allowed properties to be marked as unique

Author: ddjerqq

.github/FUNDING

@@ -0,0 +1 @@
+github: https://github.com/ddjerqq

.github/workflows/build.yaml

@@ -1,44 +1,57 @@
-name: .NET
+name: Build and publish
 
 on:
   workflow_dispatch:
-    
-#on:
 #  push:
 #    branches: [ main ]
 #  pull_request:
 #    branches: [ main ]
 
+env:
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+
 jobs:
   build-library:
+    concurrency: ci-${{ github.ref }}
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout repository
+      - name: Checkout 🛎️
         uses: actions/checkout@v4
 
-      - name: Setup .NET Core
+      - name: Setup .NET 🛠️
         uses: actions/setup-dotnet@v4
         with:
           dotnet-version: |
-            3.1.x
-            5.0.x
             6.0.x
             7.0.x
             8.0.x
             9.0.x
 
-      - name: Display .NET version
+      - name: Load cache 🔃
+        id: nuget-cache
+        uses: actions/cache@v4
+        with:
+          path: "~/.nuget/packages"
+          key: "${{ runner.os }}-nuget-api-${{ hashFiles('**/*.csproj') }}"
+          restore-keys: "${{ runner.os }}-nuget-api-"
+
+      - name: Cache status ✅
+        run: |
+          echo "Cache hit: ${{ steps.nuget-cache.outputs.cache-hit }}"
+
+      - name: Display .NET version 📚
         run: dotnet --version
 
-      - name: Restore dependencies
-        run: dotnet restore
+      - name: Restore 📦
+        run: dotnet restore --verbosity minimal
 
-      - name: Build
-        run: dotnet build SoftFluent.EntityFrameworkCore.DataEncryption.sln --configuration Release -f net9.0 --no-restore
+      - name: Test 🧪
+        run: dotnet test --no-restore --verbosity minimal
 
-      - name: Run unit tests
-        run: dotnet test --configuration Release --collect:"XPlat Code Coverage" --settings ./test/EntityFrameworkCore.DataEncryption.Test/runsettings.xml
+      - name: Pack 📦
+        run: dotnet pack --configuration Release --output .
 
-      - name: Copy coverage results
-        run:  cp ./test/EntityFrameworkCore.DataEncryption.Test/TestResults/**/*.xml ./test/EntityFrameworkCore.DataEncryption.Test/TestResults/
+      - name: Push to NuGet 🚀
+        run: dotnet nuget push "*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source "https://api.nuget.org/v3/index.json"

EntityFrameworkCore.DataProtection.sln

@@ -1,12 +1,12 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "src/EntityFrameworkCore.DataProtection", "src/EntityFrameworkCore.DataProtection\EntityFrameworkCore.DataProtection.csproj", "{23817096-829D-465B-9C81-39EF87D90468}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "src/EntityFrameworkCore.DataProtection", "src/EntityFrameworkCore.DataProtection/EntityFrameworkCore.DataProtection.csproj", "{23817096-829D-465B-9C81-39EF87D90468}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{08CF6BCC-3928-4FB6-A1A0-ABF5DE162D6C}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{6A01C6D2-B6BE-4584-897B-60710734DC66}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EntityFrameworkCore.DataProtection.Test", "test\EntityFrameworkCore.DataProtection.Test\EntityFrameworkCore.DataProtection.Test.csproj", "{AEACE4E1-D3F5-4A5D-8632-695AFDBDC020}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EntityFrameworkCore.DataProtection.Test", "test/EntityFrameworkCore.DataProtection.Test/EntityFrameworkCore.DataProtection.Test.csproj", "{AEACE4E1-D3F5-4A5D-8632-695AFDBDC020}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

README.md

@@ -110,35 +110,41 @@ Using the EncryptedAttribute:
 ```csharp
 class User
 {
-  [Encrypt(isQueryable: true)]
+  //       v default           v default
+  [Encrypt(IsQueryable = true, IsUnique = true)]
   public string SocialSecurityNumber { get; set; }
 
-  [Encrypt]
+  [Encrypt(IsQueryable = false, IsUnique = false)]
   public byte[] IdPicture { get; set; }
 }
 ```
 
+> [!TIP]
+> By default `IsQueryable` and `IsUnique` are set to `true`, you can omit them if you want to use the default values.
+> If you have a property that is marked as `IsQueryable = true` and you want to query it, you **MUST** call `AddDataProtectionInterceptors` in your `DbContext` configuration.
+
 Using the FluentApi (in your `DbContext.OnModelCreating` method):
 ```csharp
 protected override void OnModelCreating(ModelBuilder builder)
 {
-    builder.Entity<User>(entity =>
-    {
-        entity.Property(e => e.SocialSecurityNumber).IsEncrypted(isQueryable: true);
-        entity.Property(e => e.IdPicture).IsEncrypted(isQueryable: false);
-    });
+  builder.Entity<User>(entity =>
+  {
+    //                                                                v defaults to true
+    entity.Property(e => e.SocialSecurityNumber).IsEncryptedQueryable(isUnique: true);
+    entity.Property(e => e.IdPicture).IsEncrypted();
+  });
 }
 ```
 
