93 lines
3.5 KiB
C#
93 lines
3.5 KiB
C#
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Serilog;
|
|
using ZB.MOM.WW.OtOpcUa.Admin.Components;
|
|
using ZB.MOM.WW.OtOpcUa.Admin.Hubs;
|
|
using ZB.MOM.WW.OtOpcUa.Admin.Security;
|
|
using ZB.MOM.WW.OtOpcUa.Admin.Services;
|
|
using ZB.MOM.WW.OtOpcUa.Configuration;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Host.UseSerilog((ctx, cfg) => cfg
|
|
.MinimumLevel.Information()
|
|
.WriteTo.Console()
|
|
.WriteTo.File("logs/otopcua-admin-.log", rollingInterval: RollingInterval.Day));
|
|
|
|
builder.Services.AddRazorComponents().AddInteractiveServerComponents();
|
|
builder.Services.AddHttpContextAccessor();
|
|
builder.Services.AddSignalR();
|
|
|
|
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(o =>
|
|
{
|
|
o.Cookie.Name = "OtOpcUa.Admin";
|
|
o.LoginPath = "/login";
|
|
o.ExpireTimeSpan = TimeSpan.FromHours(8);
|
|
});
|
|
|
|
builder.Services.AddAuthorizationBuilder()
|
|
.AddPolicy("CanEdit", p => p.RequireRole(AdminRoles.ConfigEditor, AdminRoles.FleetAdmin))
|
|
.AddPolicy("CanPublish", p => p.RequireRole(AdminRoles.FleetAdmin));
|
|
|
|
builder.Services.AddCascadingAuthenticationState();
|
|
|
|
builder.Services.AddDbContext<OtOpcUaConfigDbContext>(opt =>
|
|
opt.UseSqlServer(builder.Configuration.GetConnectionString("ConfigDb")
|
|
?? throw new InvalidOperationException("ConnectionStrings:ConfigDb not configured")));
|
|
|
|
builder.Services.AddScoped<ClusterService>();
|
|
builder.Services.AddScoped<GenerationService>();
|
|
builder.Services.AddScoped<EquipmentService>();
|
|
builder.Services.AddScoped<UnsService>();
|
|
builder.Services.AddScoped<NamespaceService>();
|
|
builder.Services.AddScoped<DriverInstanceService>();
|
|
builder.Services.AddScoped<NodeAclService>();
|
|
builder.Services.AddScoped<ReservationService>();
|
|
builder.Services.AddScoped<DraftValidationService>();
|
|
builder.Services.AddScoped<AuditLogService>();
|
|
builder.Services.AddScoped<HostStatusService>();
|
|
builder.Services.AddScoped<ClusterNodeService>();
|
|
builder.Services.AddSingleton<RedundancyMetrics>();
|
|
builder.Services.AddScoped<EquipmentImportBatchService>();
|
|
builder.Services.AddScoped<ZB.MOM.WW.OtOpcUa.Configuration.Services.ILdapGroupRoleMappingService,
|
|
ZB.MOM.WW.OtOpcUa.Configuration.Services.LdapGroupRoleMappingService>();
|
|
|
|
// Cert-trust management — reads the OPC UA server's PKI store root so rejected client certs
|
|
// can be promoted to trusted via the Admin UI. Singleton: no per-request state, just
|
|
// filesystem operations.
|
|
builder.Services.Configure<CertTrustOptions>(builder.Configuration.GetSection(CertTrustOptions.SectionName));
|
|
builder.Services.AddSingleton<CertTrustService>();
|
|
|
|
// LDAP auth — parity with ScadaLink's LdapAuthService (decision #102).
|
|
builder.Services.Configure<LdapOptions>(
|
|
builder.Configuration.GetSection("Authentication:Ldap"));
|
|
builder.Services.AddScoped<ILdapAuthService, LdapAuthService>();
|
|
|
|
// SignalR real-time fleet status + alerts (admin-ui.md §"Real-Time Updates").
|
|
builder.Services.AddHostedService<FleetStatusPoller>();
|
|
|
|
var app = builder.Build();
|
|
|
|
app.UseSerilogRequestLogging();
|
|
app.UseStaticFiles();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
app.UseAntiforgery();
|
|
|
|
app.MapPost("/auth/logout", async (HttpContext ctx) =>
|
|
{
|
|
await ctx.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
ctx.Response.Redirect("/");
|
|
});
|
|
|
|
app.MapHub<FleetStatusHub>("/hubs/fleet");
|
|
app.MapHub<AlertHub>("/hubs/alerts");
|
|
|
|
app.MapRazorComponents<App>().AddInteractiveServerRenderMode();
|
|
|
|
await app.RunAsync();
|
|
|
|
public partial class Program;
|