FullStackHero 10 .NET Starter Kit Release Merge #1152
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated the `Serilog` package version in `Directory.Packages.props` from `4.3.1-dev-02390` to `4.3.1-dev-02395`. Added a new `Architecture.md` file to the solution under the `/Solution Items/` folder. This document provides a detailed overview of the FullStackHero .NET 10 Starter Kit architecture, including solution structure, technology stack, development guidelines, and future plans for Aspire orchestration. The `Architecture.md` file serves as a single source of truth for developers, ensuring clarity and consistency across the project.
Introduced a configuration-driven rate limiting feature to protect APIs from abuse, with tenant- and user-aware policies. Added `RateLimitingOptions` for global and auth-specific limits, exempting health endpoints. Updated the pipeline to include rate limiting middleware. Replaced `DatabaseOptionsLogger` with `DatabaseOptionsStartupLogger` as a hosted service for logging database provider details at startup. Removed OpenAPI annotations from health endpoints and ensured static files are unaffected by rate limiting. Added `Microsoft.AspNetCore.RateLimiting` dependency, `MailOptions` configuration, and placeholders for `AppHost` and `ServiceDefaults`. Performed code cleanup and updated documentation to reflect these changes.
Introduced a new HTTP Auditing module with request/response logging, W3C Trace Context correlation, body capture with masking, and default exclusions. Automatically integrates into the pipeline when referenced. Enhanced logging with structured Serilog configuration, correlation ID enrichment, and noise control for common frameworks. Added production best practices and example `appsettings` for JSON sinks. Improved middleware pipeline in `Extensions.cs`: - Added `ServeStaticFiles` option for early static file serving. - Adjusted CORS middleware placement. - Auto-wired Auditing middleware if referenced. Enhanced `AuditHttpMiddleware`: - Masked sensitive fields in request/response bodies. - Replaced route pattern logging with exact path logging. - Improved exception auditing and updated source identifier. Expanded sensitive field masking in `JsonMaskingService` to include `accessToken` and `refreshToken`. Introduced `AppHost + ServiceDefaults` in `Architecture.md` to outline plans for resource orchestration and deployment bridges.
Renamed and rebranded the FullStackHero (FSH) framework to Hero across the codebase. This includes updates to method names, class names, namespaces, and configuration references to ensure consistency with the new naming convention. Key changes: - Updated `AddFshPlatform` and `UseFshPlatform` to `AddHeroPlatform` and `UseHeroPlatform`. - Renamed `ConfigureDatabase` to `ConfigureHeroDatabase` in database-related classes. - Replaced `BindDbContext` with `AddHeroDbContext` in all modules. - Updated CORS, OpenAPI, and health check methods to use the `Hero` prefix. - Refactored multi-tenant database configuration to `UseHeroMultiTenantDatabases`. These changes ensure a consistent and unified naming convention for the Hero framework.
Introduced a new `Architecture.Tests` project to enforce solution-wide architectural rules, including modularity, namespace conventions, and decoupling between modules and host projects. - Added new package references in `Directory.Packages.props` for testing libraries (`xunit`, `Shouldly`, `AutoFixture`, etc.). - Updated `FSH.Framework.slnx` to include the `Architecture.Tests` project under `/Tests/`. - Created `Architecture.Tests.csproj` targeting `net10.0` with references to building blocks, modules, and the Playground API. - Added `ModuleArchitectureTests` to ensure module runtime projects do not reference other module runtime projects directly. - Added `NamespaceConventionsTests` to enforce namespace alignment with folder structure in `BuildingBlocks/Core/Domain`. - Added `PlaygroundArchitectureTests` to ensure modules do not depend on Playground host assemblies. - Introduced `ModuleArchitectureTestsFixture` for dynamic solution root discovery. - Updated `README.md` to document the purpose, structure, and usage of the `Architecture.Tests` project.
There was a problem hiding this comment.
Pull request overview
This PR introduces the FullStackHero 10 .NET Starter Kit, implementing a modular monolith architecture with comprehensive modules for Identity, Multitenancy, and Auditing. The implementation includes a mediator-based CQRS pattern, JWT authentication with refresh tokens, role/permission-based authorization, background job support, caching abstractions, mailing services, and storage abstractions (local and S3). The Blazor client uses Shadcn-inspired MudBlazor wrappers with generated API clients via NSwag, while the infrastructure includes multi-app AWS scaffolding using Terraform and OpenTelemetry-based observability.