 Creating a custom `EntityTypeConfiguration` (Recommended for DDD):
 ```csharp
 class UserConfiguration : IEntityTypeConfiguration<User>
 {
-    public void Configure(EntityTypeBuilder<User> builder)
-    {
-        builder.Property(e => e.SocialSecurityNumber).IsEncrypted(isQueryable: true);
-        builder.Property(e => e.IdPicture).IsEncrypted(isQueryable: false);
-    }
+  public void Configure(EntityTypeBuilder<User> builder)
+  {
+    builder.Property(e => e.SocialSecurityNumber).IsEncryptedQueryable();
+    builder.Property(e => e.IdPicture).IsEncrypted();
+  }
 }
 ```
 

…rkCore.DataProtection/Resources/icon.png Resources/icon.pngsrc/EntityFrameworkCore.DataProtection/Resources/icon.png renamed to Resources/icon.png src/EntityFrameworkCore.DataProtection/Resources/icon.png renamed to Resources/icon.png

@@ -2,35 +2,23 @@
 
 /// <summary>
 /// Marks a property as encrypted.
+/// Optionally choose if you want your property to be queryable or not.
+/// Optionally choose if you want your properties to have a Unique Index or not.
 /// </summary>
 /// <remarks>
-/// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that:
-/// <para></para>
-/// A) The property is a string or byte[].
-/// <para></para>
-/// B) The values of this property are unique (email addresses, full names, so on).
+/// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that the property is a string or byte[].
 /// </remarks>
 [AttributeUsage(AttributeTargets.Property)]
 public sealed class EncryptAttribute : Attribute
 {
     /// <summary>
     /// Gets a boolean value indicating if this property can be queried from the database.
-    /// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that:
-    /// <para></para>
-    /// A) The property is a string or byte[].
-    /// <para></para>
-    /// B) The values of this property are unique (email addresses, full names, so on).
+    /// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that the property is a string or byte[].
     /// </summary>
-    public bool IsQueryable { get; }
+    public bool IsQueryable { get; init; } = true;
 
     /// <summary>
-    /// Initializes a new instance of the <see cref="EncryptAttribute"/> class.
-    /// indicates if this property can be queried from the database.
-    /// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that:
-    /// <para></para>
-    /// A) The property is a string or byte[].
-    /// <para></para>
-    /// B) The values of this property are unique (email addresses, full names, so on).
+    /// Gets a boolean value indicating if this property should have a unique index.
     /// </summary>
-    public EncryptAttribute(bool isQueryable = false) => IsQueryable = isQueryable;
+    public bool IsUnique { get; init; } = true;
 }

src/EntityFrameworkCore.DataProtection/EncryptAttribute.cs

@@ -1,15 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFrameworks>net6.0;net7.0;net8.0;net9.0</TargetFrameworks>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
         <LangVersion>10.0</LangVersion>
-        <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+        <Version>1.0.0</Version>
         <AssemblyName>EntityFrameworkCore.DataProtection</AssemblyName>
         <RootNamespace>EntityFrameworkCore.DataProtection</RootNamespace>
         <IsPackable>true</IsPackable>
-        <Version>8.0.11</Version>
         <Authors>ddjerqq</Authors>
         <Company>ddjerqq</Company>
         <PackageId>EntityFrameworkCore.DataProtection</PackageId>
@@ -18,30 +17,39 @@
         <RepositoryType>git</RepositoryType>
         <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
         <GenerateDocumentationFile>true</GenerateDocumentationFile>
-        <PackageTags>entity-framework-core,extensions,dotnet-core,dotnet,encryption,data-protection,fluent-api</PackageTags>
-        <PackageIcon>Resources/icon.png</PackageIcon>
-        <Copyright>ddjerqq © 2019 - 2024</Copyright>
-        <Description>A plugin for Microsoft.EntityFrameworkCore to add support of data protection with built-in data protection providers</Description>
-        <PackageLicenseFile>LICENSE</PackageLicenseFile>
+        <PackageTags>entity-framework-core,extensions,dotnet-core,dotnet,encryption,data-protection</PackageTags>
+        <PackageIcon>icon.png</PackageIcon>
+        <Copyright>ddjerqq © 2024 - 2028</Copyright>
+        <Description>A plugin for Microsoft.EntityFrameworkCore that adds support of data protection, while maintaining queryability for encrypted properties.</Description>
         <PackageReleaseNotes>https://github.com/ddjerqq/EntityFrameworkCore.DataEncryption/releases/</PackageReleaseNotes>
+        <PackageLicenseFile>LICENSE</PackageLicenseFile>
         <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
 
