Optimized SQL transactions to ensure database consistency

Author: XIYUEKONGLING

OpenBioCardServer/Controllers/AdminController.cs

@@ -84,33 +84,46 @@ public async Task<ActionResult<UserListResponse>> GetUsers()
     [HttpPost("users")]
     public async Task<ActionResult<TokenResponse>> CreateUser([FromBody] CreateUserRequest request)
     {
-        var token = GetTokenFromHeader();
-        var (isValid, account) = await ValidateAdminTokenAsync(token);
-        
-        if (!isValid || account == null)
+        using var transaction = await _context.Database.BeginTransactionAsync();
+    
+        try
         {
-            return Unauthorized(new { error = "Invalid token or insufficient permissions" });
-        }
+            var token = GetTokenFromHeader();
+            var (isValid, account) = await ValidateAdminTokenAsync(token);
+        
+            if (!isValid || account == null)
+            {
+                return Unauthorized(new { error = "Invalid token or insufficient permissions" });
+            }
 
-        if (!Enum.TryParse<UserType>(request.Type, true, out var userType) || userType == UserType.Root)
-        {
-            return BadRequest(new { error = "Invalid user type" });
-        }
+            if (!Enum.TryParse<UserType>(request.Type, true, out var userType) || userType == UserType.Root)
+            {
+                return BadRequest(new { error = "Invalid user type" });
+            }
 
-        if (await _authService.UsernameExistsAsync(request.NewUsername))
-        {
-            return Conflict(new { error = "Username already exists" });
-        }
+            if (await _authService.UsernameExistsAsync(request.NewUsername))
+            {
+                return Conflict(new { error = "Username already exists" });
+            }
 
-        var newAccount = await _authService.CreateAccountAsync(request.NewUsername, request.Password, userType);
-        await _authService.CreateDefaultProfileAsync(newAccount.Id, request.NewUsername);
+            var newAccount = await _authService.CreateAccountAsync(request.NewUsername, request.Password, userType);
+            await _authService.CreateDefaultProfileAsync(newAccount.Id, request.NewUsername);
 
-        var newToken = await _authService.CreateTokenAsync(newAccount);
+            var newToken = await _authService.CreateTokenAsync(newAccount);
 
-        _logger.LogInformation("Admin {AdminUser} created new user: {NewUser} (Type: {Type})", 
-            account.UserName, request.NewUsername, userType);
+            await transaction.CommitAsync();
 
-        return Ok(new TokenResponse { Token = newToken });
+            _logger.LogInformation("Admin {AdminUser} created new user: {NewUser} (Type: {Type})", 
+                account.UserName, request.NewUsername, userType);
+
+            return Ok(new TokenResponse { Token = newToken });
+        }
+        catch (Exception ex)
+        {
+            await transaction.RollbackAsync();
+            _logger.LogError(ex, "Error creating new user");
+            return StatusCode(500, new { error = "User creation failed" });
+        }
     }
 
     /// <summary>

OpenBioCardServer/Controllers/AuthController.cs

@@ -35,39 +35,53 @@ public AuthController(
     [EnableRateLimiting("login")]
     public async Task<ActionResult<TokenResponse>> SignUp([FromBody] SignUpRequest request)
     {
-        if (string.IsNullOrWhiteSpace(request.Username) || 
-            string.IsNullOrWhiteSpace(request.Password) ||
-            string.IsNullOrWhiteSpace(request.UserType))
+        using var transaction = await _context.Database.BeginTransactionAsync();
+    
+        try
         {
-            return BadRequest(new { error = "Missing required fields" });
-        }
+            if (string.IsNullOrWhiteSpace(request.Username) || 
+                string.IsNullOrWhiteSpace(request.Password) ||
+                string.IsNullOrWhiteSpace(request.UserType))
+            {
+                return BadRequest(new { error = "Missing required fields" });
+            }
 
-        if (!Enum.TryParse<UserType>(request.UserType, true, out var userType))
-        {
-            return BadRequest(new { error = "Invalid user type" });
-        }
+            if (!Enum.TryParse<UserType>(request.UserType, true, out var userType))
+            {
+                return BadRequest(new { error = "Invalid user type" });
+            }
 
-        if (userType == UserType.Root)
-        {
-            return Forbid("Cannot create root users");
-        }
+            if (userType == UserType.Root)
+            {
+                return Forbid("Cannot create root users");
+            }
 
-        if (await _authService.UsernameExistsAsync(request.Username))
-        {
-            return Conflict(new { error = "Username already exists" });
-        }
+            if (await _authService.UsernameExistsAsync(request.Username))
+            {
+                return Conflict(new { error = "Username already exists" });
+            }
+
+            var account = await _authService.CreateAccountAsync(request.Username, request.Password, userType);
+            await _authService.CreateDefaultProfileAsync(account.Id, request.Username);
 
