Joseph Doherty
e57d864ab2
The dashboard auth cookie name was hardcoded to the constant DashboardAuthenticationDefaults.CookieName (MxGatewayDashboard). Browser cookies are scoped by host+path but NOT by port, so two gateway instances sharing a hostname would clobber each other's dashboard session under the shared name. Add DashboardOptions.CookieName (MxGateway:Dashboard:CookieName); null/blank keeps the canonical default. Applied in the existing dashboard cookie PostConfigure (runs after the inline AddCookie default, so it wins). Behaviour is unchanged when unset. Adds a Tests case for the override.
54 lines
2.7 KiB
C#
54 lines
2.7 KiB
C#
namespace ZB.MOM.WW.MxGateway.Server.Configuration;
|
|
|
|
public sealed class DashboardOptions
|
|
{
|
|
/// <summary>Gets whether the dashboard is enabled.</summary>
|
|
public bool Enabled { get; init; } = true;
|
|
|
|
/// <summary>Gets whether anonymous localhost access to dashboard is allowed.</summary>
|
|
public bool AllowAnonymousLocalhost { get; init; } = true;
|
|
|
|
/// <summary>
|
|
/// When true (default), the dashboard auth cookie is restricted to HTTPS
|
|
/// requests via <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.Always"/>.
|
|
/// Set to false for plain-HTTP dev deployments — the cookie then uses
|
|
/// <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest"/>,
|
|
/// which still marks it Secure on any HTTPS request but allows it to
|
|
/// round-trip over HTTP. Browsers silently drop Secure cookies set over
|
|
/// plain HTTP from non-localhost hosts, so leaving this true breaks
|
|
/// dashboard login from a remote browser unless the dashboard is served
|
|
/// over HTTPS.
|
|
/// </summary>
|
|
public bool RequireHttpsCookie { get; init; } = true;
|
|
|
|
/// <summary>
|
|
/// Dashboard auth cookie name. When null/blank (the default) the canonical
|
|
/// <see cref="ZB.MOM.WW.MxGateway.Server.Dashboard.DashboardAuthenticationDefaults.CookieName"/>
|
|
/// is used. Override it (<c>MxGateway:Dashboard:CookieName</c>) to give a distinct name to a
|
|
/// gateway that shares a hostname with another gateway instance — browser cookies are scoped
|
|
/// by host+path but NOT by port, so two instances on the same host would otherwise clobber
|
|
/// each other's dashboard session under a shared cookie name. Changing this signs out
|
|
/// existing dashboard sessions on next deploy.
|
|
/// </summary>
|
|
public string? CookieName { get; init; }
|
|
|
|
/// <summary>Gets the dashboard snapshot update interval in milliseconds.</summary>
|
|
public int SnapshotIntervalMilliseconds { get; init; } = 1_000;
|
|
|
|
/// <summary>Gets the maximum number of recent faults to display.</summary>
|
|
public int RecentFaultLimit { get; init; } = 100;
|
|
|
|
/// <summary>Gets the maximum number of recent sessions to display.</summary>
|
|
public int RecentSessionLimit { get; init; } = 200;
|
|
|
|
/// <summary>Gets whether to show full tag values in the dashboard.</summary>
|
|
public bool ShowTagValues { get; init; }
|
|
|
|
/// <summary>
|
|
/// LDAP group → dashboard role mapping. Values must be one of
|
|
/// <see cref="DashboardRoles.Admin"/> or <see cref="DashboardRoles.Viewer"/>.
|
|
/// Users with no matching group are rejected at login.
|
|
/// </summary>
|
|
public Dictionary<string, string> GroupToRole { get; init; } = new(StringComparer.OrdinalIgnoreCase);
|
|
}
|