Move dotnet api into new directory

2026-06-01 01:54:00 +00:00 · 2026-04-27 15:59:17 -04:00
parent e8c5b8a80c
commit 189bce040b
132 changed files with 0 additions and 0 deletions
--- a/web/backend/Infrastructure/Infrastructure.Repository/Auth/AuthRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Auth/AuthRepository.cs
@@ -0,0 +1,281 @@
+using System.Data;
+using System.Data.Common;
+using Domain.Entities;
+using Infrastructure.Repository.Sql;
+using Microsoft.Data.SqlClient;
+
+namespace Infrastructure.Repository.Auth;
+
+public class AuthRepository(ISqlConnectionFactory connectionFactory)
+    : Repository<Domain.Entities.UserAccount>(connectionFactory),
+        IAuthRepository
+{
+    public async Task<Domain.Entities.UserAccount> RegisterUserAsync(
+        string username,
+        string firstName,
+        string lastName,
+        string email,
+        DateTime dateOfBirth,
+        string passwordHash
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+
+        command.CommandText = "USP_RegisterUser";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@Username", username);
+        AddParameter(command, "@FirstName", firstName);
+        AddParameter(command, "@LastName", lastName);
+        AddParameter(command, "@Email", email);
+        AddParameter(command, "@DateOfBirth", dateOfBirth);
+        AddParameter(command, "@Hash", passwordHash);
+
+        var result = await command.ExecuteScalarAsync();
+
+        Guid userAccountId = Guid.Empty;
+        if (result != null && result != DBNull.Value)
+        {
+            if (result is Guid g)
+            {
+                userAccountId = g;
+            }
+            else if (result is string s && Guid.TryParse(s, out var parsed))
+            {
+                userAccountId = parsed;
+            }
+            else if (result is byte[] bytes && bytes.Length == 16)
+            {
+                userAccountId = new Guid(bytes);
+            }
+            else
+            {
+                // Fallback: try to convert and parse string representation
+                try
+                {
+                    var str = result.ToString();
+                    if (!string.IsNullOrEmpty(str) && Guid.TryParse(str, out var p))
+                        userAccountId = p;
+                }
+                catch
+                {
+                    userAccountId = Guid.Empty;
+                }
+            }
+        }
+
+        return await GetUserByIdAsync(userAccountId) ?? throw new Exception("Failed to retrieve newly registered user.");
+    }
+
+    public async Task<Domain.Entities.UserAccount?> GetUserByEmailAsync(
+        string email
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountByEmail";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@Email", email);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    public async Task<Domain.Entities.UserAccount?> GetUserByUsernameAsync(
+        string username
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountByUsername";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@Username", username);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    public async Task<UserCredential?> GetActiveCredentialByUserAccountIdAsync(
+        Guid userAccountId
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "USP_GetActiveUserCredentialByUserAccountId";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId", userAccountId);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToCredentialEntity(reader) : null;
+    }
+
+    public async Task RotateCredentialAsync(
+        Guid userAccountId,
+        string newPasswordHash
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "USP_RotateUserCredential";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId_", userAccountId);
+        AddParameter(command, "@Hash", newPasswordHash);
+
+        await command.ExecuteNonQueryAsync();
+    }
+
+    public async Task<Domain.Entities.UserAccount?> GetUserByIdAsync(
+        Guid userAccountId
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountById";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId", userAccountId);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    public async Task<Domain.Entities.UserAccount?> ConfirmUserAccountAsync(
+        Guid userAccountId
+    )
+    {
+        var user = await GetUserByIdAsync(userAccountId);
+        if (user == null)
+        {
+            return null;
+        }
+
+        // Idempotency: if already verified, treat as successful confirmation.
+        if (await IsUserVerifiedAsync(userAccountId))
+        {
+            return user;
+        }
+
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "USP_CreateUserVerification";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountID_", userAccountId);
+
+        try
+        {
+            await command.ExecuteNonQueryAsync();
+        }
+        catch (SqlException ex) when (IsDuplicateVerificationViolation(ex))
+        {
+            // A concurrent request verified this user first. Keep behavior idempotent.
