Skip to content

crni99/airport-automation

Airport_Automation_Logo

This project showcases a comprehensive full-stack solution, combining a robust ASP.NET Core Web API backend, an MVC web frontend, and a modern React single-page application — all seamlessly integrated to provide a highly secure, scalable, and user-friendly system.


⭐ Live Demo

Note: All services are hosted on Free Tier plans.

  • 🗄️ Database automatically enters paused mode after inactivity. On the initial request, please allow 1-2 minutes for it to wake up.
  • Redis Cloud is used for distributed caching — cache may be evicted or unavailable during inactivity. The application automatically falls back to In-Memory Cache to ensure uninterrupted availability.
  • 📊 OpenTelemetry is enabled in the live demo — telemetry data may be unavailable or delayed due to free tier limits on the observability backend.
  • 📄 PDF Export is disabled in the live demo — QuestPDF is not supported on the free Azure hosting tier. Excel export remains fully functional.
                                                                                                                                     
ApplicationPlatformLink
ASP.NET Core API Azure BadgeSwagger Badge View API Documentation 🡥
ASP.NET Web MVC Azure Badge Launch MVC Frontend 🡥
React SPA Azure Badge Launch React Frontend 🡥
React SPA Vercel Badge Launch React Frontend 🡥


🔐 Demo Credentials

Note: These demo credentials are provided for testing and demonstration purposes only.

Username Password Role Description
og og SuperAdmin Full CRUD access, data export, and role management
aa aa Admin CRUD operations + exporting data
uu uu User Read and filter data only


⚙️ Compatibility / Continuous Integration (CI) Checks

Build & Test .NET Backend Build & Test React Frontend Coverage Badge Coverage

🔍 CodeQL, ESLint, and Security Analysis 🛡️

CodeQL Analysis (.NET/C#) CodeQL Analysis (React/JS) ESLint

☁️ Deployment (CD) and Mirroring




🛫 Getting Started

🛫 Getting Started

To run the project locally:

  1. Clone the repository
git clone https://github.com/crni99/airport-automation.git
  1. Navigate to the backend API project
cd airport-automation/backend/AirportAutomationApi
  1. Configure Database Provider and Connection String
  • Open appsettings.json and choose your preferred database provider.
  • Update the DatabaseProvider value to match your choice (SqlServer, Postgres, or MySql).
  • Update the corresponding connection string with your local server details, credentials, and port.
"DatabaseProvider": "SqlServer", // <- CHANGE this to your selected provider!
"ConnectionStrings": {
  "SqlServerConnection": "Data Source=YOUR_SQL_SERVER_INSTANCE;Initial Catalog=AirportAutomation;Integrated Security=True;TrustServerCertificate=True;MultipleActiveResultSets=true;",
  "PostgresConnection": "Host=localhost;Port=5432;Username=YOUR_USER;Password=YOUR_PASSWORD;Database=AirportAutomation",
  "MySqlConnection": "Server=localhost;Port=3306;Database=AirportAutomation;Uid=YOUR_USER;Pwd=YOUR_PASSWORD;"
}
  1. Initialize the database
  • You will need to run the appropriate SQL script for your chosen provider to create and seed the database.
  • These scripts are located in Data folder.
Database Provider SQL File to Run Action
SQL Server Badge mssql.sql 🡥 Execute script against SQL Server instance.
PostgreSQL Badge npgsql.sql 🡥 Execute script against PostgreSQL server (e.g., via pgAdmin).
MySQL Badge mysql.sql 🡥 Execute script against MySQL server (e.g., via MySQL Workbench).
  1. Optional: Enable Redis Caching
  • By default, the application uses In-Memory Cache for seamless local development.
  • However, for better performance and distributed environments, you can easily switch that.
"ConnectionStrings": {
  "Redis": "[host]:[port],password=[password],ssl=True,abortConnect=False"
},
"Redis": {
  "Enabled": true
}
  1. Optional: Enable OpenTelemetry
  • By default, the application has telemetry disabled for seamless local development.
  • However, for observability in distributed environments, you can easily switch that.
"OpenTelemetry": {
  "Enabled": true,
  "Endpoint": "https://otlp-gateway-prod-eu-central-0.grafana.net/otlp",
  "Headers": "Authorization=Basic YOUR_BASE64_TOKEN",
  "ServiceName": "your-service-name",
  "ServiceVersion": "1.0.0"
}
  1. In your IDE (e.g., Visual Studio / JetBrains Rider):
  • Set AirportAutomationApi (Web API) and AirportAutomationWeb (MVC Web) as the startup projects.
  • This ensures the API and MVC frontend run together.
  • Alternatively (using CLI/VS Code): Open two separate terminal windows in the airport-automation/backend directory and run the following commands concurrently:
    • For the Web API: dotnet run --project AirportAutomationApi/AirportAutomationApi.csproj
    • For the MVC Frontend: dotnet run --project AirportAutomationWeb/AirportAutomationWeb.csproj
  1. Start the application
dotnet run

