TaskHub.Shared

Tools & Utilities

The Tools group bundles cross-cutting utilities that don’t belong to any one architectural concern — API documentation, versioning, rate limiting, and the reflection-based dependency discovery engine. Each is a single-purpose module, opt-in via a one-line registration.

🎯 Design Goals

Opinionated defaults. Every tool ships with sensible defaults that match the rest of the platform (Bearer security on Swagger, URL-based versioning, fixed-window rate limiting).
Configuration-driven. Behaviors are tuned via appsettings.json — no code changes for an environment swap.
Composable. Each tool registers independently; turning one off doesn’t break the others.

📦 Modules

Module	Purpose	Status
Swagger	OpenAPI/Swagger UI with JWT security definition and versioning awareness.	Production
Versioning	URL-segment API versioning (`/v1/...`) with version reporting.	Production
Rate Limiter	Fixed-window rate limiter with per-policy permits and queues.	Production
Refactoring	Reflection-based auto-discovery of `IService` / `IRepository` / `IUnitOfWork`. Powers DI without manual wiring.	Production

🧭 When to Use Each

Goal	Reach for
Document the API	Swagger
Ship breaking changes safely	Versioning (combine with Swagger to publish per-version docs)
Defend against runaway clients	Rate Limiter
Stop writing 50 lines of `services.AddScoped<…>`	Refactoring

⚙️ All Together in `appsettings.json`

{
  "Swagger":  { "Title": "TaskHub", "Version": "v1", "SecurityDefinition": "Bearer" },
  "Versioning": { "IsEnabled": true, "AppVersion": "1.0", "InUrl": true, "ReportVersions": true },
  "RateLimiter": { "IsEnabled": true, "PermitLimit": 100, "WindowInSeconds": 60 }
}

The FullHostBuilder reads each section and registers the matching tool; missing sections leave the tool off.

✅ Best Practices

Prefer auto-DI for plain services, manual registration for configurable services (anything that needs Action<TOptions>).
Version from day one — even if you only have v1, the URL prefix is in place and v2 is a non-breaking addition.
Rate limit anonymous endpoints harder than authenticated ones.
Lock down Swagger in production behind an admin-only group, or disable the UI entirely and serve only the JSON.

🔗 See Also

Bootstrapping — FullHostBuilder wires every tool in this group automatically.
Authorization Identity — Swagger’s bearer security definition pairs with this.

This site is open source. Improve this page.