Skip to content

v1.0.0 — 2026-04-28

Initial release. Project scaffolded, login feature shipped end-to-end, test infrastructure established.

Added

Stack

  • Docker Compose: api (.NET 10), web (React 19 + MUI + TypeScript via Vite), db (Postgres 18.3, C.UTF-8), docs (MkDocs Material 9.7.6, live-reload), mailcatcher (sj26/mailcatcher v0.10.0).
  • Named volumes for pgdata, nuget, web_node_modules.
  • appsettings.Development.json and appsettings.Test.json carry per-environment config.

Backend (src/Molib.Api/)

  • Models: User, EmailAuthentication, RefreshToken (uuid PKs, all FKs RESTRICT).
  • Controllers: UsersController (POST /users, POST /users/verify), SessionsController (POST /sessions, POST /sessions/refresh, DELETE /sessions).
  • JWT bearer auth (HS256, 30 min default TTL, ≤6h ceiling), rotating opaque refresh token in HttpOnly/Secure/SameSite=Strict cookie at Path=/, family-based replay detection.
  • Hangfire on Postgres (hangfire schema), MailKit SMTP, VerificationEmailJob enqueued on signup.
  • EF Core migration InitialCreate.

Frontend (frontend/)

  • Routes: /sign-up, /sign-in, /verify, / (protected via <RequireAuth>).
  • AuthContext (in-memory access token, silent refresh on boot), authedFetch interceptor with single-flight refresh.
  • react-i18next with Portuguese (pt-BR) as default locale; API error codes mapped to localized copy.
  • Vite dev proxy /apiapi:8080.

Wiki & process

  • Wiki structure under wiki/: adr/, plans/, models/, versions/, plus index.md.
  • ADRs:
  • 0001 — Data access strategy (EF Core default, Dapper / Npgsql COPY as escape hatches).
  • 0002 — Sign-in token strategy (JWT access + rotating refresh, family replay detection).
  • 0003 — API / Frontend separation (pure JSON API; SPA mediates user-facing flows).
  • 0004 — Database collation (C.UTF-8; per-column ICU when needed).
  • 0005 — Test mocking policy (mock only true external dependencies).
  • wiki/plans/login.md — Implemented.
  • Project conventions in CLAUDE.md: SemVer, English-only code, FK RESTRICT, single-use security tokens as columns, plans cover backend + frontend, tests use real infrastructure.

Tests (tests/Molib.Api.Tests/)

  • xUnit + Microsoft.AspNetCore.Mvc.Testing + Respawn against the real Postgres (molib_test database, C.UTF-8).
  • Real Hangfire storage (jobs verified by inspecting the queue, not executing).
  • Only fake: IEmailService (SMTP is the only external dependency).
  • 19 tests covering all five endpoints + the verification email job.

Tooling

  • Slash skills: /molib-up, /molib-down (preserves the docs service).
  • dotnet ef pre-installed in the dev image.
  • gh authenticated for future repo operations.