Optional: To use the React instead of the MVC frontend:

  1. Navigate to the React frontend
cd ../../react-frontend
  1. Install dependencies
npm install
  1. Start the React frontend
npm run start


🏗️ Architecture

🏗️ Architecture



📡 Backend - ASP.NET Core Web API

Modern .NET 8 Architecture

  • Built on .NET 8 (LTS) - Long-term support until November 2026
  • C# 12 features - Primary constructors, collection expressions
  • Clean Architecture Principles - Separation of concerns through dedicated layers and shared package versioning.

Database and Entity Framework Core

  • Support multiple database providers: SQL Server, PostgreSQL, and MySQL.
  • Manage database schema and migrations via Entity Framework Core for version control.
  • Abstract database operations through repository pattern in dedicated layers.
  • Configure entities, relationships, and migrations for schema management.

RESTful API Design

  • Design and implement RESTful endpoints following HTTP best practices.
  • Support standard HTTP methods (GET, POST, PUT, PATCH, DELETE) with appropriate status codes.
  • Structure endpoints with consistent naming conventions and resource hierarchies.

Input Validation and Data Integrity

  • Implement comprehensive input validation using data annotations and custom validators.
  • Validate requests at multiple layers (DTOs, model binding, business logic).
  • Return detailed validation error messages following RFC 9457 problem details standard.

RFC 9457 Problem Details for Validation Errors

  • Implement RFC 9457 standard for structured error responses.
  • Return detailed problem details including:
    • Error type and title
    • HTTP status code
    • Trace identifier for debugging
    • Specific validation errors per field
  • Provide consistent error format across all API endpoints via GlobalExceptionHandler middleware

Dependency Injection and Service Layer

  • Leverage ASP.NET Core's built-in dependency injection container.
  • Register services with appropriate lifetimes (Scoped, Transient, Singleton).
  • Implement service interfaces for loose coupling and testability.
  • Organize business logic in dedicated service layer separate from controllers.

Searching, Filtering, and Paging Resources

  • Implement advanced features such as searching, filtering, and paging to improve the API’s usability and performance.
  • Support date range filtering for Flights (startDate, endDate)
  • Support multi-field search via dedicated filter classes (see Advanced Filtering section)
  • Return paginated responses wrapped in PagedResponse with total item count

Distributed Caching with Redis

  • Implement a hybrid caching strategy using Redis for distributed environments and In-Memory Cache as a secondary fallback.
  • Smart Switch Mechanism: The system automatically detects if Redis is enabled and reachable; if not, it seamlessly falls back to local memory to ensure 100% uptime.
  • Resilient Cache Layer: If Redis becomes unavailable or runs out of memory during runtime, the system gracefully handles the failure and falls back to the database, ensuring uninterrupted API availability.
  • Use caching to optimize performance-heavy operations, such as frequently accessed lookups and search results.
  • Cache Stampede Prevention: Under high concurrency, a SemaphoreSlim lock per cache key ensures only one request hits the database on a cache miss — all other concurrent requests wait and read from cache once it's populated.

Observability with OpenTelemetry

  • Implement a unified observability stack using OpenTelemetry for distributed tracing, metrics collection, and structured log export.
  • Smart Switch Mechanism: OpenTelemetry instrumentation is conditionally enabled via configuration — if disabled, the application runs without any telemetry overhead, ensuring zero performance impact in lightweight environments.
  • Distributed Tracing: Instrument ASP.NET Core request pipeline, outbound HTTP calls, and Entity Framework Core database queries to produce end-to-end traces across service boundaries.
  • Metrics Collection: Capture runtime, HTTP, and application-level metrics using ASP.NET Core and HTTP client instrumentation for real-time performance monitoring.
  • Structured Log Export: Export enriched, formatted log entries (including scopes) via OTLP to a centralized observability backend for centralized analysis and alerting.
  • Export all telemetry signals (traces, metrics, logs) over OTLP/HTTP Protobuf to a configurable endpoint, enabling integration with backends such as Grafana, Jaeger, Tempo, or any OpenTelemetry-compatible collector.

