Joseph Doherty
71 lines
3.6 KiB
C#
71 lines
3.6 KiB
C#
namespace ZB.MOM.WW.MxGateway.Server.Configuration;
|
|
|
|
public sealed class DashboardOptions
|
|
{
|
|
/// <summary>Gets whether the dashboard is enabled.</summary>
|
|
public bool Enabled { get; init; } = true;
|
|
|
|
/// <summary>Gets whether anonymous localhost access to dashboard is allowed.</summary>
|
|
public bool AllowAnonymousLocalhost { get; init; } = true;
|
|
|
|
/// <summary>
|
|
/// DEV/TEST ONLY. When true, the dashboard bypasses the login form entirely and
|
|
/// auto-authenticates EVERY request as <see cref="AutoLoginUser"/> holding both
|
|
/// dashboard roles (Administrator + Viewer). No cookie, no LDAP bind. Default false.
|
|
/// Unlike <see cref="AllowAnonymousLocalhost"/> (which only succeeds the authorization
|
|
/// requirement without authenticating), this mints a real principal, so the UI behaves
|
|
/// as a signed-in admin and applies to all clients (not just loopback). Never enable in
|
|
/// production. See docs/plans/2026-06-16-dashboard-disable-login-design.md.
|
|
/// </summary>
|
|
public bool DisableLogin { get; init; }
|
|
|
|
/// <summary>
|
|
/// Username minted for the auto-login principal when <see cref="DisableLogin"/> is true.
|
|
/// Null/blank falls back to the GLAuth Administrator test user <c>multi-role</c>.
|
|
/// </summary>
|
|
public string? AutoLoginUser { get; init; }
|
|
|
|
/// <summary>
|
|
/// When true (default), the dashboard auth cookie is restricted to HTTPS
|
|
/// requests via <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.Always"/>.
|
|
/// Set to false for plain-HTTP dev deployments — the cookie then uses
|
|
/// <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest"/>,
|
|
/// which still marks it Secure on any HTTPS request but allows it to
|
|
/// round-trip over HTTP. Browsers silently drop Secure cookies set over
|
|
/// plain HTTP from non-localhost hosts, so leaving this true breaks
|
|
/// dashboard login from a remote browser unless the dashboard is served
|
|
/// over HTTPS.
|
|
/// </summary>
|
|
public bool RequireHttpsCookie { get; init; } = true;
|
|
|
|
/// <summary>
|
|
/// Dashboard auth cookie name. When null/blank (the default) the canonical
|
|
/// <see cref="ZB.MOM.WW.MxGateway.Server.Dashboard.DashboardAuthenticationDefaults.CookieName"/>
|
|
/// is used. Override it (<c>MxGateway:Dashboard:CookieName</c>) to give a distinct name to a
|
|
/// gateway that shares a hostname with another gateway instance — browser cookies are scoped
|
|
/// by host+path but NOT by port, so two instances on the same host would otherwise clobber
|
|
/// each other's dashboard session under a shared cookie name. Changing this signs out
|
|
/// existing dashboard sessions on next deploy.
|
|
/// </summary>
|
|
public string? CookieName { get; init; }
|
|
|
|
/// <summary>Gets the dashboard snapshot update interval in milliseconds.</summary>
|
|
public int SnapshotIntervalMilliseconds { get; init; } = 1_000;
|
|
|
|
/// <summary>Gets the maximum number of recent faults to display.</summary>
|
|
public int RecentFaultLimit { get; init; } = 100;
|
|
|
|
/// <summary>Gets the maximum number of recent sessions to display.</summary>
|
|
public int RecentSessionLimit { get; init; } = 200;
|
|
|
|
/// <summary>Gets whether to show full tag values in the dashboard.</summary>
|
|
public bool ShowTagValues { get; init; }
|
|
|
|
/// <summary>
|
|
/// LDAP group → dashboard role mapping. Values must be one of
|
|
/// <see cref="DashboardRoles.Admin"/> or <see cref="DashboardRoles.Viewer"/>.
|
|
/// Users with no matching group are rejected at login.
|
|
/// </summary>
|
|
public Dictionary<string, string> GroupToRole { get; init; } = new(StringComparer.OrdinalIgnoreCase);
|
|
}
|