Initial commit
This commit is contained in:
@@ -0,0 +1,233 @@
|
||||
# Deployment Scripts Guide
|
||||
|
||||
## Recent Security Fixes - No Migration Required ✅
|
||||
|
||||
The security fixes we just implemented are **code-only changes** with **no database schema modifications**. You do NOT need to create or run any new migrations for these changes.
|
||||
|
||||
### What Changed (Code Only)
|
||||
- ✅ Security headers added (CSP, HSTS, etc.)
|
||||
- ✅ Password policy strengthened
|
||||
- ✅ CORS policy restricted
|
||||
- ✅ Authorization fixed (CompanyAdminOnly)
|
||||
- ✅ Path traversal protection enhanced
|
||||
- ✅ IDOR protection on profile photos
|
||||
- ✅ Session cookies hardened
|
||||
- ✅ File upload names use GUIDs
|
||||
- ✅ Input validation added
|
||||
|
||||
**Database Impact**: None - No new tables, columns, or schema changes
|
||||
|
||||
---
|
||||
|
||||
## Deployment Scripts
|
||||
|
||||
### For Development Server (Your Current Situation)
|
||||
|
||||
**Quick Start - Just Run the App:**
|
||||
```bash
|
||||
cd src\PowderCoating.Web
|
||||
dotnet watch run
|
||||
```
|
||||
|
||||
That's it! No migrations needed. The code changes are already in place.
|
||||
|
||||
---
|
||||
|
||||
### Migration Scripts (For Future Use)
|
||||
|
||||
When you DO have database changes in the future, use these scripts:
|
||||
|
||||
#### Windows (Batch Files)
|
||||
|
||||
**1. Check Migrations**
|
||||
```bash
|
||||
.\scripts\check-migrations.bat
|
||||
```
|
||||
- Lists all migrations in the project
|
||||
- Shows which are applied vs pending
|
||||
- Displays database connection info
|
||||
|
||||
**2. Apply Migrations**
|
||||
```bash
|
||||
.\scripts\apply-migrations.bat
|
||||
```
|
||||
- Applies any pending migrations to database
|
||||
- Asks for confirmation before proceeding
|
||||
- Shows success/failure message
|
||||
|
||||
#### PowerShell (Full Deployment)
|
||||
|
||||
**3. Deploy to Dev (Full Script)**
|
||||
```powershell
|
||||
.\scripts\deploy-to-dev.ps1
|
||||
```
|
||||
- Builds the solution
|
||||
- Checks for pending migrations
|
||||
- Applies migrations (with confirmation)
|
||||
- Shows deployment summary
|
||||
|
||||
**Options:**
|
||||
```powershell
|
||||
# Preview changes without applying
|
||||
.\scripts\deploy-to-dev.ps1 -WhatIf
|
||||
|
||||
# Skip build step (faster)
|
||||
.\scripts\deploy-to-dev.ps1 -SkipBuild
|
||||
|
||||
# Skip migrations (code-only deploy)
|
||||
.\scripts\deploy-to-dev.ps1 -SkipMigrations
|
||||
|
||||
# Combined
|
||||
.\scripts\deploy-to-dev.ps1 -SkipBuild -SkipMigrations -WhatIf
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Manual Migration Commands (Reference)
|
||||
|
||||
If you prefer to run commands manually:
|
||||
|
||||
### Check for Pending Migrations
|
||||
```bash
|
||||
cd src\PowderCoating.Web
|
||||
dotnet ef migrations list --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
### Apply All Pending Migrations
|
||||
```bash
|
||||
cd src\PowderCoating.Web
|
||||
dotnet ef database update --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
### Apply to Specific Migration
|
||||
```bash
|
||||
dotnet ef database update MigrationName --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
### Rollback to Previous Migration
|
||||
```bash
|
||||
dotnet ef database update PreviousMigrationName --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
### See Database Info
|
||||
```bash
|
||||
dotnet ef dbcontext info --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## When You WILL Need a Migration
|
||||
|
||||
You'll need to create a migration when you change:
|
||||
- Entity properties (add/remove/rename fields)
|
||||
- Entity relationships (foreign keys)
|
||||
- Indexes or constraints
|
||||
- Seed data (in OnModelCreating)
|
||||
|
||||
**Example - Adding a new field:**
|
||||
```csharp
|
||||
// 1. Update entity
|
||||