Advanced Filtering with Filter Pattern

  • Implement dedicated filter classes for each entity type (PassengerSearchFilter, PilotSearchFilter, etc.) to enable multi-field search capabilities.
  • Create filter extension methods to encapsulate query building logic and promote reusability.
  • Support case-insensitive search across multiple fields simultaneously (e.g., search passengers by first name, last name, UPRN, passport, address, and phone).
  • Apply filter pattern to maintain clean separation between controller logic and query construction.

Exporting Data to PDF and Excel

  • Implement endpoints to export data in PDF and Excel formats for reporting and offline analysis.
  • Ensure exported documents preserve formatting and reflect applied filters or search criteria.
  • Use QuestPDF to generate high-quality, customizable PDF documents.
  • Use ClosedXML to create Excel files with structured data, formatting, and support for advanced Excel features.

Securing API and CORS Implementation

  • Enable a global CORS policy (_AllowAll) for development to facilitate frontend-backend communication.
  • Important: Configure more restrictive CORS policies for production environments:
    • Specify allowed origins (e.g., your frontend domain)
    • Define allowed HTTP methods and headers
    • Enable credentials if needed
  • Plan migration from permissive to strict CORS policies before production deployment.

Role-Based Authorization

  • Implement role-based access control with policies:
    • RequireSuperAdminRole - Full access including user management
    • RequireAdminRole - Access to create, update, patch, delete, and export operations
    • RequireUserRole - Read-only access to standard resources
  • Enable fine-grained endpoint access control based on user roles to ensure secure handling of sensitive data.

Versioning and Documenting API with Swagger

  • Manage API versions to maintain backward compatibility.
  • Document API endpoints comprehensively for developer-friendly integration.
  • Customize Swagger UI with advanced features:
    • Toggleable dark/light theme for enhanced usability
    • Custom branding with favicon and logo
    • Custom styling and behavior via injected CSS and JavaScript
    • Custom controller ordering using SwaggerControllerOrder attribute

Logging and Middleware

  • Integrate Serilog for structured, centralized logging with configuration from appsettings.json.
  • Implement custom middleware for enhanced diagnostics:
    • RequestLogContextMiddleware - Enriches logs with request context (trace IDs, user info)
    • GlobalExceptionHandler - Standardizes error responses and captures unhandled exceptions
  • Configure logging levels and outputs (console, file, external services) for different environments.

Configuration Management

  • Centralize all configurations (e.g., Serilog, rate limiting, authentication secrets, pagination settings) in appsettings.json for better maintainability and environment flexibility.

API Rate Limiting

  • Implement a rate limiter to protect API resources from abuse, mitigate DDoS attacks, and enhance overall API performance.
  • Configure request limits, time windows, and response behavior via appsettings.json
  • Rate limiter positioned early in the middleware pipeline to block excessive requests before logging or business logic is invoked

Central Package Management

  • Maintain all NuGet package versions in Directory.Packages.props at solution root.
  • Enable ManagePackageVersionsCentrally for unified version control across all projects.
  • Benefits:
    • Version consistency - All projects use identical package versions
    • Easy updates - Change version once, updates everywhere
    • Cleaner .csproj files - Package references without version attributes
    • No conflicts - Eliminates version mismatch issues

Unit Testing with xUnit

  • Write comprehensive unit tests using the xUnit framework to validate individual components in isolation.
  • Test coverage includes controllers, services, repositories, middleware, and shared BaseController logic
  • Ensure tests improve code reliability, support refactoring, and simplify debugging.

Monitoring Application Health with HealthChecks

  • Monitor the health of critical components with custom health check implementations:
    • DatabaseHealthCheck - Verifies database connectivity and accessibility
    • ApiHealthCheck - Monitors API availability and responsiveness
    • RedisHealthCheck - Conditionally enabled when Redis is configured
    • OpenTelemetryHealthCheck - Conditionally enabled when OpenTelemetry is configured
  • Configure health check endpoints to provide visibility into system status and integrate them into Swagger documentation for easy access.
  • Return detailed health status with Healthy/Degraded/Unhealthy states and custom messages.


