[CLAUDE] Phase1: foundation - BE Clean Arch + Identity + JWT + 2 FE React + login E2E

Backend (.NET 10): - Domain: BaseEntity/AuditableEntity, ContractType/Phase/ApprovalDecision enums, User/Role (Identity<Guid>), AppRoles (12 const) - Application: IApplicationDbContext/ICurrentUser/IDateTime/IJwtTokenService, custom exceptions, ValidationBehavior (MediatR pipeline), Auth CQRS (Login/Refresh/Me), DependencyInjection - Infrastructure: ApplicationDbContext (IdentityDbContext), AuditingInterceptor (auto audit + soft delete), DbInitializer (seed 12 role + admin), DesignTimeDbContextFactory, JwtTokenService, DateTimeService, DI - Api: CurrentUserService, GlobalExceptionMiddleware (ProblemDetails), AuthController, Program.cs rewrite (Serilog + JWT + CORS + Swagger), appsettings + launchSettings (port 5443) - Migration Init applied to SolutionErp_Dev LocalDB Frontend (React 19 + Vite 8 + Tailwind 4): - fe-admin (:8082 blue) + fe-user (:8080 emerald) - shared structure, khac menu + brand color - Tailwind 4 via @tailwindcss/vite plugin, theme brand colors - AuthContext (localStorage token), ProtectedRoute, Layout (sidebar + header) - UI kit: Button/Input/Label (CVA + Tailwind) - LoginPage voi toast error, DashboardPage/InboxPage placeholder - Axios interceptor: auto Bearer + 401 redirect - TanStack Query client, React Router 7, Sonner toast Package downgrades (do .NET 10 / TS 6 compat): - MediatR 14 -> 12.4.1 (v14 breaking changes) - Swashbuckle 10 -> 6.9.0 (v10 khong tuong thich OpenApi 2) - Removed Microsoft.AspNetCore.OpenApi (conflict voi Swashbuckle) E2E verified: POST /api/auth/login qua Vite proxy ca 2 FE -> JWT + user info Credentials seed: admin@solutionerp.local / Admin@123456 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 10:59:44 +07:00
parent 25dad7f36f
commit 702411fcc8
85 changed files with 10326 additions and 964 deletions
--- a/src/Backend/SolutionErp.Application/Auth/Commands/Login/LoginCommand.cs
+++ b/src/Backend/SolutionErp.Application/Auth/Commands/Login/LoginCommand.cs
@ -0,0 +1,55 @@
+using FluentValidation;
+using MediatR;
+using Microsoft.AspNetCore.Identity;
+using SolutionErp.Application.Auth.Dtos;
+using SolutionErp.Application.Common.Exceptions;
+using SolutionErp.Application.Common.Interfaces;
+using SolutionErp.Domain.Identity;
+
+namespace SolutionErp.Application.Auth.Commands.Login;
+
+public record LoginCommand(string Email, string Password) : IRequest<AuthResponseDto>;
+
+public class LoginCommandValidator : AbstractValidator<LoginCommand>
+{
+    public LoginCommandValidator()
+    {
+        RuleFor(x => x.Email).NotEmpty().EmailAddress();
+        RuleFor(x => x.Password).NotEmpty().MinimumLength(6);
+    }
+}
+
+public class LoginCommandHandler : IRequestHandler<LoginCommand, AuthResponseDto>
+{
+    private readonly UserManager<User> _userManager;
+    private readonly IJwtTokenService _jwtTokenService;
+
+    public LoginCommandHandler(UserManager<User> userManager, IJwtTokenService jwtTokenService)
+    {
+        _userManager = userManager;
+        _jwtTokenService = jwtTokenService;
+    }
+
+    public async Task<AuthResponseDto> Handle(LoginCommand request, CancellationToken cancellationToken)
+    {
+        var user = await _userManager.FindByEmailAsync(request.Email);
+        if (user is null || !user.IsActive)
+            throw new UnauthorizedException("Email hoặc mật khẩu không đúng.");
+
