chore: Complete .NET modernization - upgrade to .NET 9, update dependencies, fix security vulnerabilities, and implement local credential encryption

Changes: - Upgrade both projects from .NET 5.0 to .NET 9.0 - Update Entity Framework Core packages to 9.0.11 - Update SkiaSharp to 3.119.1 (fixes CVE security vulnerability) - Remove deprecated Microsoft.ApplicationInsights.AspNetCore - Implement local credential encryption using Data Protection API - Add CredentialEncryptor helper for DPAPI integration - Add ConnectionStringManager for secure connection string handling - Update Startup.cs to register credential encryption services - Remove Application Insights configuration from _Host.cshtml All changes maintain backward compatibility with existing plaintext credentials while providing optional encryption for production deployments.
2025-12-16 19:14:25 +00:00 · 2025-11-13 02:02:14 +00:00
parent 29ec7571fe
commit 096865dc3b
11 changed files with 602023 additions and 24 deletions
--- a/Marechai/Helpers/ConnectionStringManager.cs
+++ b/Marechai/Helpers/ConnectionStringManager.cs
@@ -0,0 +1,64 @@
+using System;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Marechai.Helpers
+{
+    /// <summary>
+    /// Manages connection string configuration with support for encrypted credentials.
+    /// Supports both plaintext (for development) and encrypted (for production) credentials.
+    /// </summary>
+    public static class ConnectionStringManager
+    {
+        private const string DefaultConnectionKey = "DefaultConnection";
+        private const string EncryptedConnectionKey = "DefaultConnectionEncrypted";
+
+        /// <summary>
+        /// Gets the connection string from configuration, attempting to decrypt if necessary.
+        /// </summary>
+        /// <param name="configuration">The configuration object</param>
+        /// <param name="credentialEncryptor">Optional credential encryptor for decryption</param>
+        /// <returns>The connection string (plaintext or decrypted)</returns>
+        public static string GetConnectionString(
+            IConfiguration configuration,
+            CredentialEncryptor credentialEncryptor = null)
+        {
+            if(configuration == null)
+                throw new ArgumentNullException(nameof(configuration));
+
+            // First, try to get the encrypted connection string
+            string encryptedConnection = configuration.GetConnectionString(EncryptedConnectionKey);
+
+            if(!string.IsNullOrEmpty(encryptedConnection) && credentialEncryptor != null)
+            {
+                try
+                {
+                    return credentialEncryptor.DecryptCredential(encryptedConnection);
+                }
+                catch(Exception ex)
+                {
+                    Console.WriteLine(
+                        $"\u001b[31;1mWarning: Failed to decrypt connection string: {ex.Message}\u001b[0m");
+                }
+            }
+
+            // Fall back to plaintext connection string
+            string plaintextConnection = configuration.GetConnectionString(DefaultConnectionKey);
+
+            if(string.IsNullOrEmpty(plaintextConnection))
+                Console.WriteLine(
+                    "\u001b[31;1mWarning: No connection string found in configuration\u001b[0m");
+
+            return plaintextConnection;
+        }
+
+        /// <summary>
+        /// Adds connection string management services to the DI container.
+        /// </summary>
+        /// <param name="services">The service collection</param>
+        public static void AddConnectionStringManagement(IServiceCollection services)
+        {
+            services.AddDataProtection();
+        }
+    }
+}