Key Changes
- Modular architecture with separate Identity, Multitenancy, and Auditing modules implementing contracts and handlers
- JWT authentication, role/permission system, and Finbuckle multitenancy with per-tenant provisioning lifecycle
- Auditing pipeline with request/response/security/exception tracking and background sink for SQL persistence
- OpenTelemetry integration, rate limiting, storage abstraction (local/S3), and comprehensive building blocks for caching, jobs, mailing, and persistence
Reviewed changes
Copilot reviewed 295 out of 1048 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| Directory.Packages.props | Updated package versions to .NET 10.0 and newer dependencies including Finbuckle 10.0.0, Mediator 3.1.0-preview.14, Hangfire 1.8.22, and OpenTelemetry 1.14.0 |
| Directory.Build.props | Enhanced with .NET 10.0 target, comprehensive code analysis settings, NuGet metadata, and stricter quality controls |
| BuildingBlocks/Web/*.cs | New Web building block with OpenAPI/Scalar integration, OpenTelemetry, Serilog logging, rate limiting, security headers, CORS, versioning, and module loading |
| BuildingBlocks/Storage/*.cs | Storage abstraction supporting local filesystem and AWS S3 with file type validation and upload/removal operations |
| BuildingBlocks/Shared/*.cs | Shared contracts for multitenancy (AppTenantInfo), identity (claims, permissions, roles), pagination, and database options |
| BuildingBlocks/Persistence/*.cs | Persistence infrastructure with specifications pattern, EF Core extensions, and database initialization interfaces |
| Modules/Identity/Modules.Identity.Contracts/*.cs | Identity module contracts including commands/queries for token generation, user management, role management, and associated DTOs |
| Modules/Auditing/Modules.Auditing.Contracts/*.cs | Auditing contracts with event types, payloads, DTOs, and interfaces for audit publishing, serialization, and sinking |
| Modules/Auditing/Modules.Auditing/*.cs | Auditing implementation with SQL sink, EF interceptor, HTTP middleware for request/response capture, channel-based publisher, and query handlers |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Enforce backend guardrails: block self-deactivation, admin-on-admin deactivation, and ensure at least one active admin per tenant in `UserService.ToggleStatusAsync` - Add audit logging for all deactivation attempts (success/failure) - Add Blazor user management pages with matching frontend guardrails - Update navigation to include Users page - Bump System.IdentityModel.Tokens.Jwt to 8.15.0; add to Blazor project - Document deactivation rules and rationale in knowledge base - Minor Blazor project and analyzer suppressions update
Contributor
Wow! You woke up!! :) Excelent works, I going to clone and test it... Please check, you forgot push the /docs folders because is added in .gitignore: "/docs" Thanks in advanced. |
Member
Author
|
I am currently using VS2026. |
- Add correlation and request IDs to AuditHttpMiddleware logs - Redesign Audits.razor with expanded filter options and modern UI - Implement server-side paging, sorting, and inline row details - Add export to CSV/JSON and quick-range filter buttons - Use enums for event type/severity with improved formatting - Refactor filter and table state logic for better UX and performance
Contributor
Perfect approach, check that may be some ideas are usefull: And this "spec driven AI design": |
Member
Author
|
@maxiar looks like its a member only story. any crucial takeaways? |
- Introduce TenantTheme entity, config, and migrations for per-tenant theme storage (colors, typography, layout, brand assets) - Implement ITenantThemeService for CRUD, reset, and S3 asset management - Add API endpoints for get/update/reset theme with validation and permissions - Add Blazor UI: theme customizer, color/brand/typography/layout pickers, live preview, and file upload - Integrate dynamic theme state and dark mode in Playground - Update FileUploadRequest, S3StorageService, navigation, and docs - Enables full white-labeling and theme management per tenant
Deleted blazor.yml, changelog.yml, nuget.yml, and webapi.yml, which previously handled CI/CD for Blazor and WebAPI projects, NuGet publishing, and release drafting. These automated workflows will no longer run.
Comprehensive UI/UX overhaul of Audits.razor: - Adds summary dashboard cards, quick filter chips, and collapsible advanced filters - Improves table layout, sorting, and detail view with tabs - Adds export (CSV/JSON), refresh, and copy-to-clipboard features - Introduces related events dialog for correlation/trace navigation - Enhances filtering (Tenant ID, Search), filter state handling, and error feedback - Refactors styles and helper methods for modern, user-friendly experience
- Introduce API client methods and DTOs for tenant theming (get, update, reset theme)
- Add ProvisioningClient with retry method and audit detail fetch by ID
- Switch DateTime query params to ISO 8601 ("o") format for accuracy
- Improve audit date filtering in UI using DateTimeOffset and UTC
- Update permissions, .gitignore, and NSwag config for new features
- Introduce reusable FshPageHeader and FshUserProfile Blazor components for consistent page headers and user profile menus - Replace ad-hoc hero/header sections in main pages with FshPageHeader, using ActionContent for page actions - Update app bar to use FshUserProfile with avatar, user info, and dropdown menu (Profile, Settings, Logout) - Centralize hero card and font-weight styles in fsh-theme.css; add scoped CSS for user profile menu - Update documentation (CLAUDE.md) with usage and parameters for new components - Minor: update .gitignore, Bash permissions, and _Imports.razor for new UI components
Replaces complex token management with simpler cookie-based authentication for Blazor Server SSR. Login now uses HTML form POST to BFF endpoint that calls identity API, stores JWT token in cookie claims, and attaches it to API requests via delegating handler. Key changes: - Add SimpleBffAuth with /api/auth/login and /api/auth/logout endpoints - Add CookieAuthenticationStateProvider (extends ServerAuthenticationStateProvider) - Add AuthorizationHeaderHandler to attach JWT Bearer tokens to API requests - Add SimpleLogin.razor with HTML form POST (not AJAX) - Add ThemeStateFactory for SSR-compatible tenant theme caching - Remove old BffAuth, TokenAccessor, TokenSessionAccessor, and circuit handler - Update PlaygroundLayout, UsersPage, UserDetailPage to use AuthenticationStateProvider Fixes login flow and API authorization (401 errors resolved). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#Architecture
scripts/openapi/generate-api-clients.ps1 -SpecUrl "<spec>"); Blazor consumes generated clients.