fix: CMS image proxy + partial unique index for soft-deleted releases
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
@using DeepDrftModels.Enums
|
||||
@using Microsoft.AspNetCore.Components.Forms
|
||||
@inject IHttpClientFactory HttpClientFactory
|
||||
|
||||
<MudPaper Class="pa-6 mb-4" Elevation="2">
|
||||
<MudGrid>
|
||||
@@ -93,19 +92,11 @@
|
||||
|
||||
[Parameter] public bool Disabled { get; set; }
|
||||
|
||||
// The image endpoint (GET api/image/{entryKey}) is unauthenticated, so the browser hits
|
||||
// DeepDrftAPI directly. Base address comes from the same named client the CMS uses.
|
||||
private string? ExistingImagePreviewUrl
|
||||
{
|
||||
get
|
||||
{
|
||||
if (string.IsNullOrEmpty(ExistingImagePath)) return null;
|
||||
var baseAddress = HttpClientFactory.CreateClient("DeepDrft.Content.Cms").BaseAddress;
|
||||
return baseAddress is null
|
||||
? null
|
||||
: new Uri(baseAddress, $"api/image/{Uri.EscapeDataString(ExistingImagePath)}").ToString();
|
||||
}
|
||||
}
|
||||
// Relative path — resolves against the Manager's own origin, proxied by ImageProxyController.
|
||||
private string? ExistingImagePreviewUrl =>
|
||||
string.IsNullOrEmpty(ExistingImagePath)
|
||||
? null
|
||||
: $"/api/image/{Uri.EscapeDataString(ExistingImagePath)}";
|
||||
|
||||
private Task HandleImageFileSelected(InputFileChangeEventArgs e) =>
|
||||
SelectedImageFileChanged.InvokeAsync(e.File);
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
@using DeepDrftManager.Services
|
||||
@using DeepDrftModels.DTOs
|
||||
@inject ICmsTrackService CmsTrackService
|
||||
@inject IHttpClientFactory HttpClientFactory
|
||||
@inject IDialogService DialogService
|
||||
@inject ISnackbar Snackbar
|
||||
@inject ILogger<CmsAlbumBrowser> Logger
|
||||
@@ -126,13 +125,6 @@ else
|
||||
// back. We only re-project when the parent hands us a genuinely new list.
|
||||
private IReadOnlyList<ReleaseDto>? _projectedReleases;
|
||||
|
||||
// The cover-art endpoint (GET api/image/{entryKey}) lives on DeepDrftAPI and is unauthenticated,
|
||||
// so the browser hits it directly. Base address comes from the same named client the CMS uses.
|
||||
private Uri? _contentApiBase;
|
||||
|
||||
protected override void OnInitialized() =>
|
||||
_contentApiBase = HttpClientFactory.CreateClient("DeepDrft.Content.Cms").BaseAddress;
|
||||
|
||||
// Re-project rows only when the parent supplies a genuinely new release list (reference change).
|
||||
// Local edits to _rows (a removed row after delete) must survive re-renders triggered by the
|
||||
// same cached VM.Albums instance.
|
||||
@@ -145,10 +137,9 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
private string? ThumbUrl(string imagePath) =>
|
||||
_contentApiBase is null
|
||||
? null
|
||||
: new Uri(_contentApiBase, $"api/image/{Uri.EscapeDataString(imagePath)}").ToString();
|
||||
// Relative path — resolves against the Manager's own origin, proxied by ImageProxyController.
|
||||
private static string ThumbUrl(string imagePath) =>
|
||||
$"/api/image/{Uri.EscapeDataString(imagePath)}";
|
||||
|
||||
private async Task ToggleExpand(AlbumRow row)
|
||||
{
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
@using DeepDrftManager.Services
|
||||
@using DeepDrftModels.DTOs
|
||||
@inject ICmsTrackService CmsTrackService
|
||||
@inject IHttpClientFactory HttpClientFactory
|
||||
@inject IDialogService DialogService
|
||||
@inject ISnackbar Snackbar
|
||||
@inject ILogger<CmsTrackGrid> Logger
|
||||
@@ -133,23 +132,17 @@
|
||||
// The parent owns "Generate All Missing"; while it runs it disables this grid's per-row buttons.
