dotnet-cqrs

svrnty/dotnet-cqrs

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mathias Beaulieu-Duncan	07a7a683b7	feat(altcha): IAltchaDifficultyAdvisor for per-request PoW complexity All checks were successful Publish NuGets / build (release) Successful in 39s Details Adds an abstraction over the CreateChallengeRequest.complexity field (already present in the proto since the original altcha module landed), letting applications scale PoW difficulty per request based on actor signals — repeat-offender counters, threat-intel headers, reputation scores — without leaking those concerns into the gRPC provider. - new IAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha.Abstractions: Task<uint?> GetComplexityAsync(...). null means "use the upstream service's configured default." - NullAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha is the no-op fallback registered by AddSvrntyAltcha() via TryAddSingleton, so applications can replace it without ordering constraints. - AltchaGrpcChallengeProvider now resolves the advisor and sets CreateChallengeRequest.Complexity when the advisor returns a value. The Altcha server clamps to its configured min/max, so callers don't need to enforce bounds here. No breaking changes to existing consumers — the no-op default keeps behaviour identical when no advisor is registered. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-12 20:09:00 -04:00
Mathias Beaulieu-Duncan	4446288bb6	feat(altcha): add Svrnty.CQRS.Altcha.Grpc with default verifier + proto The default transport for IAltchaVerifier / IAltchaChallengeProvider — calls a self-hosted altcha service over gRPC. Wire contract - Protos/altcha.proto defines svrnty.cqrs.altcha.v1.AltchaService with CreateChallenge + VerifyChallenge RPCs. Shipped in this package as source-of-truth; Go (and other) implementations vendor a copy. - Challenge.challenge_hash is named (not "challenge") to avoid a C# property/class name collision; the MinimalApi widget JSON remaps. Runtime - AltchaGrpcVerifier maps RpcException → AltchaVerifyResult.Fail with a diagnostic reason ("verify-timeout", "service-unavailable", etc.) so the auth check surfaces a clean Unauthorized without leaking transport detail. - AltchaGrpcChallengeProvider lets create-challenge failures bubble (challenge endpoint should 5xx if altcha is down — clients retry). - AltchaGrpcOptions.TokenProvider hook for consumer-supplied HMAC service-token minting (plan-b will plug in ServiceTokenIssuer). - AddGrpcClient<AltchaServiceClient> registered with HttpClientFactory. AddSvrntyAltchaGrpcVerifier(Action<...>) and overload binding from IConfiguration cover both wiring styles. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-12 16:25:59 -04:00

Author

SHA1

Message

Date

Mathias Beaulieu-Duncan

07a7a683b7

feat(altcha): IAltchaDifficultyAdvisor for per-request PoW complexity

Publish NuGets / build (release) Successful in 39s

Details

Adds an abstraction over the CreateChallengeRequest.complexity field
(already present in the proto since the original altcha module landed),
letting applications scale PoW difficulty per request based on actor
signals — repeat-offender counters, threat-intel headers, reputation
scores — without leaking those concerns into the gRPC provider.

  - new IAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha.Abstractions:
    Task<uint?> GetComplexityAsync(...). null means "use the upstream
    service's configured default."

  - NullAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha is the no-op
    fallback registered by AddSvrntyAltcha() via TryAddSingleton, so
    applications can replace it without ordering constraints.

  - AltchaGrpcChallengeProvider now resolves the advisor and sets
    CreateChallengeRequest.Complexity when the advisor returns a value.
    The Altcha server clamps to its configured min/max, so callers
    don't need to enforce bounds here.

No breaking changes to existing consumers — the no-op default keeps
behaviour identical when no advisor is registered.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-12 20:09:00 -04:00

Mathias Beaulieu-Duncan

4446288bb6

feat(altcha): add Svrnty.CQRS.Altcha.Grpc with default verifier + proto

The default transport for IAltchaVerifier / IAltchaChallengeProvider —
calls a self-hosted altcha service over gRPC.

Wire contract
- Protos/altcha.proto defines svrnty.cqrs.altcha.v1.AltchaService with
  CreateChallenge + VerifyChallenge RPCs. Shipped in this package as
  source-of-truth; Go (and other) implementations vendor a copy.
- Challenge.challenge_hash is named (not "challenge") to avoid a C#
  property/class name collision; the MinimalApi widget JSON remaps.

Runtime
- AltchaGrpcVerifier maps RpcException → AltchaVerifyResult.Fail with
  a diagnostic reason ("verify-timeout", "service-unavailable", etc.)
  so the auth check surfaces a clean Unauthorized without leaking
  transport detail.
- AltchaGrpcChallengeProvider lets create-challenge failures bubble
  (challenge endpoint should 5xx if altcha is down — clients retry).
- AltchaGrpcOptions.TokenProvider hook for consumer-supplied HMAC
  service-token minting (plan-b will plug in ServiceTokenIssuer).
- AddGrpcClient<AltchaServiceClient> registered with HttpClientFactory.

AddSvrntyAltchaGrpcVerifier(Action<...>) and overload binding from
IConfiguration cover both wiring styles.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-12 16:25:59 -04:00

2 Commits