refactor: rename ScadaLink → ZB.MOM.WW.ScadaBridge (code + projects + namespaces)

Solution + 23 src projects + 26 test projects renamed; folders, csproj,
namespaces, and ScadaLinkDbContext/ScadaBridgeDbContext class updated.
ActorSystem "scadalink" → "scadabridge", Akka seed-node URLs migrated.
SQL roles/logins, LDAP domains, CLI command name, and CLI config dir
(~/.scadalink → ~/.scadabridge) also renamed.

Build green; 5 Host.Tests fail awaiting SQL login rename in next commit.
Pre-existing StaleTagMonitor timing flakes unchanged.

Rename script committed at tools/rename-to-scadabridge.sh.

src/ZB.MOM.WW.ScadaBridge.CentralUI/Auth/AuthEndpoints.cs

@@ -0,0 +1,186 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.Extensions.DependencyInjection;
+using ZB.MOM.WW.ScadaBridge.Security;
+
+namespace ZB.MOM.WW.ScadaBridge.CentralUI.Auth;
+
+/// <summary>
+/// Minimal API endpoints for login/logout. These run outside Blazor Server (standard HTTP POST).
+/// On success, signs in via ASP.NET Core cookie authentication and redirects to dashboard.
+/// </summary>
+public static class AuthEndpoints
+{
+    /// <summary>Registers the <c>/auth/login</c>, <c>/auth/logout</c>, and <c>/auth/ping</c> endpoints on the given route builder.</summary>
+    /// <param name="endpoints">The route builder to add the endpoints to.</param>
+    public static IEndpointRouteBuilder MapAuthEndpoints(this IEndpointRouteBuilder endpoints)
+    {
+        endpoints.MapPost("/auth/login", async (HttpContext context) =>
+        {
+            var form = await context.Request.ReadFormAsync();
+            var username = form["username"].ToString();
+            var password = form["password"].ToString();
+
+            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
+            {
+                context.Response.Redirect("/login?error=Username+and+password+are+required.");
+                return;
+            }
+
+            var ldapAuth = context.RequestServices.GetRequiredService<LdapAuthService>();
+            var jwtService = context.RequestServices.GetRequiredService<JwtTokenService>();
+            var roleMapper = context.RequestServices.GetRequiredService<RoleMapper>();
+
+            var authResult = await ldapAuth.AuthenticateAsync(username, password);
+            if (!authResult.Success)
+            {
+                var errorMsg = Uri.EscapeDataString(authResult.ErrorMessage ?? "Authentication failed.");
+                context.Response.Redirect($"/login?error={errorMsg}");
+                return;
+            }
+
+            // Map LDAP groups to roles
+            var roleMappingResult = await roleMapper.MapGroupsToRolesAsync(authResult.Groups ?? []);
+
+            // Build claims from LDAP auth + role mapping.
+            // CentralUI-005: no fixed "expires_at" absolute-cap claim is stamped
+            // — session expiry is owned by the cookie middleware's sliding window
+            // (ZB.MOM.WW.ScadaBridge.Security AddCookie: ExpireTimeSpan = idle timeout,
+            // SlidingExpiration = true). A frozen absolute claim would contradict
+            // the documented sliding-refresh policy.
+            var claims = new List<Claim>
+            {
+                new(ClaimTypes.Name, authResult.Username ?? username),
+                new(JwtTokenService.DisplayNameClaimType, authResult.DisplayName ?? username),
+                new(JwtTokenService.UsernameClaimType, authResult.Username ?? username),
+            };
+
+            foreach (var role in roleMappingResult.Roles)
+            {
+                claims.Add(new Claim(JwtTokenService.RoleClaimType, role));
+            }
+
+            if (!roleMappingResult.IsSystemWideDeployment)
+            {
+                foreach (var siteId in roleMappingResult.PermittedSiteIds)
+                {
+                    claims.Add(new Claim(JwtTokenService.SiteIdClaimType, siteId));
+                }
+            }
+
+            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+            var principal = new ClaimsPrincipal(identity);
+
+            await context.SignInAsync(
+                CookieAuthenticationDefaults.AuthenticationScheme,
+                principal,
+                BuildSignInProperties());
+
+            context.Response.Redirect("/");
+        }).DisableAntiforgery();
+
+        endpoints.MapPost("/auth/token", async (HttpContext context) =>
+        {
+            var form = await context.Request.ReadFormAsync();
+            var username = form["username"].ToString();
+            var password = form["password"].ToString();
+
+            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
+            {
+                return Results.Json(new { error = "Username and password are required." }, statusCode: 400);