|
||||
private bool _bulkRunning;
|
||||
|
||||
// The image endpoint (GET api/image/{entryKey}) lives on DeepDrftAPI and is unauthenticated, so
|
||||
// the browser hits it directly. Base address comes from the same named client the CMS uses.
|
||||
private Uri? _contentApiBase;
|
||||
|
||||
protected override async Task OnInitializedAsync()
|
||||
{
|
||||
_contentApiBase = HttpClientFactory.CreateClient("DeepDrft.Content.Cms").BaseAddress;
|
||||
await RefreshWaveformStatusAsync();
|
||||
}
|
||||
|
||||
private bool HasProfile(string entryKey) =>
|
||||
_waveformStatus.TryGetValue(entryKey, out var hasProfile) && hasProfile;
|
||||
|
||||
private string? ThumbUrl(string imagePath) =>
|
||||
_contentApiBase is null
|
||||
? null
|
||||
: new Uri(_contentApiBase, $"api/image/{Uri.EscapeDataString(imagePath)}").ToString();
|
||||
// Relative path — resolves against the Manager's own origin, proxied by ImageProxyController.
|
||||
private static string ThumbUrl(string imagePath) =>
|
||||
$"/api/image/{Uri.EscapeDataString(imagePath)}";
|
||||
|
||||
/// <summary>Number of tracks with a missing waveform profile — drives the parent's bulk button label.</summary>
|
||||
public int GetMissingCount() => _waveformStatus.Count(kv => !kv.Value);
|
||||
|
||||
@@ -5,7 +5,6 @@
|
||||
@attribute [Authorize]
|
||||
@inject ICmsTrackService CmsTrackService
|
||||
@inject CmsTrackBrowserViewModel VM
|
||||
@inject IHttpClientFactory HttpClientFactory
|
||||
@inject ISnackbar Snackbar
|
||||
@inject IDialogService DialogService
|
||||
@inject NavigationManager Nav
|
||||
@@ -160,18 +159,11 @@
|
||||
!string.IsNullOrWhiteSpace(_form.TrackName)
|
||||
&& !string.IsNullOrWhiteSpace(_form.Artist);
|
||||
|
||||
// The image endpoint (GET api/image/{entryKey}) is unauthenticated, so the browser can hit
|
||||
// DeepDrftAPI directly. Base address comes from the same named client the CMS uses for writes.
|
||||
private string? ImagePreviewUrl
|
||||
{
|
||||
get
|
||||
{
|
||||
if (string.IsNullOrEmpty(_form.ImagePath)) return null;
|
||||
var baseAddress = HttpClientFactory.CreateClient("DeepDrft.Content.Cms").BaseAddress;
|
||||
if (baseAddress is null) return null;
|
||||
return new Uri(baseAddress, $"api/image/{Uri.EscapeDataString(_form.ImagePath)}").ToString();
|
||||
}
|
||||
}
|
||||
// Relative path — resolves against the Manager's own origin, proxied by ImageProxyController.
|
||||
private string? ImagePreviewUrl =>
|
||||
string.IsNullOrEmpty(_form.ImagePath)
|
||||
? null
|
||||
: $"/api/image/{Uri.EscapeDataString(_form.ImagePath)}";
|
||||
|
||||
protected override async Task OnInitializedAsync()
|
||||
{
|
||||
|
||||
@@ -0,0 +1,63 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace DeepDrftManager.Controllers;
|
||||
|
||||
/// <summary>
|
||||
/// Proxies image API calls to DeepDrftAPI so the browser never makes cross-origin requests.