-    <ItemGroup>
-        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.11" />
-        <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="8.0.11" />
+    <ItemGroup Condition="('$(TargetFramework)' == 'net6.0')">
+        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="[6.0.36,8)"/>
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="[6.0.36,8)"/>
+    </ItemGroup>
+
+    <ItemGroup Condition="('$(TargetFramework)' == 'net7.0')">
+        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="[7,9)"/>
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="[7,9)"/>
+    </ItemGroup>
+
+    <ItemGroup Condition="('$(TargetFramework)' == 'net8.0')">
+        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="[8.0.11,)"/>
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="[8.0.11,)"/>
+    </ItemGroup>
+
+    <ItemGroup Condition="('$(TargetFramework)' == 'net9.0')">
+        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="[9,)"/>
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="[9,)"/>
     </ItemGroup>
 
     <ItemGroup>
-        <None Include="../../LICENSE">
-            <Pack>True</Pack>
-            <PackagePath>/</PackagePath>
-        </None>
-        <None Include="../../README.md">
-            <Pack>True</Pack>
-            <PackagePath>/</PackagePath>
-        </None>
-        <None Include="Resources/icon.png" Pack="true" Visible="true" PackagePath="" />
+        <None Include="../../LICENSE" Pack="true" PackagePath="/"/>
+        <None Include="../../README.md" Pack="true" PackagePath="/"/>
+        <None Include="../../Resources/icon.png" Pack="true" Visible="true" PackagePath="/"/>
     </ItemGroup>
 
     <ItemGroup>

src/EntityFrameworkCore.DataProtection/EntityFrameworkCore.DataProtection.csproj

@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
 
 namespace EntityFrameworkCore.DataProtection.Extensions;
 
@@ -12,7 +13,7 @@ public static class ModelBuilderExt
 {
     /// <summary>
     /// Configures the data protection for the entities marked with <see cref="EncryptAttribute"/> or Fluently marked
-    /// as Encrypted using <see cref="PropertyBuilderExtensions.IsEncrypted{TProperty}"/>.
+    /// as Encrypted using <see cref="PropertyBuilderExt.IsEncrypted{TProperty}"/>.
     /// </summary>
     /// <remarks>
     /// You must call this method __after__ <see cref="ModelBuilder.ApplyConfigurationsFromAssembly"/>.
@@ -49,14 +50,14 @@ public static ModelBuilder UseDataProtection(this ModelBuilder builder, IDataPro
         var protector = dataProtectionProvider.CreateProtector("EntityFrameworkCore.DataProtection");
 
         var properties = (
-                from prop in builder.Model.GetEntityTypes().SelectMany(type => type.GetProperties())
-                let status = prop.GetEncryptionStatus()
+                from entityType in builder.Model.GetEntityTypes()
+                from prop in entityType.GetProperties()
+                let status = prop.GetEncryptionMetadata()
                 where status.SupportsEncryption
-                select (prop, status.SupportsQuerying))
-            // need to collect to a list because it is modified in AddShadowProperty
+                select (entityType, prop, status))
             .ToList();
 
-        foreach (var (property, supportsQuerying) in properties)
+        foreach (var (entityType, property, status) in properties)
         {
             var propertyType = property.PropertyInfo?.PropertyType;
 
@@ -65,28 +66,31 @@ where status.SupportsEncryption
             else if (propertyType == typeof(byte[]))
                 property.SetValueConverter(new ByteArrayDataProtectionValueConverter(protector));
             else
-                throw new InvalidOperationException("Only string and byte[] properties are supported for now. Please open an issue on https://github.com/ddjerqq/EntityFrameworkCore.DataProtection/issues to request a new feature");
+                throw PropertyBuilderExt.InvalidTypeException;
 
-            if (supportsQuerying)
-                AddShadowProperty(property);
+            if (status.SupportsQuerying)
+                AddShadowProperty(entityType, property, status.IsUniqueIndex);
         }
 
         return builder;
     }
 
-    private static void AddShadowProperty(IMutableProperty property)
+    private static void AddShadowProperty(IMutableEntityType entityType, IMutableProperty property, bool isUniqueIndex)
     {
-        var entityType = property.DeclaringType;
         var originalPropertyName = property.Name;
         var shadowPropertyName = $"{originalPropertyName}ShadowHash";
 
-        if (entityType.GetProperties().All(p => p.Name != shadowPropertyName))
-        {
-            var shadowProperty = entityType.AddProperty(shadowPropertyName, typeof(string));
-            shadowProperty.IsShadowProperty();
-            // TODO: do we need the shadow hashes to be unique indexes?
+        if (entityType.GetProperties().Any(p => p.Name == shadowPropertyName))
+            return;
+
+        var shadowProperty = entityType.AddProperty(shadowPropertyName, typeof(string));
+        shadowProperty.IsShadowProperty();
+
+        if (isUniqueIndex)
             shadowProperty.IsUniqueIndex();
-            shadowProperty.IsNullable = property.IsNullable;
-        }
+        else
+            shadowProperty.IsIndex();
+
+        shadowProperty.IsNullable = property.IsNullable;
     }
 }