+            }
+
+            var ldapAuth = context.RequestServices.GetRequiredService<LdapAuthService>();
+            var jwtService = context.RequestServices.GetRequiredService<JwtTokenService>();
+            var roleMapper = context.RequestServices.GetRequiredService<RoleMapper>();
+
+            var authResult = await ldapAuth.AuthenticateAsync(username, password);
+            if (!authResult.Success)
+            {
+                return Results.Json(
+                    new { error = authResult.ErrorMessage ?? "Authentication failed." },
+                    statusCode: 401);
+            }
+
+            var roleMappingResult = await roleMapper.MapGroupsToRolesAsync(authResult.Groups ?? []);
+
+            var token = jwtService.GenerateToken(
+                authResult.DisplayName ?? username,
+                authResult.Username ?? username,
+                roleMappingResult.Roles,
+                roleMappingResult.IsSystemWideDeployment ? null : roleMappingResult.PermittedSiteIds);
+
+            return Results.Json(new
+            {
+                access_token = token,
+                token_type = "Bearer",
+                username = authResult.Username ?? username,
+                display_name = authResult.DisplayName ?? username,
+                roles = roleMappingResult.Roles,
+            });
+        }).DisableAntiforgery();
+
+        // Logout is a state-changing authenticated action (CentralUI-017): it
+        // keeps antiforgery validation enabled so it cannot be triggered
+        // cross-site. The NavMenu sign-out form includes the antiforgery token
+        // (rendered by the <AntiforgeryToken /> component). There is deliberately
+        // no GET /logout route — a state-changing GET is itself a CSRF vector
+        // (an <img src="/logout"> would forcibly log a user out).
+        endpoints.MapPost("/auth/logout", async (HttpContext context) =>
+        {
+            await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            context.Response.Redirect("/login");
+        });
+
+        // CentralUI-020: liveness probe for the client-side idle-logout check.
+        // The Blazor circuit's CookieAuthenticationStateProvider serves a frozen
+        // constructor-time principal (CentralUI-004), so a circuit can never
+        // observe a server-side cookie expiry by polling the auth state.
+        // SessionExpiry instead polls this endpoint via fetch(): being a normal
+        // HTTP request, the cookie middleware re-validates (and slides) the
+        // cookie on every hit. It deliberately does NOT use RequireAuthorization
+        // — that would make the middleware answer a lapsed request with a 302 to
+        // /login, which fetch() follows transparently and reads as a 200 login
+        // page. Allowing anonymous access and returning 200/401 ourselves gives
+        // the client an unambiguous expiry signal.
+        endpoints.MapGet("/auth/ping", HandlePing);
+
+        return endpoints;
+    }
+
+    /// <summary>
+    /// Handler for <c>GET /auth/ping</c>. Returns <c>200</c> while the caller's
+    /// cookie session is still valid and <c>401</c> once it has lapsed
+    /// server-side. See CentralUI-020.
+    /// </summary>
+    /// <param name="context">The current HTTP context used to check authentication state and write the response.</param>
+    public static Task HandlePing(HttpContext context)
+    {
+        context.Response.StatusCode = context.User.Identity?.IsAuthenticated == true
+            ? StatusCodes.Status200OK
+            : StatusCodes.Status401Unauthorized;
+        return Task.CompletedTask;
+    }
+
+    /// <summary>
+    /// Builds the <see cref="AuthenticationProperties"/> for the login sign-in.
+    /// CentralUI-005: deliberately does <b>not</b> set <see cref="AuthenticationProperties.ExpiresUtc"/>.
+    /// Session expiry is owned by the cookie authentication middleware's sliding
+    /// window (configured in <c>ZB.MOM.WW.ScadaBridge.Security</c>'s <c>AddCookie</c>:
+    /// <c>ExpireTimeSpan</c> = the idle timeout, <c>SlidingExpiration = true</c>).
+    /// Setting a fixed <c>ExpiresUtc</c> here would re-impose a hard absolute cap
+    /// that overrides the sliding window and contradicts the documented
+    /// "sliding refresh, 30-minute idle timeout" policy. <see cref="AuthenticationProperties.IsPersistent"/>
+    /// is true so the cookie survives a browser restart within the idle window;
+    /// <see cref="AuthenticationProperties.AllowRefresh"/> is left unset (null)
+    /// so the middleware is free to slide the expiry on activity.
+    /// </summary>
+    public static AuthenticationProperties BuildSignInProperties() => new()
+    {
+        IsPersistent = true
+    };
+}