+        if (!await _userManager.CheckPasswordAsync(user, request.Password))
+            throw new UnauthorizedException("Email hoặc mật khẩu không đúng.");
+
+        var roles = await _userManager.GetRolesAsync(user);
+        var tokens = await _jwtTokenService.GenerateTokensAsync(user, roles);
+
+        user.RefreshToken = tokens.RefreshToken;
+        user.RefreshTokenExpiresAt = tokens.RefreshTokenExpiresAt;
+        await _userManager.UpdateAsync(user);
+
+        return new AuthResponseDto(
+            tokens.AccessToken,
+            tokens.RefreshToken,
+            tokens.RefreshTokenExpiresAt,
+            new UserInfoDto(user.Id, user.Email!, user.FullName, roles.ToList()));
+    }
+}
--- a/src/Backend/SolutionErp.Application/Auth/Commands/Refresh/RefreshTokenCommand.cs
+++ b/src/Backend/SolutionErp.Application/Auth/Commands/Refresh/RefreshTokenCommand.cs
@ -0,0 +1,56 @@
+using FluentValidation;
+using MediatR;
+using Microsoft.AspNetCore.Identity;
+using SolutionErp.Application.Auth.Dtos;
+using SolutionErp.Application.Common.Exceptions;
+using SolutionErp.Application.Common.Interfaces;
+using SolutionErp.Domain.Identity;
+
+namespace SolutionErp.Application.Auth.Commands.Refresh;
+
+public record RefreshTokenCommand(string RefreshToken) : IRequest<AuthResponseDto>;
+
+public class RefreshTokenCommandValidator : AbstractValidator<RefreshTokenCommand>
+{
+    public RefreshTokenCommandValidator()
+    {
+        RuleFor(x => x.RefreshToken).NotEmpty();
+    }
+}
+
+public class RefreshTokenCommandHandler : IRequestHandler<RefreshTokenCommand, AuthResponseDto>
+{
+    private readonly UserManager<User> _userManager;
+    private readonly IJwtTokenService _jwtTokenService;
+    private readonly IDateTime _dateTime;
+
+    public RefreshTokenCommandHandler(
+        UserManager<User> userManager,
+        IJwtTokenService jwtTokenService,
+        IDateTime dateTime)
+    {
+        _userManager = userManager;
+        _jwtTokenService = jwtTokenService;
+        _dateTime = dateTime;
+    }
+
+    public async Task<AuthResponseDto> Handle(RefreshTokenCommand request, CancellationToken cancellationToken)
+    {
+        var user = _userManager.Users.FirstOrDefault(u => u.RefreshToken == request.RefreshToken);
+        if (user is null || user.RefreshTokenExpiresAt is null || user.RefreshTokenExpiresAt < _dateTime.UtcNow)
+            throw new UnauthorizedException("Refresh token không hợp lệ hoặc đã hết hạn.");
+
+        var roles = await _userManager.GetRolesAsync(user);
+        var tokens = await _jwtTokenService.GenerateTokensAsync(user, roles);
+
+        user.RefreshToken = tokens.RefreshToken;
+        user.RefreshTokenExpiresAt = tokens.RefreshTokenExpiresAt;
+        await _userManager.UpdateAsync(user);
+
+        return new AuthResponseDto(
+            tokens.AccessToken,
+            tokens.RefreshToken,
+            tokens.RefreshTokenExpiresAt,
+            new UserInfoDto(user.Id, user.Email!, user.FullName, roles.ToList()));
+    }
+}
--- a/src/Backend/SolutionErp.Application/Auth/Dtos/AuthResponseDto.cs
+++ b/src/Backend/SolutionErp.Application/Auth/Dtos/AuthResponseDto.cs
@ -0,0 +1,13 @@
+namespace SolutionErp.Application.Auth.Dtos;
+
+public record AuthResponseDto(
+    string AccessToken,
+    string RefreshToken,
+    DateTime RefreshTokenExpiresAt,
+    UserInfoDto User);
+
+public record UserInfoDto(
+    Guid Id,
+    string Email,
