In summary, this project involves an update of the Restful API application created in the current final project, upgrading from .NET Core 3.1 to .NET Core 8.0. Test-Driven Development (TDD) is implemented using XUnit, generating test coverage reports locally with ReportGenerator. CI/CD is implemented with GitActions/Workflows, which perform "Build, Unit Testing, and Static Code Analysis in the cloud using Sonar Cloud." The Restful HATEOAS API documentation is created using Swagger, and the application is dockerized. Document and image storage is done on an Amazon S3 bucket file server, with integration with either MySql Server or Sql Server through the Entity Framework using Migrations to control versioning of entities or tables created or updated during the project's evolution. The application is currently in production on an AWS EC2 server, ensuring high availability.
This project can be access Postman Documentation
This project can be access at Production API Restful Despesas Pessoais.
This project can be access at Development API Restful Despesas Pessoais.
Run dotnet build -restore to build the project. The build artifacts will be stored in the bin/ directory.
-
First way
Run
dotnet run --project ./despesas-backend-api-net-core. Navigate tohttp://localhost:42535/swaggerorhttps://localhost/swagger. -
Second way
Run
./run.ps1if using windows, or Run./run.shif using linux. Navigate tohttp://localhost:42535/swaggerorhttps://localhost/swagger.
Make sure have instaled tool watch, if not Run dotnet tool install --global dotnet-watch
-
First way
Run
dotnet watch run --project ./despesas-backend-api-net-core. Navigate tohttp://localhost:42535/swaggerorhttps://localhost/swagger. The application automatically restart it when changes are detected. -
Second way
Run
./run.ps1 -wif using windows, or Run./run.sh -wif using linux. The application will open in default browser and automatically restart it when changes are detected.
Make sure have instaled Docker Engine instaled, if not go to Install Docker Engine.
-
First way
Run
docker-compose -f .\docker-compose.database.yml up -d. Navigate tohttp://localhost:42535/swagger. -
Second way
Run
./rundocker.ps1 -localif using windows, or Run./rundocker.sh -localis using linux. The application will open in default browser.
In this case the application will work correctely only in branch database-in-memory
Make sure have instaled Docker Engine instaled, if not go to Install Docker Engine.
-
First way
Run
docker-compose -f .\docker-compose.yml up -d. Navigate tohttp://localhost:42535/swagger. -
Second way
Run
./rundocker.ps1if using windows, or Run./rundocker.shif using linux. The application will open in default browser.
Run dotnet test to execute the unit tests.
Make sure have instaled tool ReportGenerator, if not Run dotnet tool install --global dotnet-reportgenerator-globaltool
Run ./generate_coverage_report.ps1 if using windows, or Run ./generate_coverage_report.sh if using linux. The Report will open in default browser automatically.
Overview Report Coverage Results
-
Passwords are encrypted and not exposed in any requests, and they are managed by a key accessed by the Crypto class in a file created on the server. Ideally, the access should be through a key created within Azure or AWS, thereby enhancing security.
-
The repository layer is independent, and its implementation is not visible because the model exposed in the endpoints is model-view objects that do not reveal the database implementation.
-
Only first access, such as user registration, user login, and password recovery, can be accessed without the need to log in with validated user and passwords. The rest of the API can only be accessed using an access token generated by the API.
-
Only users with administrator profiles can list users and delete users. For the security of registered user information, all accesses to the user endpoint require JWT Bearer Authentication.
SonarCloud is a cloud-based static code analysis platform that helps development teams maintain code quality and identify issues early in the software development process. It offers automated code review, continuous inspection, and code analytics. SonarCloud scans your code for bugs, vulnerabilities, and code smells, providing actionable feedback to improve code quality and security. It is an essential tool for ensuring that your software projects are maintainable, reliable, and secure. via Sonar Cloud.
This project Overview in Sonar Cloud can be access at Overview Project in Sonar Cloud)