+        }
+
+        // Fetch and return the updated user
+        return await GetUserByIdAsync(userAccountId);
+    }
+
+    public async Task<bool> IsUserVerifiedAsync(Guid userAccountId)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText =
+            "SELECT TOP 1 1 FROM dbo.UserVerification WHERE UserAccountID = @UserAccountID";
+        command.CommandType = CommandType.Text;
+
+        AddParameter(command, "@UserAccountID", userAccountId);
+
+        var result = await command.ExecuteScalarAsync();
+        return result != null && result != DBNull.Value;
+    }
+
+    private static bool IsDuplicateVerificationViolation(SqlException ex)
+    {
+        // 2601/2627 are duplicate key violations in SQL Server.
+        return ex.Number == 2601 || ex.Number == 2627;
+    }
+
+
+    /// <summary>
+    /// Maps a data reader row to a UserAccount entity.
+    /// </summary>
+    protected override Domain.Entities.UserAccount MapToEntity(
+        DbDataReader reader
+    )
+    {
+        return new Domain.Entities.UserAccount
+        {
+            UserAccountId = reader.GetGuid(reader.GetOrdinal("UserAccountId")),
+            Username = reader.GetString(reader.GetOrdinal("Username")),
+            FirstName = reader.GetString(reader.GetOrdinal("FirstName")),
+            LastName = reader.GetString(reader.GetOrdinal("LastName")),
+            Email = reader.GetString(reader.GetOrdinal("Email")),
+            CreatedAt = reader.GetDateTime(reader.GetOrdinal("CreatedAt")),
+            UpdatedAt = reader.IsDBNull(reader.GetOrdinal("UpdatedAt"))
+                ? null
+                : reader.GetDateTime(reader.GetOrdinal("UpdatedAt")),
+            DateOfBirth = reader.GetDateTime(reader.GetOrdinal("DateOfBirth")),
+            Timer = reader.IsDBNull(reader.GetOrdinal("Timer"))
+                ? null
+                : (byte[])reader["Timer"],
+        };
+    }
+
+    /// <summary>
+    /// Maps a data reader row to a UserCredential entity.
+    /// </summary>
+    private static UserCredential MapToCredentialEntity(DbDataReader reader)
+    {
+        var entity = new UserCredential
+        {
+            UserCredentialId = reader.GetGuid(
+                reader.GetOrdinal("UserCredentialId")
+            ),
+            UserAccountId = reader.GetGuid(reader.GetOrdinal("UserAccountId")),
+            Hash = reader.GetString(reader.GetOrdinal("Hash")),
+            CreatedAt = reader.GetDateTime(reader.GetOrdinal("CreatedAt")),
+        };
+
+        // Optional columns
+        var hasTimer =
+            reader
+                .GetSchemaTable()
+                ?.Rows.Cast<System.Data.DataRow>()
+                .Any(r =>
+                    string.Equals(
+                        r["ColumnName"]?.ToString(),
+                        "Timer",
+                        StringComparison.OrdinalIgnoreCase
+                    )
+                ) ?? false;
+
+        if (hasTimer)
+        {
+            entity.Timer = reader.IsDBNull(reader.GetOrdinal("Timer"))
+                ? null
+                : (byte[])reader["Timer"];
+        }
+
+        return entity;
+    }
+
+    /// <summary>
+    /// Helper method to add a parameter to a database command.
+    /// </summary>
+    private static void AddParameter(
+        DbCommand command,
+        string name,
+        object? value
+    )
+    {
+        var p = command.CreateParameter();
+        p.ParameterName = name;
+        p.Value = value ?? DBNull.Value;
+        command.Parameters.Add(p);
+    }
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Auth/IAuthRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Auth/IAuthRepository.cs
@@ -0,0 +1,85 @@
+using Domain.Entities;
+
+namespace Infrastructure.Repository.Auth;
+
+/// <summary>
+/// Repository for authentication-related database operations including user registration and credential management.