public class Customer : BaseEntity
|
||||
{
|
||||
public string CompanyName { get; set; }
|
||||
public string? Website { get; set; } // NEW FIELD
|
||||
}
|
||||
|
||||
// 2. Create migration
|
||||
cd src\PowderCoating.Web
|
||||
dotnet ef migrations add AddWebsiteToCustomer --project ..\PowderCoating.Infrastructure
|
||||
|
||||
// 3. Review migration file (check if it looks correct)
|
||||
|
||||
// 4. Apply migration
|
||||
dotnet ef database update --project ..\PowderCoating.Infrastructure
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Current Database State
|
||||
|
||||
**Existing Migrations** (already applied):
|
||||
- `Initial` - Base schema
|
||||
- `AddProfilePictureAndSidebarColor` - User profile enhancements
|
||||
- `AddProfilePictureFilePath` - Filesystem photo storage
|
||||
- `UpdateJobPhotoEntity` - Job photo improvements
|
||||
- `AddFileSystemStorageForLogosAndManuals` - Logo/manual storage
|
||||
- `ConvertEnumsToLookupTables` - Status/priority lookups
|
||||
- `AddAppointmentScheduling` - Appointments feature
|
||||
|
||||
**Pending Migrations**: None (as of this deployment)
|
||||
|
||||
---
|
||||
|
||||
## Deployment Checklist for Security Fixes
|
||||
|
||||
### Development Server (Your Current Task)
|
||||
|
||||
- [x] Code changes applied (security fixes)
|
||||
- [x] AppConstants.Policies updated
|
||||
- [x] CSP headers fixed (jQuery allowed)
|
||||
- [ ] Test application: `dotnet watch run`
|
||||
- [ ] Verify Data Lookups tab loads
|
||||
- [ ] Verify password policy (12 chars)
|
||||
- [ ] Test all CRUD operations
|
||||
|
||||
**No migrations needed** - Just test the app!
|
||||
|
||||
### Production Server (Future Deployment)
|
||||
|
||||
See `DEPLOYMENT_CONFIGURATION.md` for full production checklist:
|
||||
- [ ] Set environment variables (ConnectionStrings, JwtSettings)
|
||||
- [ ] Update CORS origins to production domain
|
||||
- [ ] Update AllowedHosts to production domain
|
||||
- [ ] Enable HTTPS with SSL certificate
|
||||
- [ ] Run `dotnet ef database update` on production DB
|
||||
- [ ] Test all functionality
|
||||
- [ ] Monitor logs for security events
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### "No migrations found"
|
||||
**Cause**: You're running from wrong directory
|
||||
**Fix**: Always run from `src/PowderCoating.Web`
|
||||
|
||||
### "Cannot connect to database"
|
||||
**Cause**: SQL Server not running or connection string wrong
|
||||
**Fix**:
|
||||
1. Check SQL Server is running (Windows Services)
|
||||
2. Verify connection string in `appsettings.Development.json`
|
||||
|
||||
### "Migration already applied"
|
||||
**Cause**: Trying to reapply existing migration
|
||||
**Fix**: Check `dotnet ef migrations list` - applied migrations show `(Applied)`
|
||||
|
||||
### "Build failed before migration"
|
||||
**Cause**: Code has compilation errors
|
||||
**Fix**: Run `dotnet build` and fix errors first
|
||||
|
||||
---
|
||||
|
||||
## Quick Reference
|
||||
|
||||
| Task | Command |
|
||||
|------|---------|
|
||||
| **Check migrations** | `.\scripts\check-migrations.bat` |
|
||||
| **Apply migrations** | `.\scripts\apply-migrations.bat` |
|
||||
| **Full deployment** | `.\scripts\deploy-to-dev.ps1` |
|
||||
| **Run app** | `cd src\PowderCoating.Web` → `dotnet watch run` |
|
||||
| **Build only** | `dotnet build` (from root) |
|
||||
| **List migrations** | `dotnet ef migrations list --project ..\PowderCoating.Infrastructure` |
|
||||
|
||||
---
|
||||
|
||||
## Summary
|
||||
|
||||
✅ **For your current security fixes deployment**: Just run `dotnet watch run` - no migrations needed!
|
||||
|
||||
📋 **For future database changes**: Use the migration scripts provided
|
||||
|
||||
📖 **For production deployment**: Follow `DEPLOYMENT_CONFIGURATION.md`
|
||||
|
||||
🔒 **Security documentation**: See `SECURITY_FIXES_SUMMARY.md`
|
||||
Reference in New Issue
Block a user