Velox Web2 Repository TODO
Static review performed on 2026-07-05.
Scope:
- Reviewed the .NET Aspire host, Blazor web project, API service, EF Core contexts, dynamic endpoint mapping, service defaults, and proxy/auth services.
- Did not modify application code.
- Did not run the solution or execute tests.
- Stability focus was on startup behavior, dynamic database-driven routes, proxy forwarding, auth failure handling, logging, and deployment assumptions.
High Risk
API service startup depends on database rows and can fail hard
File:
Velox.ApiService\Program.cs
Evidence:
- Startup reads setup data from
VxSetupusing.First(). - Startup then reads API/action configuration from the database and maps endpoints before
app.Run(). - URL segments and REST endpoint paths are derived from database values.
Risk:
- Missing setup rows can crash startup.
- Empty, invalid, duplicated, or conflicting route data can prevent the API service from starting or can map unexpected endpoints.
- A bad database configuration can become a full API outage.
Suggested direction:
- Validate setup/config rows before route registration.
- Fail with clear diagnostics when required data is missing.
- Detect duplicate or empty routes and report them explicitly.
- Consider a health check that reports dynamic route configuration state.
Dynamic route values are not clearly validated or deduplicated
Files:
Velox.ApiService\Program.csVelox.ServiceDefaults\Tools\UrlHelpers.cs
Evidence:
UrlHelpers.GetLastSegmentreturns an empty string for null/whitespace values and also returns an empty string on parsing exceptions.- Route registration uses database-derived base URL and REST endpoint values.
- Dynamic endpoints are mapped once at startup.
Risk:
- Invalid URL data can collapse into an empty route segment.
- Duplicate routes can conflict at startup or route requests incorrectly.
- Changes in the database after startup are not reflected until restart.
Suggested direction:
- Make invalid URL parsing explicit instead of silently returning an empty segment.
- Add route normalization, validation, and duplicate detection.
- Log the final route map at startup.
Proxy endpoint downgrades HTTPS to HTTP
File:
Velox.ApiService\Endpoints\VeloxAPI.cs
Evidence:
- The proxy derives a base URL using
veloxApiServiceEndpoint.Replace("https", "http"). - The comment indicates this is temporary.
Risk:
- Requests intended for TLS can be forwarded over cleartext HTTP.
- In production, this can expose integration payloads, bearer tokens, user identifiers, and session data.
- String replacement can also alter unexpected parts of a URL.
Suggested direction:
- Remove protocol rewriting before production use.
- Validate the configured upstream URI with
Uri. - Make TLS requirements explicit in configuration.
Medium Risk
Proxy/auth exceptions can leak implementation details or return incorrect status codes
Files:
Velox.ApiService\Endpoints\VeloxAPI.csVelox.ApiService\Service\UserService.cs
Evidence:
UserService.AuthBearerthrows generalExceptionvalues for authentication failures.- The proxy writes upstream exception messages into the HTTP response.
- The
successvalue returned fromAuthBeareris not visibly used after authentication.
Risk:
- Authentication failures can become 500 errors instead of 401/403 responses.
- Exception messages can expose implementation details to callers.
- Future changes may assume the returned
successflag is meaningful even though exceptions currently drive failure behavior.
Suggested direction:
- Use typed auth results or typed exceptions.
- Translate auth failures into explicit HTTP status codes.
- Avoid returning raw exception messages to API clients.
Proxy forwards sensitive or questionable headers
File:
Velox.ApiService\Endpoints\VeloxAPI.cs
Evidence:
- The allowed header list includes values such as
Cookie,Host, andReferer. - The proxy injects
X-UserNumandForwardedheaders.
Risk:
- Forwarding
Hostor cookies can confuse upstream routing or auth behavior. - Injected identity headers must be trusted only when the upstream service is not directly reachable by untrusted clients.
RemoteIpAddressmay be null in some hosting/test contexts.
Suggested direction:
- Define a strict proxy header policy.
- Avoid forwarding client cookies unless required.
- Ensure upstream services reject spoofed identity headers from untrusted network paths.
Sensitive EF Core logging is enabled unconditionally
File:
Velox.ApiService\Program.cs
Evidence:
- Both
VxConfigContextandVxDataContextare configured withEnableSensitiveDataLogging().
