diff --git a/DeepDrftCli/Program.cs b/DeepDrftCli/Program.cs index a265998..1f086c4 100644 --- a/DeepDrftCli/Program.cs +++ b/DeepDrftCli/Program.cs @@ -9,11 +9,15 @@ using DeepDrftContent.Services.FileDatabase.Services; using DeepDrftContent.Services.Processors; using DeepDrftCli.Services; using DeepDrftCli.Models; +using NetBlocks.Utilities.Environment; var builder = Host.CreateApplicationBuilder(args); // Load configuration from environment/config.json -builder.Configuration.AddJsonFile($"{AppDomain.CurrentDomain.BaseDirectory}environment/connections.json", optional: false, reloadOnChange: true); +var connectionsPath = CredentialTools.ResolvePathOrThrow( + "connections", + Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "environment", "connections.json")); +builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false); var cliSettings = builder.Configuration.GetSection(nameof(CliSettings)).Get(); if (cliSettings is null) { throw new Exception("CLI settings are not configured"); } diff --git a/DeepDrftContent/Program.cs b/DeepDrftContent/Program.cs index a94a828..bd3aeff 100644 --- a/DeepDrftContent/Program.cs +++ b/DeepDrftContent/Program.cs @@ -3,6 +3,7 @@ using DeepDrftContent.Services.FileDatabase.Services; using DeepDrftContent.Middleware; using DeepDrftContent.Models; using Microsoft.AspNetCore.HttpOverrides; +using NetBlocks.Utilities.Environment; var builder = WebApplication.CreateBuilder(args); @@ -31,8 +32,9 @@ builder.Services.AddCors(options => }); }); -// Load API key configuration -builder.Configuration.AddJsonFile("environment/apikey.json", optional: false, reloadOnChange: true); +// Load API key via CredentialTools (dev: environment/apikey.json; prod: CREDENTIALS_DIRECTORY/apikey) +var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json"); +builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false); var apiKeySettings = builder.Configuration.GetSection(nameof(ApiKeySettings)).Get(); if (apiKeySettings is null) { throw new Exception("API key settings are not configured"); } diff --git a/DeepDrftContent/Startup.cs b/DeepDrftContent/Startup.cs index bf462d8..25d2a50 100644 --- a/DeepDrftContent/Startup.cs +++ b/DeepDrftContent/Startup.cs @@ -6,6 +6,7 @@ using DeepDrftContent.Services.FileDatabase.Services; using DeepDrftContent.Services.Processors; using DeepDrftContent.Models; using Microsoft.Extensions.Logging; +using NetBlocks.Utilities.Environment; namespace DeepDrftContent { @@ -19,7 +20,8 @@ namespace DeepDrftContent builder.Services.AddSingleton(); // File Database - builder.Configuration.AddJsonFile("environment/filedatabase.json", optional: false, reloadOnChange: true); + var fileDatabasePath = CredentialTools.ResolvePathOrThrow("filedatabase", "environment/filedatabase.json"); + builder.Configuration.AddJsonFile(fileDatabasePath, optional: false, reloadOnChange: false); var fileDatabaseSettings = builder.Configuration.GetSection(nameof(FileDatabaseSettings)).Get(); if (fileDatabaseSettings is null) { throw new Exception("File database settings are not configured"); } diff --git a/DeepDrftWeb/Program.cs b/DeepDrftWeb/Program.cs index 1bba1df..01d0ff1 100644 --- a/DeepDrftWeb/Program.cs +++ b/DeepDrftWeb/Program.cs @@ -5,6 +5,7 @@ using DeepDrftWeb; using MudBlazor.Services; using DeepDrftWeb.Components; using Microsoft.AspNetCore.HttpOverrides; +using NetBlocks.Utilities.Environment; var builder = WebApplication.CreateBuilder(args); @@ -13,11 +14,20 @@ builder.Services.AddMudServices(); builder.Services.AddCmsServices(); -// CMS → DeepDrftContent calls require the DeepDrftContent ApiKey. Loaded from a -// gitignored environment file, same shape as DeepDrftContent/environment/apikey.json. -// Optional so the file's absence in non-CMS dev does not fail boot; missing key is -// surfaced when Startup.ConfigureDomainServices binds the CMS HttpClient. -builder.Configuration.AddJsonFile("environment/apikey.json", optional: true, reloadOnChange: true); +// Required credential files — must exist before the app will start. +// In dev: create the three files under DeepDrftWeb/environment/ (gitignored). +// In prod: systemd CREDENTIALS_DIRECTORY points to encrypted credential blobs. +// - environment/apikey.json: { "DeepDrftContent": { "ApiKey": "..." } } +// - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "...", "Auth": "..." } } +// - environment/authblocks.json: { "AuthBlocks": { "Jwt": {...}, "Email": {...}, "Admin": {...} } } +var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json"); +builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false); + +var connectionsPath = CredentialTools.ResolvePathOrThrow("connections", "environment/connections.json"); +builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false); + +var authBlocksPath = CredentialTools.ResolvePathOrThrow("authblocks", "environment/authblocks.json"); +builder.Configuration.AddJsonFile(authBlocksPath, optional: false, reloadOnChange: false); var baseUrl = builder.GetKestrelUrl(); var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] ?? throw new Exception("Content API URL is not configured"); diff --git a/DeepDrftWeb/appsettings.json b/DeepDrftWeb/appsettings.json index 6b30219..eee283a 100644 --- a/DeepDrftWeb/appsettings.json +++ b/DeepDrftWeb/appsettings.json @@ -6,15 +6,9 @@ } }, "AllowedHosts": "*", - "ConnectionStrings": { - "DefaultConnection": "Host=localhost;Port=5433;Database=postgres;Username=postgres;Password=REPLACE_IN_ENV" - }, "ApiUrls": { "ContentApi": "http://localhost:12777/" }, - "DeepDrftContent": { - "ApiKey": "REPLACE_IN_ENV" - }, "ForwardedHeaders": { "DisableHttpsRedirection": "true" }