Added Concurrency Support & Identifier Implementation

Author: mckaragoz

src/CodeBeam.UltimateAuth.Core/Abstractions/Entity/IVersionedEntity.cs

@@ -0,0 +1,6 @@
+namespace CodeBeam.UltimateAuth.Core.Abstractions;
+
+public interface IVersionedEntity
+{
+    long Version { get; }
+}

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSession.cs

@@ -1,8 +1,9 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 
 namespace CodeBeam.UltimateAuth.Core.Domain;
 
-public sealed class UAuthSession
+public sealed class UAuthSession : IVersionedEntity
 {
     public AuthSessionId SessionId { get; }
     public TenantKey Tenant { get; }
@@ -17,21 +18,23 @@ public sealed class UAuthSession
     public DeviceContext Device { get; }
     public ClaimsSnapshot Claims { get; }
     public SessionMetadata Metadata { get; }
+    public long Version { get; }
 
     private UAuthSession(
-    AuthSessionId sessionId,
-    TenantKey tenant,
-    UserKey userKey,
-    SessionChainId chainId,
-    DateTimeOffset createdAt,
-    DateTimeOffset expiresAt,
-    DateTimeOffset? lastSeenAt,
-    bool isRevoked,
-    DateTimeOffset? revokedAt,
-    long securityVersionAtCreation,
-    DeviceContext device,
-    ClaimsSnapshot claims,
-    SessionMetadata metadata)
+        AuthSessionId sessionId,
+        TenantKey tenant,
+        UserKey userKey,
+        SessionChainId chainId,
+        DateTimeOffset createdAt,
+        DateTimeOffset expiresAt,
+        DateTimeOffset? lastSeenAt,
+        bool isRevoked,
+        DateTimeOffset? revokedAt,
+        long securityVersionAtCreation,
+        DeviceContext device,
+        ClaimsSnapshot claims,
+        SessionMetadata metadata,
+        long version)
     {
         SessionId = sessionId;
         Tenant = tenant;
@@ -46,6 +49,7 @@ private UAuthSession(
         Device = device;
         Claims = claims;
         Metadata = metadata;
+        Version = version;
     }
 
     public static UAuthSession Create(
@@ -72,13 +76,14 @@ public static UAuthSession Create(
             securityVersionAtCreation: 0,
             device: device,
             claims: claims ?? ClaimsSnapshot.Empty,
-            metadata: metadata
+            metadata: metadata,
+            version: 0
         );
     }
 
-    public UAuthSession WithSecurityVersion(long version)
+    public UAuthSession WithSecurityVersion(long securityVersion)
     {
-        if (SecurityVersionAtCreation == version)
+        if (SecurityVersionAtCreation == securityVersion)
             return this;
 
         return new UAuthSession(
@@ -91,10 +96,11 @@ public UAuthSession WithSecurityVersion(long version)
             LastSeenAt,
             IsRevoked,
             RevokedAt,
-            version,
+            securityVersion,
             Device,
             Claims,
-            Metadata
+            Metadata,
+            Version + 1
         );
     }
 
@@ -113,7 +119,8 @@ public UAuthSession Touch(DateTimeOffset at)
             SecurityVersionAtCreation,
             Device,
             Claims,
-            Metadata
+            Metadata,
+            Version + 1
         );
     }
 
@@ -134,7 +141,8 @@ public UAuthSession Revoke(DateTimeOffset at)
             SecurityVersionAtCreation,
             Device,
             Claims,
-            Metadata
+            Metadata,
+            Version + 1
         );
     }
 
@@ -151,7 +159,8 @@ internal static UAuthSession FromProjection(
         long securityVersionAtCreation,
         DeviceContext device,
         ClaimsSnapshot claims,
-        SessionMetadata metadata)
+        SessionMetadata metadata,
+        long version)
     {
         return new UAuthSession(
             sessionId,
@@ -166,7 +175,8 @@ internal static UAuthSession FromProjection(
             securityVersionAtCreation,
             device,
             claims,
-            metadata
+            metadata,
+            version
         );
     }
 
