bao/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Clean Architecture mit Repository Pattern, Controllern und DTOs
CI - Build & Test / Backend (.NET) (push) Successful in 54s
Details
CI - Build & Test / Frontend (Vue/TS) (push) Successful in 19s
Details
CI - Build & Test / Security Check (push) Successful in 2s
Details

Browse Source 
- 15 Controller-Klassen ersetzen Minimal APIs in Program.cs
- Repository Pattern mit Interfaces + Implementierungen (Project, Task, Activity, User)
- AuthService verwendet jetzt IUserRepository statt direktem DbContext-Zugriff
- SecurityHeadersMiddleware als eigenständige Middleware-Klasse
- PathSecurityHelper als gemeinsamer Helper für Pfadvalidierung
- DTOs in eigenem Namespace Nexus.Api.DTOs
- EF-Entities in Nexus.Api.Data (vorher Nexus.Api.Domain)
- Program.cs auf DI-Registrierung + Middleware reduziert
- Alle 43 Endpoints unverändert erhalten
- Build + 3/3 Tests erfolgreich
This commit is contained in:
Iris
2026-06-09 19:52:58 +02:00
parent 13d4c2f157
commit a79d8282dc
45 changed files with 1590 additions and 1182 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/Helpers/PathSecurityHelper.cs
+35
View File
@@ -0,0 +1,35 @@
namespace Nexus.Api.Helpers;
public static class PathSecurityHelper
{
/// <summary>Validates a path against directory traversal and resolves a safe absolute path.</summary>
public static bool TryResolveSafePath(string basePath, string userInput, out string? safePath)
{
safePath = null;
// URL-decode to catch encoded attacks like %2F, %2e%2e, %00
var decoded = Uri.UnescapeDataString(userInput);
// Reject null bytes
if (decoded.Contains('\0')) return false;
// Combine with base and resolve to canonical form
var combined = Path.Combine(basePath, decoded);
var full = Path.GetFullPath(combined);
var canonicalBase = Path.GetFullPath(basePath);
// Must stay within the allowed base directory
if (!full.StartsWith(canonicalBase + Path.DirectorySeparatorChar) && full != canonicalBase)
return false;
safePath = full;
return true;
}
/// <summary>Validates config filename against path-traversal; must be alphanumeric .md.</summary>
public static bool IsValidConfigFileName(string fileName)
{
if (string.IsNullOrWhiteSpace(fileName)) return false;
return System.Text.RegularExpressions.Regex.IsMatch(fileName, @"^[a-zA-Z0-9._-]+\.md$");
}
}