refactor: consolidate project structure by migrating authentication, identity, and shared UI components while removing legacy Web Client files.
This commit is contained in:
+1
-1
@@ -4,7 +4,7 @@
|
||||
- **Role:** Lead Architect & Creative Technologist (.NET 10 & Blazor)
|
||||
- **Persona:** Professional, precise, Senior Full-Stack Engineer focused on performance and "invisible UI".
|
||||
- **Architecture Role:** Lead Clean Architecture Specialist.
|
||||
- **Skills:** [nexus-clean-architecture, nexus-ui-engine, nexus-graph-d3, blazor-state-performance, blazor-hybrid-bridge, semantic-kernel-orchestrator]
|
||||
- **Skills:** [nexus-clean-architecture, nexus-ui-engine, nexus-graph-d3, blazor-state-performance, blazor-hybrid-bridge, semantic-kernel-orchestrator, nexus-identity-saas]
|
||||
- **Technical Constraints:**
|
||||
- **Directory Structure:** Strict separation: `/src` (app code) and `/tests` (testing code) at solution root level.
|
||||
- **Patterns:** Mandatory CQRS via `MediatR` (LuckyPennySoftware implementation). No business logic in UI components.
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
---
|
||||
name: nexus-identity-saas
|
||||
description: Standards for Identity, Authentication, and SaaS feature implementations
|
||||
---
|
||||
# Identity & SaaS Integration
|
||||
|
||||
- **Core Identity Model:**
|
||||
- Extend `IdentityUser` to create a custom `NexusUser` model containing SaaS-specific properties (e.g., `AITokenLimit`, `AITokensUsed`, `TenantId`, `CurrentPlan`).
|
||||
- Place core domain models in the core project layer (e.g., `NexusArchitect.Core` or `NexusReader.Domain`).
|
||||
- Configure `ApplicationDbContext` to inherit from `IdentityDbContext<NexusUser>` and map custom fields and relationships correctly.
|
||||
|
||||
- **Authentication Endpoints & Providers:**
|
||||
- Use native ASP.NET Core Identity API endpoints (`/register`, `/login`, `/refresh`) or scaffolded Razor components in Blazor (`Components/Account/Pages`).
|
||||
- Integrate OAuth2 providers (like Google, Facebook, Microsoft) natively via ASP.NET Core's external login providers.
|
||||
- Utilize `SignInManager<TUser>` and `UserManager<TUser>` for custom login logic and user management.
|
||||
|
||||
- **Service Configuration & Policies:**
|
||||
- Register Identity using `builder.Services.AddDefaultIdentity<NexusUser>()` or `AddIdentity<NexusUser, IdentityRole>()` followed by `.AddEntityFrameworkStores<ApplicationDbContext>()`.
|
||||
- Configure `IdentityOptions` in `Program.cs` to enforce strict security standards:
|
||||
- **Password:** `RequireDigit`, `RequireLowercase`, `RequireUppercase`, `RequireNonAlphanumeric`, `RequiredLength` (min 8).
|
||||
- **Lockout:** Set `MaxFailedAccessAttempts` and `DefaultLockoutTimeSpan` to prevent brute-force attacks.
|
||||
- **User:** Enforce `RequireUniqueEmail = true`.
|
||||
|
||||
- **Authorization & Policies:**
|
||||
- Implement Roles and Claims-based authorization.
|
||||
- Create robust Policies (e.g., `ProUser`) and use custom `Requirement` handlers for specific business logic like checking if `AITokensUsed < AITokenLimit`.
|
||||
|
||||
- **Mobile / Blazor Hybrid Auth State:**
|
||||
- Ensure authentication state persists securely within the MAUI container.
|
||||
- Store JWT tokens and sensitive session data in `SecureStorage`.
|
||||
- Provide a seamless mechanism to restore the `AuthenticationStateProvider` on app launch if the token is valid.
|
||||
|
||||
- **SaaS Features & Webhooks:**
|
||||
- Integrate third-party payment/subscription providers (e.g., Stripe) using secure webhooks.
|
||||
- Sync external subscription status with internal user claims and limits (e.g., upgrade `AITokenLimit` upon a webhook success event for a "Pro" plan).
|
||||
|
||||
- **Verification:**
|
||||
- Write unit tests for custom authorization handlers and token limit logic.
|
||||
- Ensure the UI handles unauthorized and out-of-tokens states gracefully and points users to subscription management.
|
||||
Reference in New Issue
Block a user