+/// </summary>
+public interface IAuthRepository
+{
+    /// <summary>
+    /// Registers a new user with account details and initial credential.
+    /// Uses stored procedure: USP_RegisterUser
+    /// </summary>
+    /// <param name="username">Unique username for the user</param>
+    /// <param name="firstName">User's first name</param>
+    /// <param name="lastName">User's last name</param>
+    /// <param name="email">User's email address</param>
+    /// <param name="dateOfBirth">User's date of birth</param>
+    /// <param name="passwordHash">Hashed password</param>
+    /// <returns>The newly created UserAccount with generated ID</returns>
+    Task<Domain.Entities.UserAccount> RegisterUserAsync(
+        string username,
+        string firstName,
+        string lastName,
+        string email,
+        DateTime dateOfBirth,
+        string passwordHash
+    );
+
+    /// <summary>
+    /// Retrieves a user account by email address (typically used for login).
+    /// Uses stored procedure: usp_GetUserAccountByEmail
+    /// </summary>
+    /// <param name="email">Email address to search for</param>
+    /// <returns>UserAccount if found, null otherwise</returns>
+    Task<Domain.Entities.UserAccount?> GetUserByEmailAsync(string email);
+
+    /// <summary>
+    /// Retrieves a user account by username (typically used for login).
+    /// Uses stored procedure: usp_GetUserAccountByUsername
+    /// </summary>
+    /// <param name="username">Username to search for</param>
+    /// <returns>UserAccount if found, null otherwise</returns>
+    Task<Domain.Entities.UserAccount?> GetUserByUsernameAsync(string username);
+
+    /// <summary>
+    /// Retrieves the active (non-revoked) credential for a user account.
+    /// Uses stored procedure: USP_GetActiveUserCredentialByUserAccountId
+    /// </summary>
+    /// <param name="userAccountId">ID of the user account</param>
+    /// <returns>Active UserCredential if found, null otherwise</returns>
+    Task<UserCredential?> GetActiveCredentialByUserAccountIdAsync(
+        Guid userAccountId
+    );
+
+    /// <summary>
+    /// Rotates a user's credential by invalidating all existing credentials and creating a new one.
+    /// Uses stored procedure: USP_RotateUserCredential
+    /// </summary>
+    /// <param name="userAccountId">ID of the user account</param>
+    /// <param name="newPasswordHash">New hashed password</param>
+    Task RotateCredentialAsync(Guid userAccountId, string newPasswordHash);
+
+    /// <summary>
+    /// Marks a user account as confirmed.
+    /// </summary>
+    /// <param name="userAccountId">ID of the user account to confirm</param>
+    /// <returns>The confirmed UserAccount entity</returns>
+    /// <exception cref="UnauthorizedException">If user account not found</exception>
+    Task<Domain.Entities.UserAccount?> ConfirmUserAccountAsync(Guid userAccountId);
+
+    /// <summary>
+    /// Retrieves a user account by ID.
+    /// </summary>
+    /// <param name="userAccountId">ID of the user account</param>
+    /// <returns>UserAccount if found, null otherwise</returns>
+    Task<Domain.Entities.UserAccount?> GetUserByIdAsync(Guid userAccountId);
+
+    /// <summary>
+    /// Checks whether a user account has been verified.