-        var account = await _authService.CreateAccountAsync(request.Username, request.Password, userType);
-        await _authService.CreateDefaultProfileAsync(account.Id, request.Username);
+            var token = await _authService.CreateTokenAsync(account);
 
-        var token = await _authService.CreateTokenAsync(account);
+            await transaction.CommitAsync();
 
-        _logger.LogInformation("New user registered: {Username} (Type: {Type})", 
-            request.Username, userType);
+            _logger.LogInformation("New user registered: {Username} (Type: {Type})", 
+                request.Username, userType);
 
-        return Ok(new TokenResponse { Token = token });
+            return Ok(new TokenResponse { Token = token });
+        }
+        catch (Exception ex)
+        {
+            await transaction.RollbackAsync();
+            _logger.LogError(ex, "Error during user registration");
+            return StatusCode(500, new { error = "Account creation failed" });
+        }
     }
 
+
     /// <summary>
     /// 用户登录
     /// </summary>

OpenBioCardServer/Controllers/Classic/ClassicAdminController.cs

@@ -134,6 +134,8 @@ private async Task<IActionResult> GetUsersInternal(string token, string username
     [HttpPost("users")]
     public async Task<IActionResult> CreateUser([FromBody] ClassicCreateUserRequest request)
     {
+        using var transaction = await _context.Database.BeginTransactionAsync();
+        
         try
         {
             var (isValid, account) = await _authService.ValidateTokenAsync(request.Token);
@@ -199,6 +201,8 @@ public async Task<IActionResult> CreateUser([FromBody] ClassicCreateUserRequest
             // Generate token for new user
             var newToken = await _authService.CreateTokenAsync(newAccount);
 
+            await transaction.CommitAsync();
+
             _logger.LogInformation("Admin {AdminUser} created new user: {NewUser} (Type: {Type})", 
                 request.Username, request.NewUsername, userType);
 
@@ -210,6 +214,7 @@ public async Task<IActionResult> CreateUser([FromBody] ClassicCreateUserRequest
         }
         catch (Exception ex)
         {
+            await transaction.RollbackAsync();
             _logger.LogError(ex, "Error creating new user");
             return StatusCode(500, new { error = "User creation failed" });
         }

OpenBioCardServer/Controllers/Classic/ClassicAuthController.cs

@@ -38,6 +38,8 @@ public ClassicAuthController(
     [EnableRateLimiting("login")]
     public async Task<IActionResult> SignUp([FromBody] ClassicSignUpRequest request)
     {
+        using var transaction = await _context.Database.BeginTransactionAsync();
+        
         try
         {
             // Validate required fields
@@ -94,13 +96,16 @@ public async Task<IActionResult> SignUp([FromBody] ClassicSignUpRequest request)
             // Generate authentication token
             var token = await _authService.CreateTokenAsync(account);
 
+            await transaction.CommitAsync();
+
             _logger.LogInformation("New user registered: {Username} (Type: {Type})", 
                 request.Username, userType);
 
             return Ok(new ClassicTokenResponse { Token = token });
         }
         catch (Exception ex)
         {
+            await transaction.RollbackAsync();
             _logger.LogError(ex, "Error during user registration");
             return StatusCode(500, new { error = "Account creation failed" });
         }
@@ -206,54 +211,4 @@ public async Task<IActionResult> DeleteAccount([FromBody] ClassicDeleteRequest r
             return StatusCode(500, new { error = "Account deletion failed" });
         }
     }
-
-    /// <summary>
-    /// Initialize admin user (for first-time setup only)
-    /// </summary>
-    [HttpGet("init-admin")]
-    public async Task<IActionResult> InitAdmin()
-    {
-        try
-        {
-            // Only allow if no users exist yet
-            if (await _context.Accounts.AnyAsync())
-            {
-                return Ok("Admin already initialized");
-            }
-
-            // Create default admin account
-            var (hash, salt) = PasswordHasher.HashPassword("admin");
-            var admin = new Account
-            {
-                UserName = "admin",
-                PasswordHash = hash,
-                PasswordSalt = salt,
-                Type = UserType.Admin
-            };
-
-            _context.Accounts.Add(admin);
-            await _context.SaveChangesAsync();
-
-            // Create default profile
-            var profile = new ProfileEntity
-            {
-                AccountId = admin.Id,
-                Username = "admin",
-                AvatarType = AssetType.Text,
-                AvatarText = "👤"
-            };
-
-            _context.Profiles.Add(profile);
-            await _context.SaveChangesAsync();
-
-            _logger.LogInformation("Admin user initialized");
-
-            return Ok("Admin initialized");
-        }
-        catch (Exception ex)
-        {
-            _logger.LogError(ex, "Error during admin initialization");
-            return StatusCode(500, new { error = "Initialization failed" });
-        }
-    }
 }