+    string FullName,
+    IReadOnlyList<string> Roles);
--- a/src/Backend/SolutionErp.Application/Auth/Queries/Me/GetMeQuery.cs
+++ b/src/Backend/SolutionErp.Application/Auth/Queries/Me/GetMeQuery.cs
@ -0,0 +1,34 @@
+using MediatR;
+using Microsoft.AspNetCore.Identity;
+using SolutionErp.Application.Auth.Dtos;
+using SolutionErp.Application.Common.Exceptions;
+using SolutionErp.Application.Common.Interfaces;
+using SolutionErp.Domain.Identity;
+
+namespace SolutionErp.Application.Auth.Queries.Me;
+
+public record GetMeQuery : IRequest<UserInfoDto>;
+
+public class GetMeQueryHandler : IRequestHandler<GetMeQuery, UserInfoDto>
+{
+    private readonly ICurrentUser _currentUser;
+    private readonly UserManager<User> _userManager;
+
+    public GetMeQueryHandler(ICurrentUser currentUser, UserManager<User> userManager)
+    {
+        _currentUser = currentUser;
+        _userManager = userManager;
+    }
+
+    public async Task<UserInfoDto> Handle(GetMeQuery request, CancellationToken cancellationToken)
+    {
+        if (!_currentUser.IsAuthenticated || _currentUser.UserId is null)
+            throw new UnauthorizedException();
+
+        var user = await _userManager.FindByIdAsync(_currentUser.UserId.Value.ToString())
+            ?? throw new UnauthorizedException();
+
+        var roles = await _userManager.GetRolesAsync(user);
+        return new UserInfoDto(user.Id, user.Email!, user.FullName, roles.ToList());
+    }
+}
--- a/src/Backend/SolutionErp.Application/Common/Behaviors/ValidationBehavior.cs
+++ b/src/Backend/SolutionErp.Application/Common/Behaviors/ValidationBehavior.cs
@ -0,0 +1,33 @@
+using FluentValidation;
+using MediatR;
+using ValidationException = SolutionErp.Application.Common.Exceptions.ValidationException;
+
+namespace SolutionErp.Application.Common.Behaviors;
+
+public class ValidationBehavior<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse>
+    where TRequest : notnull
+{
+    private readonly IEnumerable<IValidator<TRequest>> _validators;
+
+    public ValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
+    {
+        _validators = validators;
+    }
+
+    public async Task<TResponse> Handle(TRequest request, RequestHandlerDelegate<TResponse> next, CancellationToken cancellationToken)
+    {
+        if (!_validators.Any())
+            return await next();
+
+        var context = new ValidationContext<TRequest>(request);
+        var failures = (await Task.WhenAll(_validators.Select(v => v.ValidateAsync(context, cancellationToken))))
+            .SelectMany(r => r.Errors)
+            .Where(f => f is not null)
+            .ToList();
+
+        if (failures.Count != 0)
+            throw new ValidationException(failures);
+
+        return await next();
+    }
+}
--- a/src/Backend/SolutionErp.Application/Common/Exceptions/ApplicationException.cs
+++ b/src/Backend/SolutionErp.Application/Common/Exceptions/ApplicationException.cs
@ -0,0 +1,40 @@
+namespace SolutionErp.Application.Common.Exceptions;
+
+public class NotFoundException : Exception
+{
+    public NotFoundException(string message) : base(message) { }
+    public NotFoundException(string entity, object id)
+        : base($"{entity} với id '{id}' không tồn tại.") { }
+}
+
+public class ValidationException : Exception
+{
+    public IDictionary<string, string[]> Errors { get; }
+
+    public ValidationException() : base("Có lỗi trong dữ liệu gửi lên.")