+    /// </summary>
+    /// <param name="userAccountId">ID of the user account</param>
+    /// <returns>True if the user has a verification record, false otherwise</returns>
+    Task<bool> IsUserVerifiedAsync(Guid userAccountId);
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Breweries/BreweryRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Breweries/BreweryRepository.cs
@@ -0,0 +1,147 @@
+using System.Data.Common;
+using Domain.Entities;
+using Infrastructure.Repository.Sql;
+
+namespace Infrastructure.Repository.Breweries;
+
+public class BreweryRepository(ISqlConnectionFactory connectionFactory)
+    : Repository<BreweryPost>(connectionFactory), IBreweryRepository
+{
+    private readonly ISqlConnectionFactory _connectionFactory = connectionFactory;
+
+    public async Task<BreweryPost?> GetByIdAsync(Guid id)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandType = System.Data.CommandType.StoredProcedure;
+
+        command.CommandText = "USP_GetBreweryById";
+        AddParameter(command, "@BreweryPostID", id);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        if (await reader.ReadAsync())
+        {
+            return MapToEntity(reader);
+        }
+        return null;
+    }
+
+    public Task<IEnumerable<BreweryPost>> GetAllAsync(int? limit, int? offset)
+    {
+        throw new NotImplementedException();
+    }
+
+    public Task UpdateAsync(BreweryPost brewery)
+    {
+        throw new NotImplementedException();
+    }
+
+    public Task DeleteAsync(Guid id)
+    {
+        throw new NotImplementedException();
+    }
+
+    public async Task CreateAsync(BreweryPost brewery)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+
+        command.CommandText = "USP_CreateBrewery";
+        command.CommandType = System.Data.CommandType.StoredProcedure;
+
+        if (brewery.Location is null)
+        {
+            throw new ArgumentException("Location must be provided when creating a brewery.");
+        }
+
+        AddParameter(command, "@BreweryName", brewery.BreweryName);
+        AddParameter(command, "@Description", brewery.Description);
+        AddParameter(command, "@PostedByID", brewery.PostedById);
+        AddParameter(command, "@CityID", brewery.Location?.CityId);
+        AddParameter(command, "@AddressLine1", brewery.Location?.AddressLine1);
+        AddParameter(command, "@AddressLine2", brewery.Location?.AddressLine2);
+        AddParameter(command, "@PostalCode", brewery.Location?.PostalCode);
+        AddParameter(command, "@Coordinates", brewery.Location?.Coordinates);
+        await command.ExecuteNonQueryAsync();
+
+    }
+
+    protected override BreweryPost MapToEntity(DbDataReader reader)
+    {
+        var brewery = new BreweryPost();
+
+        var ordBreweryPostId = reader.GetOrdinal("BreweryPostId");
+        var ordPostedById = reader.GetOrdinal("PostedById");
+        var ordBreweryName = reader.GetOrdinal("BreweryName");
+        var ordDescription = reader.GetOrdinal("Description");
+        var ordCreatedAt = reader.GetOrdinal("CreatedAt");
+        var ordUpdatedAt = reader.GetOrdinal("UpdatedAt");
+        var ordTimer = reader.GetOrdinal("Timer");
+
+        brewery.BreweryPostId = reader.GetGuid(ordBreweryPostId);
+        brewery.PostedById = reader.GetGuid(ordPostedById);
+        brewery.BreweryName = reader.GetString(ordBreweryName);
+        brewery.Description = reader.GetString(ordDescription);
+        brewery.CreatedAt = reader.GetDateTime(ordCreatedAt);
+
+        brewery.UpdatedAt = reader.IsDBNull(ordUpdatedAt) ? null : reader.GetDateTime(ordUpdatedAt);
+
+        // Read timer (varbinary/rowversion) robustly
+        if (reader.IsDBNull(ordTimer))
+        {
+            brewery.Timer = null;
+        }
+        else
+        {
+            try
+            {
+                brewery.Timer = reader.GetFieldValue<byte[]>(ordTimer);
+            }
+            catch
+            {
+                var length = reader.GetBytes(ordTimer, 0, null, 0, 0);
+                var buffer = new byte[length];
+                reader.GetBytes(ordTimer, 0, buffer, 0, (int)length);
+                brewery.Timer = buffer;
+            }
+        }
+
+        // Map BreweryPostLocation if columns are present
+        try
+        {
+            var ordLocationId = reader.GetOrdinal("BreweryPostLocationId");
+            if (!reader.IsDBNull(ordLocationId))
+            {
+                var location = new BreweryPostLocation
+                {
+                    BreweryPostLocationId = reader.GetGuid(ordLocationId),
+                    BreweryPostId = reader.GetGuid(reader.GetOrdinal("BreweryPostId")),