🌐 MVC Web Frontend

HTTP Communication Layer

  • Implement HttpClientFactory with Polly resilience policies:
    • Transient fault handling with exponential backoff
    • Circuit breaker for prolonged failures
    • Request timeout enforcement
  • Centralize HttpClient configuration for consistent headers and bearer token injection.
  • Support request cancellation via CancellationToken propagation through the full call chain.

Modular API Service Layer

  • Split HTTP communication into focused, single-responsibility services: AuthHttpService, DataHttpService, SearchHttpService, ExportHttpService, and HealthHttpService.
  • Share common logic (pluralization, endpoint construction, client configuration) through an abstract BaseHttpService.
  • Create generic CRUD methods (CreateData<T>, GetData<T>, etc.) for type-safe API communication.
  • Dynamically construct endpoints with custom pluralization rules via a centralized dictionary.
  • Support advanced filtering, pagination, and data export.

View Layer

  • Handle data presentation with MVC templates and model binding.
  • Develop validated input forms with Bootstrap 5 styling.
  • Implement AJAX requests for asynchronous updates without full page reloads.
  • Centralize role constants to eliminate magic strings across views and controllers.

Client-Side Scripting and AJAX Requests

  • Leverage JavaScript, jQuery, and native fetch API to build responsive and interactive user interfaces, enabling asynchronous data fetching and partial page updates without full reloads.
  • Demonstrate proficiency in both jQuery and modern vanilla JS approaches within the same codebase.

Centralized Message Management

  • Implement Resource Files (.resx) for centralized alert and error message management.
  • Create AlertService to retrieve localized messages from resource files.
  • Use ResourceManager to access messages dynamically based on message keys.
  • Prepare foundation for future internationalization (i18n) support.

Exporting Data to PDF and Excel

  • Integrate export functionality from the API into the MVC frontend, allowing users to generate and download PDF and Excel reports directly from the web interface.
  • Reflect applied filters and search terms in exported documents, ensuring consistency between the UI and downloaded data.
  • Provide user-friendly interactions with export buttons, spinners, and error handling for a seamless reporting experience.

Ensuring Web Application Security

  • Enforce HTTPS to secure data transmission between client and server.
  • Implement Content Security Policy (CSP) middleware with environment-aware directives, restricting script, style, font, frame, and connection sources.
  • Protect all state-mutating operations against Cross-Site Request Forgery (CSRF) using [ValidateAntiForgeryToken] on POST actions, including delete operations.
  • Implement protections against Cross-Site Scripting (XSS) and control Cross-Origin Resource Sharing (CORS).
  • Secure API calls with bearer token authorization headers automatically added to all HTTP requests.
  • Integrate ASP.NET Core cookie authentication alongside session-based token storage for layered access control.
  • Apply [Authorize] at the base controller level with [AllowAnonymous] on public endpoints.

Structured Logging

  • Integrate Serilog for structured, leveled logging across the application.
  • Configure dual-sink output: console for development visibility and daily rolling log files for production error tracking.
  • Enrich log entries with CorrelationId, machine name, and thread ID for traceability.
  • Use RequestLogContextMiddleware to attach request-scoped context to all log entries.

Object Mapping

  • Use AutoMapper to decouple API entities from view models across all domain types.
  • Implement custom TypeConverters for complex type transformations.


⚛️ React Frontend

⚛️ React Frontend 🡥

User Interface Design

  • Build the frontend using functional components and React Hooks.
  • Design a responsive, mobile-friendly layout with modern styling techniques.
  • Utilize the rich set of components from Material UI (MUI) to implement a sleek, professional, and accessible user interface based on Material Design principles.
  • Implement toggleable dark/light theme with user preference persistence in localStorage.
  • Customize Material-UI theme configuration for consistent styling across the application.

State Management

  • Manage application state via Context API with multiple dedicated contexts:
    • DataContext - Centralized API URL configuration
    • ThemeContext - User theme preference (dark/light mode)
    • SidebarContext - Sidebar collapse/expand state
  • Handle asynchronous operations efficiently using the native fetch API and middleware where necessary.

Custom Hooks for Reusability

  • Implement custom hooks to abstract common data operations and promote code reuse:
    • useFetch - Generic data fetching with pagination, filtering, and error handling
    • useCreate - Unified logic for creating new entities with validation
    • useUpdate - Consistent update operations across all entities
    • useDelete - Reusable delete functionality with confirmation
    • useExport - Centralized export logic for PDF and Excel generation

Data Fetching and Integration

  • Fully integrate with the backend API to retrieve and manage data such as flights, passengers, and airport operations.
  • Dynamically render components based on API responses and user interactions.
  • Guard list pages with a hasFetched flag to prevent premature empty-state messages before the first API response is received.

