dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(centralui): Secured Writes page — operator submit + verifier queue + history (T14b)

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-18 03:34:08 -04:00
parent b08bfae329
commit 1a7e735149
7 changed files with 972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.CentralUI/Services/SecuredWriteService.cs
+184
View File
@@ -0,0 +1,184 @@
using System.Security.Claims;
using System.Text.Json;
using Akka.Actor;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.Extensions.Logging;
using ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
using ZB.MOM.WW.ScadaBridge.ManagementService;
using ZB.MOM.WW.ScadaBridge.Security;
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Services;
/// <summary>
/// Default <see cref="ISecuredWriteService"/> implementation — a thin facade that
/// dispatches the secured-write management commands to the central
/// <c>ManagementActor</c> through the in-process <see cref="ManagementActorHolder"/>
/// (the same Ask seam the HTTP <c>/management</c> endpoint uses). The actor authorizes
/// the command against the supplied <see cref="AuthenticatedUser"/>, enforces
/// separation-of-duties, runs the MxGateway device relay on approve, and writes the
/// audit row — none of that is re-implemented here.
/// </summary>
/// <remarks>
/// The current Blazor principal is projected to an <see cref="AuthenticatedUser"/> so
/// the server's role gate and no-self-approval guard run against the real identity.
/// The three management response shapes plus any transport fault collapse into a typed
/// <see cref="SecuredWriteActionResult"/> (or an empty list for queries) so the page can
/// render inline outcomes without try/catch noise.
/// </remarks>
public sealed class SecuredWriteService : ISecuredWriteService
{
/// <summary>
/// camelCase + ignore-cycles, matching <c>ManagementActor.SerializeResult</c>'s
/// options. <see cref="ManagementSuccess.JsonData"/> is produced with those settings,
/// so the deserializer must mirror them to bind every property.
/// </summary>
private static readonly JsonSerializerOptions ResultDeserializerOptions = new()
{
PropertyNameCaseInsensitive = true,
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
};
private static readonly TimeSpan AskTimeout = TimeSpan.FromSeconds(30);
private readonly ManagementActorHolder _holder;
private readonly AuthenticationStateProvider _auth;
private readonly ILogger<SecuredWriteService> _logger;
/// <summary>
/// Initializes a new instance of the <see cref="SecuredWriteService"/>.
/// </summary>
/// <param name="holder">Holder for the central <c>ManagementActor</c> reference.</param>
/// <param name="auth">Authentication state provider used to project the current principal.</param>
/// <param name="logger">Logger instance.</param>
public SecuredWriteService(
ManagementActorHolder holder,
AuthenticationStateProvider auth,
ILogger<SecuredWriteService> logger)
{
_holder = holder ?? throw new ArgumentNullException(nameof(holder));
_auth = auth ?? throw new ArgumentNullException(nameof(auth));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
/// <inheritdoc/>
public Task<SecuredWriteActionResult> SubmitAsync(
string siteId, string connectionName, string tagPath, string valueJson,
string valueType, string? comment, CancellationToken cancellationToken = default)
=> DispatchAsync(
new SubmitSecuredWriteCommand(siteId, connectionName, tagPath, valueJson, valueType, comment),
cancellationToken);
/// <inheritdoc/>
public Task<SecuredWriteActionResult> ApproveAsync(
long id, string? comment, CancellationToken cancellationToken = default)
=> DispatchAsync(new ApproveSecuredWriteCommand(id, comment), cancellationToken);
/// <inheritdoc/>
public Task<SecuredWriteActionResult> RejectAsync(
long id, string? comment, CancellationToken cancellationToken = default)
=> DispatchAsync(new RejectSecuredWriteCommand(id, comment), cancellationToken);
/// <inheritdoc/>
public async Task<IReadOnlyList<SecuredWriteDto>> ListAsync(
string? status, string? siteId, CancellationToken cancellationToken = default)
{
var response = await SendAsync(new ListSecuredWritesCommand(status, siteId), cancellationToken);
if (response is ManagementSuccess success)
{
var result = JsonSerializer.Deserialize<SecuredWriteListResult>(
success.JsonData, ResultDeserializerOptions);
return result?.Items ?? Array.Empty<SecuredWriteDto>();
}
// Read path: log + return empty so the queue/history tables render gracefully.