@@ -202,7 +212,8 @@ public UAuthSession WithChain(SessionChainId chainId)
             securityVersionAtCreation: SecurityVersionAtCreation,
             device: Device,
             claims: Claims,
-            metadata: Metadata
+            metadata: Metadata,
+            version: Version + 1
         );
     }
 

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSessionChain.cs

@@ -1,8 +1,9 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 
 namespace CodeBeam.UltimateAuth.Core.Domain;
 
-public sealed class UAuthSessionChain
+public sealed class UAuthSessionChain : IVersionedEntity
 {
     public SessionChainId ChainId { get; }
     public SessionRootId RootId { get; }
@@ -14,6 +15,7 @@ public sealed class UAuthSessionChain
     public AuthSessionId? ActiveSessionId { get; }
     public bool IsRevoked { get; }
     public DateTimeOffset? RevokedAt { get; }
+    public long Version { get; }
 
     private UAuthSessionChain(
         SessionChainId chainId,
@@ -25,7 +27,8 @@ private UAuthSessionChain(
         ClaimsSnapshot claimsSnapshot,
         AuthSessionId? activeSessionId,
         bool isRevoked,
-        DateTimeOffset? revokedAt)
+        DateTimeOffset? revokedAt,
+        long version)
     {
         ChainId = chainId;
         RootId = rootId;
@@ -37,6 +40,7 @@ private UAuthSessionChain(
         ActiveSessionId = activeSessionId;
         IsRevoked = isRevoked;
         RevokedAt = revokedAt;
+        Version = version;
     }
 
     public static UAuthSessionChain Create(
@@ -57,7 +61,8 @@ public static UAuthSessionChain Create(
             claimsSnapshot: claimsSnapshot,
             activeSessionId: null,
             isRevoked: false,
-            revokedAt: null
+            revokedAt: null,
+            version: 0
         );
     }
 
@@ -76,7 +81,8 @@ public UAuthSessionChain AttachSession(AuthSessionId sessionId)
             ClaimsSnapshot,
             activeSessionId: sessionId,
             isRevoked: false,
-            revokedAt: null
+            revokedAt: null,
+            version: Version + 1
         );
     }
 
@@ -95,7 +101,8 @@ public UAuthSessionChain RotateSession(AuthSessionId sessionId)
             ClaimsSnapshot,
             activeSessionId: sessionId,
             isRevoked: false,
-            revokedAt: null
+            revokedAt: null,
+            version: Version + 1
         );
     }
 
@@ -114,7 +121,8 @@ public UAuthSessionChain Revoke(DateTimeOffset at)
             ClaimsSnapshot,
             ActiveSessionId,
             isRevoked: true,
-            revokedAt: at
+            revokedAt: at,
+            version: Version + 1
         );
     }
 
@@ -128,7 +136,8 @@ internal static UAuthSessionChain FromProjection(
         ClaimsSnapshot claimsSnapshot,
         AuthSessionId? activeSessionId,
         bool isRevoked,
-        DateTimeOffset? revokedAt)
+        DateTimeOffset? revokedAt,
+        long version)
     {
         return new UAuthSessionChain(
             chainId,
@@ -140,7 +149,8 @@ internal static UAuthSessionChain FromProjection(
             claimsSnapshot,
             activeSessionId,
             isRevoked,
-            revokedAt
+            revokedAt,
+            version
         );
     }
 

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSessionRoot.cs

@@ -1,8 +1,9 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 
 namespace CodeBeam.UltimateAuth.Core.Domain;
 
-public sealed class UAuthSessionRoot
+public sealed class UAuthSessionRoot : IVersionedEntity
 {
     public SessionRootId RootId { get; }
     public UserKey UserKey { get; }
@@ -12,6 +13,7 @@ public sealed class UAuthSessionRoot
     public long SecurityVersion { get; }
     public IReadOnlyList<UAuthSessionChain> Chains { get; }
     public DateTimeOffset LastUpdatedAt { get; }
+    public long Version { get; }
 
