From 490bbbe9422eba70b482b0ee4db92d97ad05c56c Mon Sep 17 00:00:00 2001 From: Daniel Harvey Date: Tue, 19 May 2026 17:01:24 -0400 Subject: [PATCH] feat(split): strip AuthBlocks from DeepDrftWeb; move CMS controllers to DeepDrftManager Public host is now auth-free: no AuthBlocks, no DeepDrftCms ref, no stealth routing. MainLayout restored to full chrome. DeepDrft.Content/.Cms HttpClients wired on Manager. --- .../Controllers/CmsDeleteController.cs | 9 ++- .../Controllers/CmsEditController.cs | 6 +- .../Controllers/CmsUploadController.cs | 4 +- DeepDrftManager/Program.cs | 30 +++++-- DeepDrftManager/appsettings.json | 3 +- DeepDrftWeb.Client/DeepDrftWeb.Client.csproj | 1 - DeepDrftWeb.Client/Pages/Home.razor | 2 - DeepDrftWeb.Client/Pages/TracksView.razor | 2 - DeepDrftWeb.Client/Program.cs | 4 - DeepDrftWeb.Client/_Imports.razor | 1 - DeepDrftWeb/Components/Routes.razor | 12 +-- DeepDrftWeb/Components/_Imports.razor | 1 - DeepDrftWeb/DeepDrftWeb.csproj | 3 - .../Middleware/CmsStealthRoutingHandler.cs | 34 -------- DeepDrftWeb/Program.cs | 79 ++----------------- DeepDrftWeb/Services/DarkModeService.cs | 18 ++--- DeepDrftWeb/Startup.cs | 26 +----- DeepDrftWeb/apikey.example.json | 5 -- DeepDrftWeb/authblocks.example.json | 19 ----- 19 files changed, 57 insertions(+), 202 deletions(-) rename {DeepDrftWeb => DeepDrftManager}/Controllers/CmsDeleteController.cs (87%) rename {DeepDrftWeb => DeepDrftManager}/Controllers/CmsEditController.cs (93%) rename {DeepDrftWeb => DeepDrftManager}/Controllers/CmsUploadController.cs (98%) delete mode 100644 DeepDrftWeb/Middleware/CmsStealthRoutingHandler.cs delete mode 100644 DeepDrftWeb/apikey.example.json delete mode 100644 DeepDrftWeb/authblocks.example.json diff --git a/DeepDrftWeb/Controllers/CmsDeleteController.cs b/DeepDrftManager/Controllers/CmsDeleteController.cs similarity index 87% rename from DeepDrftWeb/Controllers/CmsDeleteController.cs rename to DeepDrftManager/Controllers/CmsDeleteController.cs index 269fe94..804c04d 100644 --- a/DeepDrftWeb/Controllers/CmsDeleteController.cs +++ b/DeepDrftManager/Controllers/CmsDeleteController.cs @@ -2,7 +2,7 @@ using DeepDrftData; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; -namespace DeepDrftWeb.Controllers; +namespace DeepDrftManager.Controllers; /// /// CMS delete endpoint. Owned by W3-T3 — separate controller from upload/edit to @@ -18,6 +18,11 @@ namespace DeepDrftWeb.Controllers; [Authorize(Roles = "Admin")] public class CmsDeleteController : ControllerBase { + // Named HttpClient used to call DeepDrftContent's ApiKey-protected endpoints. + // The Manager owns this name now that the CMS lives here; the client is registered + // in Program.cs alongside the public "DeepDrft.API" client. + private const string ContentCmsHttpClientName = "DeepDrft.Content.Cms"; + private readonly ITrackService _trackService; private readonly IHttpClientFactory _httpClientFactory; private readonly ILogger _logger; @@ -61,7 +66,7 @@ public class CmsDeleteController : ControllerBase // 3. Vault delete. Failure is logged as an orphan but does not fail the request: // SQL is the source of truth for the user's view; the orphan is a maintenance concern. - var client = _httpClientFactory.CreateClient(Startup.ContentCmsHttpClientName); + var client = _httpClientFactory.CreateClient(ContentCmsHttpClientName); try { var response = await client.DeleteAsync($"api/track/{Uri.EscapeDataString(entryKey)}"); diff --git a/DeepDrftWeb/Controllers/CmsEditController.cs b/DeepDrftManager/Controllers/CmsEditController.cs similarity index 93% rename from DeepDrftWeb/Controllers/CmsEditController.cs rename to DeepDrftManager/Controllers/CmsEditController.cs index 49667b0..dee7215 100644 --- a/DeepDrftWeb/Controllers/CmsEditController.cs +++ b/DeepDrftManager/Controllers/CmsEditController.cs @@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using