josh/YesChef
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Activity

Scope all data access by FamilyId for multi-tenant isolation

Browse Source 
Adds FamilyMembership join (UserId, FamilyId, Role) and a non-null
FamilyId FK on Store, ShoppingList, ShoppingListItem, Recipe, and
RecipeIngredient. FamilyId is denormalized on items/ingredients so the
tenant filter is a single column predicate without joins. Store name
uniqueness is now scoped per family.

JWT issuance stamps a family_id claim; ClaimsPrincipalExtensions exposes
GetFamilyId(). Register validates the supplied invite code against
Family.InviteCode (replacing the env-var equality check) and writes a
FamilyMembership row. OnTokenValidated rejects requests whose user has
been removed from the claimed family since login.

Every endpoint filters by FamilyId on read and stamps it on write.
Cross-family storeId references on list create/update return 400. The
SignalR hub verifies list ownership on JoinList and uses a per-family
overview group, so cross-tenant fan-out is structurally impossible.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Josh Rogers
2026-05-07 23:05:23 -05:00
parent 7c1cfd62e6
commit 9b2db931ee
25 changed files with 1057 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/YesChef.Api.UnitTests/Auth/JwtTokenServiceTests.cs
+6 -5
View File
@@ -24,15 +24,16 @@ public class JwtTokenServiceTests
new JwtSecurityTokenHandler().ReadJwtToken(token);
[Test]
public async Task GenerateToken_includes_user_id_and_name_claims()
public async Task GenerateToken_includes_user_id_name_and_family_claims()
{
var service = BuildService();
var user = new User { Id = 42, Name = "alice", PasswordHash = "x" };
var jwt = Decode(service.GenerateToken(user));
var jwt = Decode(service.GenerateToken(user, familyId: 7));
await Assert.That(jwt.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value).IsEqualTo("42");
await Assert.That(jwt.Claims.First(c => c.Type == ClaimTypes.Name).Value).IsEqualTo("alice");
await Assert.That(jwt.Claims.First(c => c.Type == JwtTokenService.FamilyIdClaim).Value).IsEqualTo("7");
}
[Test]
@@ -41,7 +42,7 @@ public class JwtTokenServiceTests
var service = BuildService();
var user = new User { Id = 1, Name = "bob", PasswordHash = "x" };
var jwt = Decode(service.GenerateToken(user));
var jwt = Decode(service.GenerateToken(user, familyId: 1));
var expectedExpiry = DateTime.UtcNow.AddDays(30);
var delta = (jwt.ValidTo - expectedExpiry).Duration();
@@ -54,7 +55,7 @@ public class JwtTokenServiceTests
var service = BuildService();
var user = new User { Id = 7, Name = "carol", PasswordHash = "x" };
var token = service.GenerateToken(user);
var token = service.GenerateToken(user, familyId: 1);
var validator = new JwtSecurityTokenHandler();
var parameters = new TokenValidationParameters
@@ -77,7 +78,7 @@ public class JwtTokenServiceTests
public async Task GenerateToken_with_different_secret_fails_validation()
{
var service = BuildService();
var token = service.GenerateToken(new User { Id = 1, Name = "x", PasswordHash = "x" });
var token = service.GenerateToken(new User { Id = 1, Name = "x", PasswordHash = "x" }, familyId: 1);
var validator = new JwtSecurityTokenHandler();
var parameters = new TokenValidationParameters