     private UAuthSessionRoot(
         SessionRootId rootId,
@@ -21,7 +23,8 @@ private UAuthSessionRoot(
         DateTimeOffset? revokedAt,
         long securityVersion,
         IReadOnlyList<UAuthSessionChain> chains,
-        DateTimeOffset lastUpdatedAt)
+        DateTimeOffset lastUpdatedAt,
+        long version)
     {
         RootId = rootId;
         Tenant = tenant;
@@ -31,6 +34,7 @@ private UAuthSessionRoot(
         SecurityVersion = securityVersion;
         Chains = chains;
         LastUpdatedAt = lastUpdatedAt;
+        Version = version;
     }
 
     public static UAuthSessionRoot Create(
@@ -46,7 +50,8 @@ public static UAuthSessionRoot Create(
             revokedAt: null,
             securityVersion: 0,
             chains: Array.Empty<UAuthSessionChain>(),
-            lastUpdatedAt: issuedAt
+            lastUpdatedAt: issuedAt,
+            version: 0
         );
     }
 
@@ -63,7 +68,8 @@ public UAuthSessionRoot Revoke(DateTimeOffset at)
             revokedAt: at,
             securityVersion: SecurityVersion,
             chains: Chains,
-            lastUpdatedAt: at
+            lastUpdatedAt: at,
+            version: Version + 1
         );
     }
 
@@ -80,7 +86,8 @@ public UAuthSessionRoot AttachChain(UAuthSessionChain chain, DateTimeOffset at)
             RevokedAt,
             SecurityVersion,
             Chains.Concat(new[] { chain }).ToArray(),
-            at
+            at,
+            Version + 1
         );
     }
 
@@ -92,7 +99,8 @@ internal static UAuthSessionRoot FromProjection(
         DateTimeOffset? revokedAt,
         long securityVersion,
         IReadOnlyList<UAuthSessionChain> chains,
-        DateTimeOffset lastUpdatedAt)
+        DateTimeOffset lastUpdatedAt,
+        long version)
     {
         return new UAuthSessionRoot(
             rootId,
@@ -102,9 +110,8 @@ internal static UAuthSessionRoot FromProjection(
             revokedAt,
             securityVersion,
             chains,
-            lastUpdatedAt
+            lastUpdatedAt,
+            version
         );
     }
-
-
 }

src/CodeBeam.UltimateAuth.Core/Domain/Token/StoredRefreshToken.cs

@@ -1,4 +1,5 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 using System.ComponentModel.DataAnnotations.Schema;
 
 namespace CodeBeam.UltimateAuth.Core.Domain;
@@ -7,7 +8,7 @@ namespace CodeBeam.UltimateAuth.Core.Domain;
 /// Represents a persisted refresh token bound to a session.
 /// Stored as a hashed value for security reasons.
 /// </summary>
-public sealed record StoredRefreshToken
+public sealed record StoredRefreshToken : IVersionedEntity
 {
     public string TokenHash { get; init; } = default!;
 
@@ -24,6 +25,8 @@ public sealed record StoredRefreshToken
 
     public string? ReplacedByTokenHash { get; init; }
 
+    public long Version { get; }
+
     [NotMapped]
     public bool IsRevoked => RevokedAt.HasValue;
 

src/CodeBeam.UltimateAuth.Core/Errors/Runtime/UAuthConcurrencyException.cs

@@ -0,0 +1,14 @@
+namespace CodeBeam.UltimateAuth.Core.Errors;
+
+public sealed class UAuthConcurrencyException : UAuthRuntimeException
+{
+    public override int StatusCode => 409;
+
+    public override string Title => "The resource was modified by another process.";
+
+    public override string TypePrefix => "https://docs.ultimateauth.com/errors/concurrency";
+
+    public UAuthConcurrencyException(string code = "concurrency_conflict") : base(code, code)
+    {
+    }
+}

src/authorization/CodeBeam.UltimateAuth.Authorization.Reference/Domain/Role.cs

@@ -1,7 +1,10 @@
 using CodeBeam.UltimateAuth.Authorization.Domain;
+using CodeBeam.UltimateAuth.Core.Abstractions;
 
-public sealed class Role
+public sealed class Role : IVersionedEntity
 {
     public required string Name { get; init; }
     public IReadOnlyCollection<Permission> Permissions { get; init; } = Array.Empty<Permission>();
+
+    public long Version { get; init; }
 }