+                    CityId = reader.GetGuid(reader.GetOrdinal("CityId")),
+                    AddressLine1 = reader.GetString(reader.GetOrdinal("AddressLine1")),
+                    AddressLine2 = reader.IsDBNull(reader.GetOrdinal("AddressLine2")) ? null : reader.GetString(reader.GetOrdinal("AddressLine2")),
+                    PostalCode = reader.GetString(reader.GetOrdinal("PostalCode")),
+                    Coordinates = reader.IsDBNull(reader.GetOrdinal("Coordinates")) ? null : reader.GetFieldValue<byte[]>(reader.GetOrdinal("Coordinates"))
+                };
+                brewery.Location = location;
+            }
+        }
+        catch (IndexOutOfRangeException)
+        {
+            // Location columns not present, skip mapping location
+        }
+
+        return brewery;
+    }
+
+    private static void AddParameter(
+        DbCommand command,
+        string name,
+        object? value
+    )
+    {
+        var p = command.CreateParameter();
+        p.ParameterName = name;
+        p.Value = value ?? DBNull.Value;
+        command.Parameters.Add(p);
+    }
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Breweries/IBreweryRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Breweries/IBreweryRepository.cs
@@ -0,0 +1,12 @@
+using Domain.Entities;
+
+namespace Infrastructure.Repository.Breweries;
+
+public interface IBreweryRepository
+{
+    Task<BreweryPost?> GetByIdAsync(Guid id);
+    Task<IEnumerable<BreweryPost>> GetAllAsync(int? limit, int? offset);
+    Task UpdateAsync(BreweryPost brewery);
+    Task DeleteAsync(Guid id);
+    Task CreateAsync(BreweryPost brewery);
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Infrastructure.Repository.csproj
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Infrastructure.Repository.csproj
@@ -0,0 +1,23 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <RootNamespace>Infrastructure.Repository</RootNamespace>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="6.1.4" />
+    <PackageReference
+      Include="Microsoft.SqlServer.Types"
+      Version="160.1000.6"
+    />
+    <PackageReference Include="System.Data.SqlClient" Version="4.9.0" />
+    <PackageReference
+      Include="Microsoft.Extensions.Configuration.Abstractions"
+      Version="9.0.0"
+    />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\Domain\Domain.Entities\Domain.Entities.csproj" />
+  </ItemGroup>
+</Project>
--- a/web/backend/Infrastructure/Infrastructure.Repository/Repository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Repository.cs
@@ -0,0 +1,17 @@
+using System.Data.Common;
+using Infrastructure.Repository.Sql;
+
+namespace Infrastructure.Repository;
+
+public abstract class Repository<T>(ISqlConnectionFactory connectionFactory)
+    where T : class
+{
+    protected async Task<DbConnection> CreateConnection()
+    {
+        var connection = connectionFactory.CreateConnection();
+        await connection.OpenAsync();
+        return connection;
+    }
+
+    protected abstract T MapToEntity(DbDataReader reader);
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Sql/DefaultSqlConnectionFactory.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Sql/DefaultSqlConnectionFactory.cs
@@ -0,0 +1,49 @@
+using System.Data.Common;
+using Microsoft.Data.SqlClient;
+using Microsoft.Extensions.Configuration;
+
+namespace Infrastructure.Repository.Sql;
+
+public class DefaultSqlConnectionFactory(IConfiguration configuration)
+    : ISqlConnectionFactory
+{
+    private readonly string _connectionString = GetConnectionString(
+        configuration
+    );
+
+    private static string GetConnectionString(IConfiguration configuration)
+    {
+        // Check for full connection string first
+        var fullConnectionString = Environment.GetEnvironmentVariable(
+            "DB_CONNECTION_STRING"
+        );
+        if (!string.IsNullOrEmpty(fullConnectionString))
+        {
+            return fullConnectionString;
+        }
+
+        // Try to build from individual environment variables (preferred method for Docker)
+        try
+        {
+            return SqlConnectionStringHelper.BuildConnectionString();
+        }
+        catch (InvalidOperationException)
+        {
+            // Fall back to configuration-based connection string if env vars are not set
+            var connString = configuration.GetConnectionString("Default");
+            if (!string.IsNullOrEmpty(connString))
+            {
+                return connString;
+            }
+
+            throw new InvalidOperationException(
+                "Database connection string not configured. Set DB_CONNECTION_STRING or DB_SERVER, DB_NAME, DB_USER, DB_PASSWORD env vars or ConnectionStrings:Default."