_logger.LogWarning(
"ListSecuredWrites failed: {Response}", DescribeFailure(response));
return Array.Empty<SecuredWriteDto>();
}
/// <summary>
/// Dispatches a single mutating command and maps the response (or any fault) to a
/// typed <see cref="SecuredWriteActionResult"/>.
/// </summary>
private async Task<SecuredWriteActionResult> DispatchAsync(
object command, CancellationToken cancellationToken)
{
var response = await SendAsync(command, cancellationToken);
switch (response)
{
case ManagementSuccess success:
var dto = JsonSerializer.Deserialize<SecuredWriteDto>(
success.JsonData, ResultDeserializerOptions);
return dto is null
? SecuredWriteActionResult.Fail("The server returned an unreadable result.")
: SecuredWriteActionResult.Ok(dto);
case ManagementUnauthorized unauthorized:
return SecuredWriteActionResult.Fail(unauthorized.Message);
case ManagementError error:
return SecuredWriteActionResult.Fail(error.Error);
default:
return SecuredWriteActionResult.Fail(DescribeFailure(response));
}
}
/// <summary>
/// Wraps <paramref name="command"/> in a <see cref="ManagementEnvelope"/> for the
/// current principal and Asks the <c>ManagementActor</c>. Transport faults (timeout,
/// actor not yet started, cancellation→propagated) become a synthetic
/// <see cref="ManagementError"/> so callers handle one response shape.
/// </summary>
private async Task<object> SendAsync(object command, CancellationToken cancellationToken)
{
var actor = _holder.ActorRef;
if (actor is null)
{
return new ManagementError(
string.Empty, "Management service is not ready.", "SERVICE_UNAVAILABLE");
}
var user = await BuildAuthenticatedUserAsync();
var envelope = new ManagementEnvelope(user, command, Guid.NewGuid().ToString("N"));
try
{
return await actor.Ask<object>(envelope, AskTimeout, cancellationToken);
}
catch (OperationCanceledException)
{
// Caller-initiated cancel (e.g. circuit teardown) — propagate cleanly.
throw;
}
catch (Exception ex)
{
_logger.LogError(ex, "ManagementActor Ask failed for {Command}", command.GetType().Name);
return new ManagementError(string.Empty, ex.Message, "TRANSPORT_ERROR");
}
}
/// <summary>
/// Projects the current Blazor <see cref="ClaimsPrincipal"/> to the
/// <see cref="AuthenticatedUser"/> the actor authorizes against — username,
/// display name, role claims, and the permitted-site scope claims (mirrors the
/// claim set the HTTP endpoint constructs).
/// </summary>
private async Task<AuthenticatedUser> BuildAuthenticatedUserAsync()
{
var state = await _auth.GetAuthenticationStateAsync();
var principal = state.User;
var username = principal.FindFirst(JwtTokenService.UsernameClaimType)?.Value ?? "unknown";
var displayName = principal.FindFirst(JwtTokenService.DisplayNameClaimType)?.Value ?? username;
var roles = principal.FindAll(JwtTokenService.RoleClaimType).Select(c => c.Value).ToArray();
var permittedSiteIds = principal.FindAll(JwtTokenService.SiteIdClaimType).Select(c => c.Value).ToArray();
return new AuthenticatedUser(username, displayName, roles, permittedSiteIds);
}
/// <summary>Renders a fallback description for an unexpected/failure response.</summary>
private static string DescribeFailure(object response) => response switch
{
ManagementUnauthorized unauthorized => unauthorized.Message,
ManagementError error => error.Error,
_ => "Unexpected response from the management service."
};
}