Table of Contents

Namespace KadicAuth.Infrastructure.Services

Classes

CachedUserSessionValidator

Decorator over UserSessionValidator that caches positive and negative session-active results for a short TTL (30 s) to avoid hitting the database on every authenticated request.

JwtTokenGenerator
NotificationsAuthHandler

Agrega Authorization: Bearer {token} si NotificationsAuthToken está configurado.

NotificationsClient
PasswordHasher
PlatformAdminAwarePermissionService

Decorator over the base KadicErp.Core.Abstractions.Authorization.IPermissionService implementation (KadicErp.Core.Authentication.Services.PermissionService) that short circuits for active platform admins and tenant super admins.

Why a decorator instead of modifying the base class: KadicErp.Core.Authentication would have to reference KadicAuth.Application to see IPlatformAdminService, which creates a dependency cycle (KadicAuth.Application → KadicErp.Core.Authentication → KadicAuth.Application). This lives in KadicAuth.Infrastructure which already references both projects, so we get the behavior we need without touching the core auth services layer.

Wire-up: register this as the KadicErp.Core.Abstractions.Authorization.IPermissionService implementation in every API host (KadicAuth.Api, KadicErp.WebApi, KadicErp.Notifications.Api), AND also register the base KadicErp.Core.Authentication.Services.PermissionService so the decorator has a concrete dependency to delegate to. See the DI helper AddPlatformAdminAwarePermissions() below.

PlatformAdminService
RedisPermissionService

GAP-16: Redis-backed IPermissionService for horizontally-scaled deployments. Uses IDistributedCache so the same permission set is shared across all API instances within the configured TTL — eliminates per-instance cache divergence.

Falls back gracefully to fetching from DB when the cache is unavailable (Redis down), never blocking authentication in case of cache failure.

Registration: swap PermissionService for this class in DI when RedisSettings.Enabled = true.

TenantModuleService

IMemoryCache-backed implementation of KadicErp.Core.Abstractions.Tenancy.ITenantModuleService. Caches the full active-module-key set per tenant for 5 minutes, with a per-tenant lock to avoid thundering-herd on first read.

TenantSuperAdminService
UserSessionValidator