predavanja/Events-WebApi

Solution Overview

Events-WebApi currently contains these projects:

• Events.ClientApp - Vue 3 + Vite single-page application
• Events.WebAPI - main ASP.NET Core REST API for CRUD and lookup operations
• Events.FilesAPI - ASP.NET Core API for certificate and Excel export downloads
• Events.Auth - shared authentication project for JWT and policy configuration
• Events.WebAPI.Contract - DTO, command, query, and message contracts
• Events.WebAPI.Handlers.EF - EF Core models, DbContext, and handlers

The typical runtime setup is:

• Events.ClientApp calls Events.WebAPI
• Events.ClientApp downloads files from Events.FilesAPI
• Events.WebAPI publishes registration events to RabbitMQ
• Events.FilesAPI consumes those events and synchronizes generated files
• both APIs use PostgreSQL and the same Auth0 authority/audience

Default Local URLs

According to the current launchSettings.json files:

• Events.WebAPI -> https://localhost:7295
• Events.FilesAPI -> https://localhost:7296
• Swagger for Events.WebAPI -> https://localhost:7295/docs
• the Vite dev server for Events.ClientApp is typically http://localhost:5173

Ports may differ if you change the launch profile or run the projects with a different profile.

Prerequisites

• .NET SDK 10.0
• Node.js 20+
• PostgreSQL
• RabbitMQ
• An Auth0 tenant if you want real login and bearer-token flows

Authentication Setup Options

To use the solution as-is, you need working Auth0 configuration for both:

• an API application using the configured audience
• a SPA application used by Events.ClientApp

In practice, that means you either:

1. create and configure the required applications in Auth0, then keep the current Authorize attributes and SPA login flow
2. simplify the solution for local/demo usage by removing Authorize attributes from the APIs and removing Auth0-based authorization from the SPA

If you choose the second option, remember that:

• Events.WebAPI and Events.FilesAPI currently expect bearer tokens on protected endpoints
• Events.ClientApp is wired to request Auth0 access tokens before calling protected APIs
• removing authorization from only one layer usually is not enough; the APIs and SPA should be adjusted together

Configuration

WebAPI and FilesAPI

Both APIs use:

• RabbitMq:Host
• RabbitMq:Username
• RabbitMq:Password
• Auth:Authority
• Auth:Audience

Events.FilesAPI additionally uses:

• Paths:OutputPath

Authentication settings are now applied through the shared Events.Auth project, but each API still reads its own values from configuration and passes them into the shared setup.

Connection String Note

The current Program.cs files for both APIs read the connection string from:

• ConnectionStrings:EventsPostgres

Examples:

dotnet user-secrets set "ConnectionStrings:EventsPostgres" "Host=localhost;Port=5432;Database=events;Username=sport;Password=your-password;Persist Security Info=True;" --project Events.WebAPI\Events.WebAPI.csproj
dotnet user-secrets set "ConnectionStrings:EventsPostgres" "Host=localhost;Port=5432;Database=events;Username=sport;Password=your-password;Persist Security Info=True;" --project Events.FilesAPI\Events.FilesAPI.csproj

If needed, you can also override the Auth values with user secrets:

dotnet user-secrets set "Auth:Authority" "https://fer-web2.eu.auth0.com/" --project Events.WebAPI\Events.WebAPI.csproj
dotnet user-secrets set "Auth:Audience" "https://erasmus-sta-2026/events-api" --project Events.WebAPI\Events.WebAPI.csproj

dotnet user-secrets set "Auth:Authority" "https://fer-web2.eu.auth0.com/" --project Events.FilesAPI\Events.FilesAPI.csproj
dotnet user-secrets set "Auth:Audience" "https://erasmus-sta-2026/events-api" --project Events.FilesAPI\Events.FilesAPI.csproj

ClientApp

For the SPA client, copy Events.ClientApp/.env.example to .env.local:

Copy-Item Events.ClientApp\.env.example Events.ClientApp\.env.local

The current example includes:

• VITE_AUTH0_DOMAIN=fer-web2.eu.auth0.com
• VITE_AUTH0_CLIENT_ID=whed5Hdb8l1b1fGyyAz7Qrdsb2oKcSh3
• VITE_AUTH0_AUDIENCE=https://erasmus-sta-2026/events-api
• VITE_AUTH0_SCOPE=openid profile email events:read events:write
• VITE_API_BASE_URL=https://localhost:7295
• VITE_FILES_API_BASE_URL=https://localhost:7296

Running Required Infrastructure

Start PostgreSQL using the repository Docker definitions:

docker compose -f ..\docker-definitions\postgres-eventsdb\docker-compose.yml up -d

Start RabbitMQ:

docker run -d --name rabbitmq-for-events -p 5672:5672 -p 15672:15672 rabbitmq:4-management

The RabbitMQ management UI is typically available at:

http://localhost:15672

Running The APIs

Restore and build the full solution:

dotnet restore Events-WebApi.slnx
dotnet build Events-WebApi.slnx

Run Events.WebAPI:

dotnet run --project Events.WebAPI\Events.WebAPI.csproj

Run Events.FilesAPI:

dotnet run --project Events.FilesAPI\Events.FilesAPI.csproj

Once the APIs are running:

• open Swagger for Events.WebAPI at /docs
• most WebAPI endpoints require a bearer token
• FilesAPI download endpoints are also protected and require the events:read scope

Running The Client App

See Events.ClientApp/README.md for more details.

Typical local flow:

cd Events.ClientApp
npm install
npm run dev

Generated Files

Events.FilesAPI stores generated files in the directory configured by:

• Paths:OutputPath

According to the current appsettings.json, the default is:

./Certificates

Troubleshooting

• If an API cannot connect to the database, first verify ConnectionStrings:EventsPostgres
• If Swagger opens but secured requests return 401 or 403, verify Auth:Authority, Auth:Audience, and scope claims
• If ClientApp cannot download files, verify VITE_FILES_API_BASE_URL
• If PDF or XLSX files are not generated, verify Paths:OutputPath and filesystem permissions
• If dotnet build reports locked DLLs, one of the API processes is probably still running in the background