Form Handling and Validation

  • Manage form inputs using custom hooks (useCreate, useUpdate) with built-in validation.
  • Provide real-time validation with user-friendly error handling and feedback via Snackbar notifications.

Comprehensive Client-Side Validation

  • Implement entity-specific validation rules with 245+ lines of validation logic.
  • Support multiple validation types:
    • Required fields, string lengths, numeric ranges, date/time formats, foreign keys
  • Validate specific business rules (e.g., UPRN 13 chars, Passport 9 chars, FlyingHours 0-40000).
  • Provide real-time error messages with centralized validation utilities.

Error Handling

  • Implement centralized error handling with CustomError class for consistent error messages.
  • Use errorUtils to differentiate between network errors, server errors, and validation errors.
  • Provide user-friendly error messages and graceful degradation for edge cases.
  • Centralize all logging through a logger utility that outputs only in development mode and is silenced in production builds, replacing scattered console.error / console warn calls across hooks, utilities, and pages.

Routing and Navigation

  • Handle navigation using React Router, including dynamic and nested routes for scalability.
  • Enable seamless page transitions without full reloads.
  • Implement three dedicated route guard components for granular access control:
    • RequireAuth - Redirects unauthenticated users to login; passes error message via React Router state instead of localStorage
    • RequireAdminRole - Restricts routes to Admin and SuperAdmin roles
    • RequireSuperAdminRole - Restricts routes to SuperAdmin role only

Exporting Data to PDF and Excel

  • Integrate the frontend with API endpoints to allow users to export data to PDF and Excel formats.
  • Allow users to apply filters or search terms before export, with generated documents reflecting those criteria.
  • Accompany export actions with UI feedback such as loading spinners and error messages for an improved user experience.
  • Provide download links directly in the UI for quick access to exported files.

Security and Authentication

  • Implement secure user login using JWT-based authentication.
  • Apply role-based access control with three granular route guard components (RequireAuth, RequireAdminRole, RequireSuperAdminRole) to restrict features based on user permissions.
  • Automatically redirect unauthenticated users to login page.
  • Store authentication tokens securely and manage token expiration.
  • Keep isLoggedIn state reactive by listening to storage events, ensuring the UI reflects login/logout changes without requiring a page reload.

Google Maps Integration

  • Integrate Google Maps embedding to display destination locations visually.
  • Implement MapEmbed component for dynamic map rendering based on address input.
  • Use iframe embedding with lazy loading for optimized performance.
  • Provide visual context for airport destinations with interactive maps.

Performance Optimization

  • Improve performance through lazy loading, code splitting, and memoization.
  • Optimize re-renders using React best practices to enhance responsiveness.

Progressive Web App (PWA) Support

  • Implement a complete web app manifest (manifest.json) including appropriate names, unique ID, theme colors (#009be5), and icons (including a maskable icon).
  • Configure service-worker.js for offline functionality and caching strategies.
  • Ensure the application meets all core PWA installability criteria (served over HTTPS, valid manifest, and service worker) to allow users to install it as a native application on their devices.


🚀 Deployment

🚀 Deployment 🡥

  • The .NET API is deployed to Azure Web App (service name airport-automation) via the automated GitHub Actions CI/CD pipeline.
  • The .NET Web MVC is deployed to Azure Web App.
  • The React Frontend is deployed to two platforms to ensure high availability and redundancy:
  • Integrate basic logging and monitoring solutions to track application health and capture errors in production environments.


🔄 Mirroring

🔄 Mirroring 🡥

  • The project is mirrored from GitHub to GitLab and Bitbucket, where custom GitHub Actions are configured to automatically trigger CI/CD pipelines on code changes.
  • This mirroring setup ensures continuous integration and deployment on both GitLab and Bitbucket by synchronizing code changes pushed to GitHub.
  • Both GitLab and Bitbucket automatically pick up the changes pushed from GitHub, triggering their respective CI/CD pipelines for seamless integration and deployment.


About

This project showcases a comprehensive full-stack solution, combining a robust ASP.NET Core Web API backend, an MVC web frontend, and a modern React single-page application — all seamlessly integrated to provide a highly secure, scalable, and user-friendly system.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Contributors