+            );
+        }
+    }
+
+    public DbConnection CreateConnection()
+    {
+        return new SqlConnection(_connectionString);
+    }
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Sql/ISqlConnectionFactory.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Sql/ISqlConnectionFactory.cs
@@ -0,0 +1,8 @@
+using System.Data.Common;
+
+namespace Infrastructure.Repository.Sql;
+
+public interface ISqlConnectionFactory
+{
+    DbConnection CreateConnection();
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/Sql/SqlConnectionStringHelper.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/Sql/SqlConnectionStringHelper.cs
@@ -0,0 +1,61 @@
+using Microsoft.Data.SqlClient;
+
+namespace Infrastructure.Repository.Sql;
+
+public static class SqlConnectionStringHelper
+{
+    /// <summary>
+    /// Builds a SQL Server connection string from environment variables.
+    /// Expects DB_SERVER, DB_NAME, DB_USER, DB_PASSWORD, and DB_TRUST_SERVER_CERTIFICATE.
+    /// </summary>
+    /// <param name="databaseName">Optional override for the database name. If null, uses DB_NAME env var.</param>
+    /// <returns>A properly formatted SQL Server connection string.</returns>
+    public static string BuildConnectionString(string? databaseName = null)
+    {
+        var server =
+            Environment.GetEnvironmentVariable("DB_SERVER")
+            ?? throw new InvalidOperationException(
+                "DB_SERVER environment variable is not set"
+            );
+
+        var dbName =
+            databaseName
+            ?? Environment.GetEnvironmentVariable("DB_NAME")
+            ?? throw new InvalidOperationException(
+                "DB_NAME environment variable is not set"
+            );
+
+        var user =
+            Environment.GetEnvironmentVariable("DB_USER")
+            ?? throw new InvalidOperationException(
+                "DB_USER environment variable is not set"
+            );
+
+        var password =
+            Environment.GetEnvironmentVariable("DB_PASSWORD")
+            ?? throw new InvalidOperationException(
+                "DB_PASSWORD environment variable is not set"
+            );
+
+        var builder = new SqlConnectionStringBuilder
+        {
+            DataSource = server,
+            InitialCatalog = dbName,
+            UserID = user,
+            Password = password,
+            TrustServerCertificate = true,
+            Encrypt = true,
+        };
+
+        return builder.ConnectionString;
+    }
+
+    /// <summary>
+    /// Builds a connection string to the master database using environment variables.
