feat(centralui): Verify-endpoint button + result/cert panel (T17)
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,86 @@
|
||||
using Microsoft.AspNetCore.Components.Authorization;
|
||||
using ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
|
||||
using ZB.MOM.WW.ScadaBridge.Commons.Serialization;
|
||||
using ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections;
|
||||
using ZB.MOM.WW.ScadaBridge.Communication;
|
||||
using ZB.MOM.WW.ScadaBridge.Security;
|
||||
|
||||
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Services;
|
||||
|
||||
/// <summary>
|
||||
/// Default <see cref="IEndpointVerificationService"/> implementation — a thin facade
|
||||
/// over <see cref="CommunicationService.VerifyEndpointAsync"/> that enforces the
|
||||
/// CentralUI-side <c>Design</c>-role trust boundary, serializes the endpoint config,
|
||||
/// and translates transport exceptions into a typed
|
||||
/// <see cref="VerifyEndpointResult"/>.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Site-side actors (<c>SiteCommunicationActor</c> + <c>DataConnectionManagerActor</c>)
|
||||
/// do not unwrap the central trust envelope, so the role check MUST run here — never
|
||||
/// on the site (mirrors <see cref="BrowseService"/>). Transport failures collapse into
|
||||
/// a <see cref="VerifyFailureKind.Timeout"/> or <see cref="VerifyFailureKind.ServerError"/>
|
||||
/// result so the editor can show an inline outcome rather than throwing.
|
||||
/// </remarks>
|
||||
public sealed class EndpointVerificationService : IEndpointVerificationService
|
||||
{
|
||||
private readonly CommunicationService _communication;
|
||||
private readonly AuthenticationStateProvider _auth;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="EndpointVerificationService"/>.
|
||||
/// </summary>
|
||||
/// <param name="communication">Central-side cluster communication service.</param>
|
||||
/// <param name="auth">Authentication state provider used for the Design-role guard.</param>
|
||||
public EndpointVerificationService(CommunicationService communication, AuthenticationStateProvider auth)
|
||||
{
|
||||
_communication = communication ?? throw new ArgumentNullException(nameof(communication));
|
||||
_auth = auth ?? throw new ArgumentNullException(nameof(auth));
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public async Task<VerifyEndpointResult> VerifyAsync(
|
||||
string siteIdentifier,
|
||||
string connectionName,
|
||||
string protocol,
|
||||
OpcUaEndpointConfig config,
|
||||
CancellationToken cancellationToken = default)
|
||||
{
|
||||
// CentralUI-side role guard — sites don't enforce envelope-level roles, so the
|
||||
// Designer check must happen here before any cross-cluster traffic.
|
||||
var state = await _auth.GetAuthenticationStateAsync();
|
||||
if (!state.User.HasClaim(JwtTokenService.RoleClaimType, Roles.Designer))
|
||||
{
|
||||
return new VerifyEndpointResult(
|
||||
false, VerifyFailureKind.ServerError, "Not authorized.", null);
|
||||
}
|
||||
|
||||
var configJson = OpcUaEndpointConfigSerializer.Serialize(config);
|
||||
var command = new VerifyEndpointCommand(connectionName, protocol, configJson);
|
||||
|
||||
try
|
||||
{
|
||||
return await _communication.VerifyEndpointAsync(siteIdentifier, command, cancellationToken);
|
||||
}
|
||||
catch (TimeoutException ex)
|
||||
{
|
||||
// Akka Ask timed out — the site (or its OPC UA connect probe) didn't answer
|
||||
// within CommunicationOptions.QueryTimeout. Surface as a typed Timeout
|
||||
// failure so the editor can render the outcome inline.
|
||||
return new VerifyEndpointResult(
|
||||
false, VerifyFailureKind.Timeout, ex.Message, null);
|
||||
}
|
||||
catch (OperationCanceledException)
|
||||
{
|
||||
// Caller-initiated cancel — propagate so Blazor can drop the response
|
||||
// cleanly. Distinct from Timeout (which the editor renders inline).
|
||||
throw;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
// Any other transport / serialization failure: keep the editor alive and
|
||||
// show the failure inline rather than crashing the form.
|
||||
return new VerifyEndpointResult(
|
||||
false, VerifyFailureKind.ServerError, ex.Message, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
using ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
|
||||
using ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections;
|
||||
|
||||
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Services;
|
||||
|
||||
/// <summary>
|
||||
/// CentralUI facade over the central-to-site verify-endpoint command. Backs the
|
||||
/// "Verify endpoint" button on the OPC UA endpoint editor: it serializes the
|
||||
/// in-progress endpoint config and forwards a <see cref="VerifyEndpointCommand"/>
|
||||
/// to the owning site via
|
||||
/// <see cref="ZB.MOM.WW.ScadaBridge.Communication.CommunicationService"/>, which
|
||||
/// runs a read-only connect probe and reports back a typed
|
||||
/// <see cref="VerifyEndpointResult"/>.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// The service is the trust boundary for the verify capability: it enforces the
|
||||
/// <c>Design</c> role at central before any cross-cluster traffic is generated,
|
||||
/// because site-side actors do not unwrap the central trust envelope (mirrors
|
||||
/// <see cref="IBrowseService"/>). Transport failures (timeouts, unreachable sites)
|
||||
/// are translated into a typed <see cref="VerifyEndpointResult"/> so the editor can
|
||||
/// render an inline outcome rather than throwing.
|
||||
/// </remarks>
|
||||
public interface IEndpointVerificationService
|
||||
{
|
||||
/// <summary>
|
||||
/// Runs a read-only verification probe of <paramref name="config"/> against the
|
||||
/// live server at <paramref name="siteIdentifier"/>. The probe connects, captures
|
||||
/// the server certificate if it is untrusted, then disconnects — it never persists
|
||||
/// the config and never trusts the certificate (cert trust is a later action).
|
||||
/// </summary>
|
||||
/// <param name="siteIdentifier">The target site identifier (the machine-readable <c>SiteIdentifier</c> used in Akka addresses, NOT the numeric primary key).</param>
|
||||
/// <param name="connectionName">Name of the data connection being verified (for logging/correlation).</param>
|
||||
/// <param name="protocol">Protocol type string (e.g. <c>"OpcUa"</c>); matched case-insensitively at the site.</param>
|
||||
/// <param name="config">The endpoint configuration to verify; serialized to JSON before being sent to the site.</param>
|
||||
/// <param name="cancellationToken">Cancellation token.</param>
|
||||
/// <returns>A task that resolves to a <see cref="VerifyEndpointResult"/> — success, or a classified failure (with a captured certificate when the failure is <see cref="VerifyFailureKind.UntrustedCertificate"/>).</returns>
|
||||
Task<VerifyEndpointResult> VerifyAsync(
|
||||
string siteIdentifier,
|
||||
string connectionName,
|
||||
string protocol,
|
||||
OpcUaEndpointConfig config,
|
||||
CancellationToken cancellationToken = default);
|
||||
}
|
||||
Reference in New Issue
Block a user