+    {
+        Errors = new Dictionary<string, string[]>();
+    }
+
+    public ValidationException(IEnumerable<FluentValidation.Results.ValidationFailure> failures) : this()
+    {
+        Errors = failures
+            .GroupBy(f => f.PropertyName)
+            .ToDictionary(g => g.Key, g => g.Select(e => e.ErrorMessage).ToArray());
+    }
+}
+
+public class ForbiddenException : Exception
+{
+    public ForbiddenException(string message = "Không đủ quyền thực hiện thao tác này.") : base(message) { }
+}
+
+public class UnauthorizedException : Exception
+{
+    public UnauthorizedException(string message = "Chưa đăng nhập hoặc token không hợp lệ.") : base(message) { }
+}
+
+public class ConflictException : Exception
+{
+    public ConflictException(string message) : base(message) { }
+}
--- a/src/Backend/SolutionErp.Application/Common/Interfaces/IApplicationDbContext.cs
+++ b/src/Backend/SolutionErp.Application/Common/Interfaces/IApplicationDbContext.cs
@ -0,0 +1,6 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IApplicationDbContext
+{
+    Task<int> SaveChangesAsync(CancellationToken cancellationToken = default);
+}
--- a/src/Backend/SolutionErp.Application/Common/Interfaces/ICurrentUser.cs
+++ b/src/Backend/SolutionErp.Application/Common/Interfaces/ICurrentUser.cs
@ -0,0 +1,10 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface ICurrentUser
+{
+    Guid? UserId { get; }
+    string? Email { get; }
+    string? FullName { get; }
+    IReadOnlyList<string> Roles { get; }
+    bool IsAuthenticated { get; }
+}
--- a/src/Backend/SolutionErp.Application/Common/Interfaces/IDateTime.cs
+++ b/src/Backend/SolutionErp.Application/Common/Interfaces/IDateTime.cs
@ -0,0 +1,7 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IDateTime
+{
+    DateTime UtcNow { get; }
+    DateTime Now { get; }
+}
--- a/src/Backend/SolutionErp.Application/Common/Interfaces/IJwtTokenService.cs
+++ b/src/Backend/SolutionErp.Application/Common/Interfaces/IJwtTokenService.cs
@ -0,0 +1,9 @@
+using SolutionErp.Domain.Identity;
+
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IJwtTokenService
+{
+    Task<(string AccessToken, string RefreshToken, DateTime RefreshTokenExpiresAt)> GenerateTokensAsync(User user, IList<string> roles);
+    Task<Guid?> ValidateRefreshTokenAsync(string userId, string refreshToken);
+}
--- a/src/Backend/SolutionErp.Application/DependencyInjection.cs
+++ b/src/Backend/SolutionErp.Application/DependencyInjection.cs
@ -0,0 +1,23 @@
+using FluentValidation;
+using MediatR;
+using Microsoft.Extensions.DependencyInjection;
+using SolutionErp.Application.Common.Behaviors;
+
+namespace SolutionErp.Application;
+
+public static class DependencyInjection
+{
+    public static IServiceCollection AddApplication(this IServiceCollection services)
+    {
+        var assembly = typeof(DependencyInjection).Assembly;
+
+        services.AddMediatR(cfg =>
+        {
+            cfg.RegisterServicesFromAssembly(assembly);
+            cfg.AddOpenBehavior(typeof(ValidationBehavior<,>));
+        });
+        services.AddValidatorsFromAssembly(assembly);
+
+        return services;
+    }
+}
--- a/src/Backend/SolutionErp.Application/SolutionErp.Application.csproj
+++ b/src/Backend/SolutionErp.Application/SolutionErp.Application.csproj
@ -7,7 +7,8 @@
  <ItemGroup>
    <PackageReference Include="AutoMapper" Version="16.1.1" />
    <PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="12.1.1" />
-    <PackageReference Include="MediatR" Version="14.1.0" />
+    <PackageReference Include="MediatR" Version="12.4.1" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.6" />
  </ItemGroup>

  <PropertyGroup>