|
||||
/// The CMS host runs server-side only, so rendered image URLs must resolve against the Manager's
|
||||
/// own origin, not the internal API address. This controller forwards unauthenticated
|
||||
/// <c>api/image/{entryKey}</c> requests upstream using the "DeepDrft.Content" named client
|
||||
/// (no API key — the image endpoint is public).
|
||||
/// </summary>
|
||||
[ApiController]
|
||||
[Route("api/image")]
|
||||
public class ImageProxyController : ControllerBase
|
||||
{
|
||||
private readonly HttpClient _upstream;
|
||||
private readonly ILogger<ImageProxyController> _logger;
|
||||
|
||||
public ImageProxyController(IHttpClientFactory httpClientFactory, ILogger<ImageProxyController> logger)
|
||||
{
|
||||
_upstream = httpClientFactory.CreateClient("DeepDrft.Content");
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
/// <summary>Proxies image binary streaming by vault entry key from DeepDrftAPI.</summary>
|
||||
[HttpGet("{entryKey}")]
|
||||
public async Task<ActionResult> GetImage(string entryKey, CancellationToken ct = default)
|
||||
{
|
||||
_logger.LogInformation("Proxying image {EntryKey}", entryKey);
|
||||
|
||||
var path = $"api/image/{Uri.EscapeDataString(entryKey)}";
|
||||
|
||||
HttpResponseMessage upstream;
|
||||
try
|
||||
{
|
||||
upstream = await _upstream.GetAsync(path, HttpCompletionOption.ResponseHeadersRead, ct);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Upstream call to DeepDrftAPI image/{EntryKey} failed", entryKey);
|
||||
return StatusCode(502, "Upstream unavailable");
|
||||
}
|
||||
|
||||
if (!upstream.IsSuccessStatusCode)
|
||||
{
|
||||
upstream.Dispose();
|
||||
_logger.LogWarning("DeepDrftAPI image/{EntryKey} returned {Status}", entryKey, (int)upstream.StatusCode);
|
||||
return StatusCode((int)upstream.StatusCode);
|
||||
}
|
||||
|
||||
// Do NOT dispose upstream here — File() takes ownership of the response stream
|
||||
// and disposes it after the body is sent.
|
||||
var contentType = upstream.Content.Headers.ContentType?.ToString() ?? "application/octet-stream";
|
||||
var contentLength = upstream.Content.Headers.ContentLength;
|
||||
|
||||
if (contentLength.HasValue)
|
||||
Response.ContentLength = contentLength.Value;
|
||||
|
||||
var stream = await upstream.Content.ReadAsStreamAsync(ct);
|
||||
HttpContext.Response.RegisterForDispose(upstream);
|
||||
return File(stream, contentType, enableRangeProcessing: false);
|
||||
}
|
||||
}
|
||||
@@ -61,6 +61,11 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
|
||||
options.KnownProxies.Clear();
|
||||
});
|
||||
|
||||
// MVC controllers — required for the ImageProxyController that forwards browser image requests
|
||||
// to DeepDrftAPI so rendered URLs resolve against the Manager's own origin, not the internal
|
||||
// API address.
|
||||
builder.Services.AddControllers();
|
||||
|
||||
// InteractiveServer only — no WASM render mode on the CMS host.
|
||||
builder.Services.AddRazorComponents()
|
||||
.AddInteractiveServerComponents();
|
||||
@@ -98,6 +103,7 @@ app.UseAntiforgery();
|
||||
app.UseAuthorization();
|
||||
|
||||
app.MapStaticAssets();
|
||||
app.MapControllers();
|
||||
|
||||
// The AuthBlocks API surface (/api/auth/*, /api/users/*, etc.) now lives on DeepDrftAPI; this host
|
||||
// only renders the AuthBlocksWeb Razor pages (/account/login, /account/logout), which call that API.
|
||||
|
||||
Reference in New Issue
Block a user