dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 1 WP-11–22: Host infrastructure, Blazor Server UI, and integration tests

Browse Source 
Host infrastructure (WP-11–17):
- StartupValidator with 19 validation rules
- /health/ready endpoint with DB + Akka health checks
- Akka.NET bootstrap via AkkaHostedService (HOCON config, cluster, remoting, SBR)
- Serilog with SiteId/NodeHostname/NodeRole enrichment
- DeadLetterMonitorActor with count tracking
- CoordinatedShutdown wiring (no Environment.Exit)
- Windows Service support (UseWindowsService)

Central UI (WP-18–21):
- Blazor Server shell with Bootstrap 5, role-aware NavMenu
- Login/logout flow (LDAP auth → JWT → HTTP-only cookie)
- CookieAuthenticationStateProvider with idle timeout
- LDAP group mapping CRUD page (Admin role)
- Route guards with Authorize attributes per role
- SignalR reconnection overlay for failover

Integration tests (WP-22):
- Startup validation, auth flow, audit transactions, readiness gating
186 tests pass (1 skipped: LDAP integration), zero warnings.
This commit is contained in:
Joseph Doherty
2026-03-16 19:50:59 -04:00
parent cafb7d2006
commit d38356efdb
47 changed files with 2436 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
src/ScadaLink.CentralUI/Auth/AuthEndpoints.cs Normal file
View File

@@ -0,0 +1,78 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.DependencyInjection;
using ScadaLink.Security;
namespace ScadaLink.CentralUI.Auth;
/// <summary>
/// Minimal API endpoints for login/logout. These run outside Blazor Server (standard HTTP POST).
/// On success, sets an HTTP-only cookie containing the JWT, then redirects to dashboard.
/// </summary>
public static class AuthEndpoints
{
public static IEndpointRouteBuilder MapAuthEndpoints(this IEndpointRouteBuilder endpoints)
{
endpoints.MapPost("/auth/login", async (HttpContext context) =>
{
var form = await context.Request.ReadFormAsync();
var username = form["username"].ToString();
var password = form["password"].ToString();
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
{
context.Response.Redirect("/login?error=Username+and+password+are+required.");
return;
}
var ldapAuth = context.RequestServices.GetRequiredService<LdapAuthService>();
var jwtService = context.RequestServices.GetRequiredService<JwtTokenService>();
var roleMapper = context.RequestServices.GetRequiredService<RoleMapper>();
var authResult = await ldapAuth.AuthenticateAsync(username, password);
if (!authResult.Success)
{
var errorMsg = Uri.EscapeDataString(authResult.ErrorMessage ?? "Authentication failed.");
context.Response.Redirect($"/login?error={errorMsg}");
return;
}
// Map LDAP groups to roles
var roleMappingResult = await roleMapper.MapGroupsToRolesAsync(authResult.Groups ?? []);
var token = jwtService.GenerateToken(
authResult.DisplayName ?? username,
authResult.Username ?? username,
roleMappingResult.Roles,
roleMappingResult.IsSystemWideDeployment ? null : roleMappingResult.PermittedSiteIds);
// Set HTTP-only cookie with the JWT
context.Response.Cookies.Append(
CookieAuthenticationStateProvider.AuthCookieName,
token,
new CookieOptions
{
HttpOnly = true,
Secure = context.Request.IsHttps,
SameSite = SameSiteMode.Strict,
Path = "/",
// Cookie expiry matches JWT idle timeout (30 min default)
MaxAge = TimeSpan.FromMinutes(30)
});
context.Response.Redirect("/");
});
endpoints.MapPost("/auth/logout", (HttpContext context) =>
{
context.Response.Cookies.Delete(CookieAuthenticationStateProvider.AuthCookieName, new CookieOptions
{
Path = "/"
});
context.Response.Redirect("/login");
});
return endpoints;
}
}