+    /// </summary>
+    /// <returns>A connection string for the master database.</returns>
+    public static string BuildMasterConnectionString()
+    {
+        return BuildConnectionString("master");
+    }
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/UserAccount/IUserAccountRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/UserAccount/IUserAccountRepository.cs
@@ -0,0 +1,14 @@
+namespace Infrastructure.Repository.UserAccount;
+
+public interface IUserAccountRepository
+{
+    Task<Domain.Entities.UserAccount?> GetByIdAsync(Guid id);
+    Task<IEnumerable<Domain.Entities.UserAccount>> GetAllAsync(
+        int? limit,
+        int? offset
+    );
+    Task UpdateAsync(Domain.Entities.UserAccount userAccount);
+    Task DeleteAsync(Guid id);
+    Task<Domain.Entities.UserAccount?> GetByUsernameAsync(string username);
+    Task<Domain.Entities.UserAccount?> GetByEmailAsync(string email);
+}
--- a/web/backend/Infrastructure/Infrastructure.Repository/UserAccount/UserAccountRepository.cs
+++ b/web/backend/Infrastructure/Infrastructure.Repository/UserAccount/UserAccountRepository.cs
@@ -0,0 +1,142 @@
+using System.Data;
+using System.Data.Common;
+using Infrastructure.Repository.Sql;
+
+namespace Infrastructure.Repository.UserAccount;
+
+public class UserAccountRepository(ISqlConnectionFactory connectionFactory)
+    : Repository<Domain.Entities.UserAccount>(connectionFactory),
+        IUserAccountRepository
+{
+    public async Task<Domain.Entities.UserAccount?> GetByIdAsync(Guid id)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountById";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId", id);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    public async Task<IEnumerable<Domain.Entities.UserAccount>> GetAllAsync(
+        int? limit,
+        int? offset
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetAllUserAccounts";
+        command.CommandType = CommandType.StoredProcedure;
+
+        if (limit.HasValue)
+            AddParameter(command, "@Limit", limit.Value);
+
+        if (offset.HasValue)
+            AddParameter(command, "@Offset", offset.Value);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        var users = new List<Domain.Entities.UserAccount>();
+
+        while (await reader.ReadAsync())
+        {
+            users.Add(MapToEntity(reader));
+        }
+
+        return users;
+    }
+
+    public async Task UpdateAsync(Domain.Entities.UserAccount userAccount)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_UpdateUserAccount";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId", userAccount.UserAccountId);
+        AddParameter(command, "@Username", userAccount.Username);
+        AddParameter(command, "@FirstName", userAccount.FirstName);
+        AddParameter(command, "@LastName", userAccount.LastName);
+        AddParameter(command, "@Email", userAccount.Email);
+        AddParameter(command, "@DateOfBirth", userAccount.DateOfBirth);
+
+        await command.ExecuteNonQueryAsync();
+    }
+
+    public async Task DeleteAsync(Guid id)
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_DeleteUserAccount";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@UserAccountId", id);
+        await command.ExecuteNonQueryAsync();
+    }
+
+    public async Task<Domain.Entities.UserAccount?> GetByUsernameAsync(
+        string username
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountByUsername";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@Username", username);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    public async Task<Domain.Entities.UserAccount?> GetByEmailAsync(
+        string email
+    )
+    {
+        await using var connection = await CreateConnection();
+        await using var command = connection.CreateCommand();
+        command.CommandText = "usp_GetUserAccountByEmail";
+        command.CommandType = CommandType.StoredProcedure;
+
+        AddParameter(command, "@Email", email);
+
+        await using var reader = await command.ExecuteReaderAsync();
+        return await reader.ReadAsync() ? MapToEntity(reader) : null;
+    }
+
+    protected override Domain.Entities.UserAccount MapToEntity(
+        DbDataReader reader
+    )
+    {
+        return new Domain.Entities.UserAccount
+        {
+            UserAccountId = reader.GetGuid(reader.GetOrdinal("UserAccountId")),
+            Username = reader.GetString(reader.GetOrdinal("Username")),
+            FirstName = reader.GetString(reader.GetOrdinal("FirstName")),
+            LastName = reader.GetString(reader.GetOrdinal("LastName")),
+            Email = reader.GetString(reader.GetOrdinal("Email")),
+            CreatedAt = reader.GetDateTime(reader.GetOrdinal("CreatedAt")),
+            UpdatedAt = reader.IsDBNull(reader.GetOrdinal("UpdatedAt"))
+                ? null
+                : reader.GetDateTime(reader.GetOrdinal("UpdatedAt")),
+            DateOfBirth = reader.GetDateTime(reader.GetOrdinal("DateOfBirth")),
+            Timer = reader.IsDBNull(reader.GetOrdinal("Timer"))
+                ? null
+                : (byte[])reader["Timer"],
+        };
+    }
+
+    private static void AddParameter(
+        DbCommand command,
+        string name,
+        object? value
+    )
+    {
+        var p = command.CreateParameter();
+        p.ParameterName = name;
+        p.Value = value ?? DBNull.Value;
+        command.Parameters.Add(p);
+    }
+}