OpenBioCardServer/Controllers/Classic/ClassicUserController.cs

@@ -65,6 +65,8 @@ public async Task<IActionResult> GetProfile(string username)
     [HttpPost("{username}")]
     public async Task<IActionResult> UpdateProfile(string username, [FromBody] ClassicProfile request)
     {
+        using var transaction = await _context.Database.BeginTransactionAsync();
+        
         try
         {
             // Extract token from Authorization header
@@ -105,15 +107,7 @@ public async Task<IActionResult> UpdateProfile(string username, [FromBody] Class
             // Update basic profile fields
             ClassicMapper.UpdateProfileFromClassic(profile, request);
 
-            // Clear all existing collections (we'll replace them completely)
-            // _context.ContactItems.RemoveRange(profile.Contacts);
-            // _context.SocialLinkItems.RemoveRange(profile.SocialLinks);
-            // _context.ProjectItems.RemoveRange(profile.Projects);
-            // _context.WorkExperienceItems.RemoveRange(profile.WorkExperiences);
-            // _context.SchoolExperienceItems.RemoveRange(profile.SchoolExperiences);
-            // _context.GalleryItems.RemoveRange(profile.Gallery);
-
-
+            // Clear all existing collections using ExecuteDeleteAsync
             await _context.ContactItems
                 .Where(c => c.ProfileId == profile.Id)
                 .ExecuteDeleteAsync();
@@ -176,13 +170,15 @@ await _context.GalleryItems
             }
 
             await _context.SaveChangesAsync();
+            await transaction.CommitAsync();
 
             _logger.LogInformation("Profile updated for user: {Username}", username);
 
             return Ok(new { success = true });
         }
         catch (Exception ex)
         {
+            await transaction.RollbackAsync();
             _logger.LogError(ex, "Error updating profile for user: {Username}", username);
             return StatusCode(500, new { error = "Profile update failed" });
         }

OpenBioCardServer/Controllers/ProfileController.cs

@@ -56,40 +56,53 @@ public async Task<ActionResult<ProfileDto>> GetProfile(string username)
     [HttpPut("{username}")]
     public async Task<IActionResult> UpdateProfile(string username, [FromBody] ProfileDto request)
     {
-        var token = GetTokenFromHeader();
-        var (isValid, account) = await ValidateTokenAndUser(token, username);
-        
-        if (!isValid || account == null)
+        using var transaction = await _context.Database.BeginTransactionAsync();
+    
+        try
         {
-            return Unauthorized(new { error = "Invalid token or token does not match username" });
+            var token = GetTokenFromHeader();
+            var (isValid, account) = await ValidateTokenAndUser(token, username);
+        
+            if (!isValid || account == null)
+            {
+                return Unauthorized(new { error = "Invalid token or token does not match username" });
+            }
+
+            var profile = await _context.Profiles
+                .Include(p => p.Contacts)
+                .Include(p => p.SocialLinks)
+                .Include(p => p.Projects)
+                .Include(p => p.WorkExperiences)
+                .Include(p => p.SchoolExperiences)
+                .Include(p => p.Gallery)
+                .FirstOrDefaultAsync(p => p.Username == username);
+
+            if (profile == null)
+            {
+                return NotFound(new { error = "Profile not found" });
+            }
+
+            // 更新基本资料
+            DataMapper.UpdateProfileEntity(profile, request);
+
+            // 清除并替换所有子项
+            await ReplaceCollectionItemsAsync(profile, request);
+
+            await _context.SaveChangesAsync();
+            await transaction.CommitAsync();
+
+            _logger.LogInformation("Profile updated for user: {Username}", username);
+            return Ok(new { success = true });
         }
-
-        var profile = await _context.Profiles
-            .Include(p => p.Contacts)
-            .Include(p => p.SocialLinks)
-            .Include(p => p.Projects)
-            .Include(p => p.WorkExperiences)
-            .Include(p => p.SchoolExperiences)
-            .Include(p => p.Gallery)
-            .FirstOrDefaultAsync(p => p.Username == username);
-
-        if (profile == null)
+        catch (Exception ex)
         {
-            return NotFound(new { error = "Profile not found" });
+            await transaction.RollbackAsync();
+            _logger.LogError(ex, "Error updating profile for user: {Username}", username);
+            return StatusCode(500, new { error = "Profile update failed" });
         }
-
-        // 更新基本资料
-        DataMapper.UpdateProfileEntity(profile, request);
-
-        // 清除并替换所有子项
-        await ReplaceCollectionItemsAsync(profile, request);
-
-        await _context.SaveChangesAsync();
-
-        _logger.LogInformation("Profile updated for user: {Username}", username);
-        return Ok(new { success = true });
     }
 
+
     /// <summary>
     /// 获取当前登录用户的资料（私有）
     /// </summary>