implements Clean Architecture in ASP.NET Core by using principles of Tactical DDD (Domain Driver Design).

The RESTful Api implements authentication and authorization using Access Tokens and Silent Authentication. Also implements role based authorization using IdentityDbContext. The React SPA client enables 'Create', 'Update' and 'Delete' operations for Products Admin user and 'Read' for Anonymous users. Cart persists across sessions. Front-end uses React/Typescript for sorting and filtering of products.


Table of Contents
  1. Features
  2. Getting Started

Features

Authentication and Authorization

  • Access Tokens
    • JWT Tokens are used for authentication and authorization. The tokens are passed in the cookie header and are sent with every request to the API server. The tokens are validated using the ASP.NET Core Identity framework in the Infrastructure Layer. They consist of claims that identify the user and the roles they belong to. The tokens are signed using a secret key that is stored in the appsettings.json file1. The tokens are valid for 30 minutes and are refreshed automatically when the user is active. The tokens are invalidated when the user logs out or when the user's password is changed.
  • Silent Authentication
    • The user is automatically logged in when the token expires. The user is not prompted to enter their credentials again. The user is redirected to the login page when the token expires and the user is not active. Refresh tokens are used to refresh the access tokens. The refresh tokens are stored in the database and are valid for 7 days. The refresh tokens are invalidated when the user logs out or when the user's password is changed.

Presentation layer

  • Controllers
    • handle the incoming HTTP requests and return the appropriate HTTP responses and status codes conforming to the specified Contracts.
    • Validate the incoming requests.
    • Call Application Layer services to perform the business logic.
    • The responses conform to the Problem Details specification.
  • React SPA
    • The client is hosted in the same project as the API server2. The client is served by the API server when the user navigates to the root URL. The client uses the React Bootstrap library to implement the UI.

Application Layer

  • Services
    • The services direct the expressive Domain objects in the Domain Layer to carry out business logic. Invoke repositories for persistence needs. Called by the controllers in Presentation Layer. The services are injected with the required dependencies using the IoC Container. The services handle all their persistence through Repositories.
  • Mediator
    • The Mediator pattern is used to implement the CQRS pattern. The Mediator is injected into the services and is used to send commands and queries to the Command and Query Handlers. The Command and Query Handlers are injected with the required dependencies using the IoC Container. The Command and Query Handlers handle all their persistence through Repositories. The Command and Query Handlers implement the Unit of Work pattern to handle transactional behavior. The Entity Framework Core is used as the ORM.
  • Mappings
    • The Mapster library is used to map the domain entities to DTOs and vice versa.
  • Validation
    • The FluentValidation library is used to implement the validation of incoming requests. The validation rules are specified in the DTOs. The validation rules are executed automatically by the pipeline and the appropriate HTTP status codes are returned when the validation fails3.

Domain Layer

  • Responsible for representing the business logic and the business rules. State that reflects the business situation is controlled here and the technical details of storing it are delegated to the Infrastructure Layer. The Domain Layer is not aware of the other layers. The Domain Layer is not aware of

    • the database or the ORM (Infrastructure).
    • the UI or the API (Presentation).
    • the Application services.

  • Entities

    • Have a thread of continuity and identity.
    • Has a lifecycle and passes through multiple forms.
    • Examples: Product, Order, Customer, Transaction, etc.

  • Value Objects

    • They describe the state of an entity.
    • They are immutable.

  • Aggregates

    • They are a cluster of associated objects that we treat as a unit for the purpose of data changes.
      • Define clear ownership boundaries.
      • They are designed to minimize the amount of interference in concurrent transactional operations.
    • They are the root of the object graph.
    • They mark the scope within which invariants are enforced.

Infrastructure Layer

  • The Infrastructure Layer is responsible for the implementation details of the application. It is the lowest layer in the application. It is responsible for the following:

    • Persistence
    • Logging
    • Caching
    • Messaging
    • Configuration
    • Authentication and Authorization
    • External Services

  • The Infrastructure Layer is aware of the other layers. It is aware of the Domain Layer and the Application Layer. It is not aware of the Presentation Layer.

  • Dependency Inversion

    • High-level modules should not depend on low-level modules. Both should depend on abstractions.
    • Abstractions should not depend on details. Details should depend on abstractions.

Fig.1 - Traditional Layered Architecture.

Fig.2 - Dependency Inverison.

Getting Started

Prerequisites

Installation

  1. Clone the repo
git clone
  1. Install NuGet packages
dotnet restore
  1. Add dev secret to WebApp Secret.json
{
    JwtTokenOptions: {
        Secret: "super-secret-32-characters-longg"
    }
}
  1. Run the project
dotnet run

Usage

Swagger

  • Open the browser and navigate to https://localhost:<PORT>/swagger/index.html (Development environment)

Footnotes

  1. The secret key should be stored in a secure location and not in the appsettings.json file. The secret key is used to sign the tokens and should be kept secret. The secret key can be stored in the Azure Key Vault or in the Azure App Configuration service.

  2. SameSite attribute is set as Strict to prevent CSRF attacks.

  3. Exceptions need to be caught is try-catch blocks, so they behave like a goto statement which is considered bad practice and should be avoided.

About

The RESTful Api implements authentication and role based authorization using JWT access tokens and Silent Authentication. The Reach SPA client enables 'Create', 'Update' and 'Delete' operations for Products Admin user and 'Read' for Anonymous users. Cart persists across sessions. Front-end uses React/Typescript for sorting and filtering of products

Topics

react typescript dotnet-core net7

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages