dmolinari
0b4af4c332
Wires the request-scoped audit context per design #D-2:
Middleware pipeline in Program.cs:
app.UseCors()
app.UseMiddleware<CorrelationIdMiddleware>() // PRE-AUTH
app.UseAuthentication()
app.UseMiddleware<AuditActorMiddleware>() // POST-AUTH
app.UseAuthorization()
app.MapControllers()
SIGCM2.Api/Middleware/CorrelationIdMiddleware.cs:
- Preserves client-sent X-Correlation-Id header when a valid GUID, otherwise
generates Guid.NewGuid(). Stores in HttpContext.Items (audit:correlationId).
- Captures Ip (Connection.RemoteIpAddress) + UserAgent header into Items.
- Echoes the correlation id back via response header (OnStarting + immediate
set — immediate set makes unit testing against DefaultHttpContext reliable).
SIGCM2.Api/Middleware/AuditActorMiddleware.cs:
- Reads JWT 'sub' claim from authenticated HttpContext.User, parses to int,
stores as audit:actorUserId. Anonymous / non-numeric sub leaves it unset.
SIGCM2.Infrastructure/Audit/AuditContext.cs (IAuditContext scoped impl):
- Reads Items entries via IHttpContextAccessor. Returns null / Guid.Empty
when no HttpContext is available (jobs, tests without middleware).
- ActorRoleId intentionally null for now — rol code → id resolution is
deferred; the logger may resolve it at persist time in a later batch.
DI registration (Infrastructure/DependencyInjection.cs):
- services.AddScoped<IAuditContext, AuditContext>()
Tests (Strict TDD):
- CorrelationIdMiddlewareTests (6): generates/preserves/handles-malformed
correlation id, sets response header, captures ip/ua, calls next.
- AuditActorMiddlewareTests (5): authenticated/anonymous/no-sub/non-numeric/
calls-next.
- AuditContextTests (7): reads from Items, null-http-context defaults,
ActorRoleId currently null.
Suite: 355/355 Application.Tests + 141/141 Api.Tests = 496/496 passing.
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-AUD-3/9, design#D-2, tasks#B4}
SIG-CM 2.0
Sistema de gestión comercial — migración del sistema legacy (VB6) a una plataforma web moderna.
Stack
- Backend: .NET 10 · C# 13 · ASP.NET Core · Clean Architecture · Dapper 2.x · SQL Server 2022 · JWT RS256 · Serilog · FluentValidation · xUnit + NSubstitute
- Frontend: React 19 · TypeScript 5 strict · Vite 6 · Tailwind 4 · Zustand · React Router 7 · TanStack Query · Axios · Vitest + RTL
- Infra: Docker · Gitea Actions · Obsidian (documentación interna) · SQL Server
Estructura
src/api/ # Backend .NET (Clean Architecture)
SIGCM2.Api/ controllers, filters, Program.cs
SIGCM2.Application/ commands, handlers, validators, abstractions
SIGCM2.Domain/ entities, exceptions, domain security
SIGCM2.Infrastructure/ persistence (Dapper), security, DI
src/web/ # Frontend React 19 (Vite + TS strict)
src/features/ feature modules (auth, users, …)
src/components/ shared UI + layout
src/tests/ Vitest suites
database/
migrations/ .sql con orden Vxxx
seeds/ datos iniciales
schemas/ definiciones auxiliares
tests/
SIGCM2.Api.Tests/ integration (TestWebAppFactory + SQL Server)
SIGCM2.Application.Tests/ unit (handlers, validators)
SIGCM2.TestSupport/ fixtures compartidas
Obsidian/ # Source of truth funcional (IGNORADO por git)
STATUS.md roadmap y estado de UDTs
INSTRUCCIONES_IA.md SOP del agente de IA
02-ARQUITECTURA.../ specs por módulo
Cómo correr
Requisitos
- .NET 10 SDK
- Node 20+
- SQL Server 2019+ (local o remoto)
Backend
cd src/api/SIGCM2.Api
dotnet run
Config en appsettings.json (DB: SIGCM2, usuario desarrollo, server TECNICA3). Para tests de integración se usa SIGCM2_Test.
Frontend
cd src/web
npm install
npm run dev
Tests
# Backend
dotnet test tests/SIGCM2.Application.Tests # unit
dotnet test tests/SIGCM2.Api.Tests # integration (requiere SIGCM2_Test)
# Frontend
cd src/web && npx vitest run
Convenciones
- Ramas:
feature/UDT-XXXdesdemain. - Commits:
tipo(módulo): descripción—feat,fix,docs,refactor,test,chore,security. - Orden de trabajo por UDT: BD → Backend → Frontend.
- Desarrollo guiado por Spec-Driven Development (SDD) + Strict TDD.
- Follow-ups / deuda técnica se registran como issues de Gitea con label
followup.