Risk:
- SQL parameters and customer/integration data can appear in logs.
- Production log retention can turn this into a data exposure issue.
Suggested direction:
- Gate sensitive data logging behind development configuration.
- Confirm whether Aspire logging/exporters capture these values.
API configuration is snapshotted at startup
File:
Velox.ApiService\Program.cs
Evidence:
- API/action rows are loaded into lists before route mapping.
- Routes are registered before the application starts serving requests.
Risk:
- Changing Velox API configuration in the database requires a service restart.
- Operators may believe a database change is live when it is not.
Suggested direction:
- Document restart requirements.
- Consider a route reload mechanism only if runtime changes are required.
- Add a startup log containing the loaded API route count.
API service has limited defensive checks around upstream configuration
Files:
Velox.ApiService\Program.csVelox.ApiService\Endpoints\VeloxAPI.cs
Evidence:
- The upstream Velox API service address comes from setup/config data.
- Proxy URL construction assumes the configured address is valid enough to transform.
Risk:
- Null, malformed, or unreachable upstream URLs can fail startup or produce noisy runtime errors.
- Misconfiguration can look like a code defect unless diagnostics are clear.
Suggested direction:
- Validate configured upstream URI at startup.
- Add health checks for upstream reachability.
- Make configuration errors distinct from request forwarding errors.
Low Risk
Blazor web project appears template-like
Folder:
Velox.Web
Evidence:
- The web front end is small compared with the API service.
- Static review found limited domain behavior in the Blazor project.
Risk:
- If this is a future front end, current scaffold code may create search noise.
- If it is already published, domain behavior may be incomplete.
Suggested direction:
- Document whether this project is experimental, internal, or intended for customer use.
Large generated EF Core context files are maintenance-heavy
Files:
Velox.ApiService\DBContext\VxDataContext.csVelox.ApiService\DBContext\VxConfigContext.cs
Evidence:
- The contexts map large Velox databases.
Risk:
- Schema drift between
velox-data, Delphi services, and web2 can cause runtime failures.
Suggested direction:
- Keep EF model updates tied to database schema changes.
- Add startup model validation or integration checks where possible.
Duplicate Code Areas
- EF Core context/model mapping overlaps conceptually with
velox-web. - Service-default/Aspire plumbing is template-like and should remain aligned with active project needs.
- Dynamic route mapping branches repeat similar code for HTTP verbs.
Dead Code / Stub Areas
- The Blazor front end may be scaffold/future work; status is unclear from code alone.
- Some template/service-default code may be present because of Aspire scaffolding rather than Velox-specific needs.
Thread Safety / Concurrency Concerns
- No obvious static mutable shared state was identified in the .NET services.
- Scoped EF Core contexts and
IHttpClientFactoryare appropriate patterns. - The main concurrency risk is operational: dynamic API route configuration is fixed at startup while the database can be changed independently.
- Proxy streaming should be reviewed for request cancellation, large body behavior, and upstream timeout policy before production load.
32-bit / 64-bit Concerns
- No direct pointer-size issue was identified in the .NET code.
- Deployment is likely
Any CPU, but it depends on the upstream Delphi VeloxAPIService and database drivers being correctly installed. - If the API service is hosted beside 32-bit Velox components, document expected process architecture and native dependency requirements.
Performance Concerns
- Startup queries and route generation run before the API starts serving traffic.
- Proxy forwarding creates an extra hop for every dynamic endpoint request.
- Large request/response bodies should be tested through the proxy for streaming behavior and memory pressure.
- Route conflicts or a very large number of mapped endpoints can increase startup time and troubleshooting complexity.
Areas Difficult to Maintain
- Database-driven endpoint registration.
- Proxy/auth behavior that bridges web2 to the Delphi VeloxAPIService.
- Large generated EF contexts.
- Aspire/template code mixed with product-specific API behavior.
Open Questions
- Is
velox-web2intended to replace, merge with, or run besidevelox-web? - Should dynamic API route changes require restart, or should they reload at runtime?
- Is HTTPS-to-HTTP rewriting only for local development?
- Which headers must be forwarded to VeloxAPIService, and which should be stripped?
- What authentication contract should callers receive for expired, invalid, or missing bearer tokens?