NetBlocks.Models; -namespace DeepDrftWeb.Controllers; +namespace DeepDrftManager.Controllers; [ApiController] [Authorize(Roles = "Admin")] @@ -21,8 +21,8 @@ public class CmsEditController : ControllerBase // Metadata-only update. EntryKey is immutable in Wave 1 — audio replacement // is a separate Wave 2 operation that touches the vault. - [HttpPut("{id:int}")] - public async Task>> Update(int id, [FromBody] CmsTrackUpdateRequest request) + [HttpPut("{id:long}")] + public async Task>> Update(long id, [FromBody] CmsTrackUpdateRequest request) { var existing = await _trackService.GetById(id); if (!existing.Success) diff --git a/DeepDrftWeb/Controllers/CmsUploadController.cs b/DeepDrftManager/Controllers/CmsUploadController.cs similarity index 98% rename from DeepDrftWeb/Controllers/CmsUploadController.cs rename to DeepDrftManager/Controllers/CmsUploadController.cs index 82f327d..3cf86dd 100644 --- a/DeepDrftWeb/Controllers/CmsUploadController.cs +++ b/DeepDrftManager/Controllers/CmsUploadController.cs @@ -5,12 +5,12 @@ using DeepDrftModels.Entities; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; -namespace DeepDrftWeb.Controllers; +namespace DeepDrftManager.Controllers; /// /// CMS upload surface. Proxies a WAV + metadata multipart form to DeepDrftContent's /// POST api/track/upload, then persists the returned unpersisted TrackEntity to SQL via -/// ITrackService.Create. DeepDrftWeb intentionally does not reference DeepDrftContent.Data +/// ITrackService.Create. DeepDrftManager intentionally does not reference DeepDrftContent.Data /// (CMS-PLAN §5, Option B) — all vault access is over HTTP. /// [ApiController] diff --git a/DeepDrftManager/Program.cs b/DeepDrftManager/Program.cs index e72ab3f..145777d 100644 --- a/DeepDrftManager/Program.cs +++ b/DeepDrftManager/Program.cs @@ -81,10 +81,7 @@ builder.Services.AddAuthBlocks(options => var baseUrl = GetKestrelUrl(builder); AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl); -// Named HttpClient used by CMS pages for delete/upload calls. -// Phase 1: points at DeepDrftWeb (https://localhost:5001) where the CMS mutation controllers -// (CmsUploadController, CmsEditController, CmsDeleteController) currently live. -// When those controllers migrate to DeepDrftManager, update ApiUrls:ApiHost to this host's URL. +// Named HttpClient used by CMS pages for auth API calls (AuthBlocks surface on this host). var apiHostUrl = builder.Configuration["ApiUrls:ApiHost"] ?? throw new InvalidOperationException("ApiUrls:ApiHost is required"); builder.Services.AddHttpClient("DeepDrft.API", client => @@ -92,6 +89,25 @@ builder.Services.AddHttpClient("DeepDrft.API", client => client.BaseAddress = new Uri(apiHostUrl); }); +// Named HttpClient for unauthenticated Content API calls (e.g. CmsUploadController proxying WAV +// data to DeepDrftContent's POST api/track/upload). API key added per-request by the controller. +var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] + ?? throw new InvalidOperationException("ApiUrls:ContentApi is required"); +builder.Services.AddHttpClient("DeepDrft.Content", client => +{ + client.BaseAddress = new Uri(contentApiUrl); +}); + +// Named HttpClient for ApiKey-protected Content API calls (e.g. CmsDeleteController's vault +// delete). API key baked into the default request headers so callers need not add it manually. +var contentApiKey = builder.Configuration["DeepDrftContent:ApiKey"] + ?? throw new InvalidOperationException("DeepDrftContent:ApiKey is required"); +builder.Services.AddHttpClient("DeepDrft.Content.Cms", client => +{ + client.BaseAddress = new Uri(contentApiUrl); + client.DefaultRequestHeaders.Add("ApiKey", contentApiKey); +}); + // Reverse-proxy support (nginx in production). builder.Services.Configure(options => { @@ -103,8 +119,8 @@ builder.Services.Configure(options => options.KnownProxies.Clear(); }); -// Controllers: no-op until CMS mutation controllers migrate from DeepDrftWeb, but registered -// now so they are discovered automatically when they arrive. Matches DeepDrftWeb precedent. +// Controllers: discovers CMS mutation controllers (CmsUploadController, CmsEditController, +// CmsDeleteController) and the AuthBlocks surface. Matches DeepDrftWeb precedent. builder.Services.AddControllers(); // InteractiveServer only — no WASM render mode on the CMS host. @@ -152,7 +168,7 @@ app.MapStaticAssets(); // Razor pages (/account/login, /account/logout). app.MapAuthBlocks(); -// No-op today; picks up CMS mutation controllers when they migrate from DeepDrftWeb. +// Mounts CMS mutation controllers (CmsUploadController, CmsEditController, CmsDeleteController). app.MapControllers(); app.MapRazorComponents() diff --git a/DeepDrftManager/appsettings.json b/DeepDrftManager/appsettings.json index 3353dcd..1923106 100644 --- a/DeepDrftManager/appsettings.json +++ b/DeepDrftManager/appsettings.json @@ -7,7 +7,8 @@ }, "AllowedHosts": "*", "ApiUrls": { - "ApiHost": "https://localhost:5001" + "ApiHost": "https://localhost:5001", + "ContentApi": "https://content.deepdrft.com" }, "ForwardedHeaders": { "DisableHttpsRedirection": false diff --git a/DeepDrftWeb.Client/DeepDrftWeb.Client.csproj b/DeepDrftWeb.Client/DeepDrftWeb.Client.csproj index b11415a..390b9bf 100644 --- a/DeepDrftWeb.Client/DeepDrftWeb.Client.csproj +++ b/DeepDrftWeb.Client/DeepDrftWeb.Client.csproj @@ -15,7 +15,6 @@ - diff --git a/DeepDrftWeb.Client/Pages/Home.razor b/DeepDrftWeb.Client/Pages/Home.razor index 3311504..4c2a2b3 100644 --- a/DeepDrftWeb.Client/Pages/Home.razor +++ b/DeepDrftWeb.Client/Pages/Home.razor @@ -1,8 +1,6 @@ @page "/" @rendermode InteractiveAuto @using DeepDrftWeb.Client.Services -@using Microsoft.AspNetCore.Authorization -@attribute [AllowAnonymous] Deep DRFT - Electronic Music Collective diff --git a/DeepDrftWeb.Client/Pages/TracksView.razor b/DeepDrftWeb.Client/Pages/TracksView.razor index 5a5374d..bf79b53 100644 --- a/DeepDrftWeb.Client/Pages/TracksView.razor +++ b/DeepDrftWeb.Client/Pages/TracksView.razor @@ -1,8 +1,6 @@ @page "/tracks" @rendermode InteractiveAuto -@using Microsoft.AspNetCore.Authorization @using DeepDrftWeb.Client.Controls -@attribute [AllowAnonymous] DeepDrft Track Gallery diff --git a/DeepDrftWeb.Client/Program.cs b/DeepDrftWeb.Client/Program.cs index b8afffb..3075f84 100644 --- a/DeepDrftWeb.Client/Program.cs +++ b/DeepDrftWeb.Client/Program.cs @@ -14,10 +14,6 @@ Startup.ConfigureApiHttpClient(builder.Services, builder.HostEnvironment.BaseAdd Startup.ConfigureContentServices(builder.Services, contentApiUrl); Startup.ConfigureDomainServices(builder.Services); -// AuthBlocks WASM: auth state deserialization bridge (prerender → WASM handoff). -// Registers AddAuthorizationCore, AddCascadingAuthenticationState, AddAuthenticationStateDeserialization. -AuthBlocksWeb.Client.Startup.ConfigureServices(builder.Services); - var app = builder.Build(); await app.RunAsync(); diff --git a/DeepDrftWeb.Client/_Imports.razor b/DeepDrftWeb.Client/_Imports.razor index d762434..ca3ba07 100644 --- a/DeepDrftWeb.Client/_Imports.razor +++ b/DeepDrftWeb.Client/_Imports.razor @@ -1,6 +1,5 @@ @using System.Net.Http @using System.Net.Http.Json -@using Microsoft.AspNetCore.Components.Authorization @using Microsoft.AspNetCore.Components.Forms @using Microsoft.AspNetCore.Components.Routing @using Microsoft.AspNetCore.Components.Web diff --git a/DeepDrftWeb/Components/Routes.razor b/DeepDrftWeb/Components/Routes.razor index b25f087..05de286 100644 --- a/DeepDrftWeb/Components/Routes.razor +++ b/DeepDrftWeb/Components/Routes.razor @@ -1,13 +1,7 @@ + AdditionalAssemblies="new[] { typeof(DeepDrftWeb.Client._Imports).Assembly }"> - - - @{ - NavigationManager.NavigateTo($"account/login?returnUrl={Uri.EscapeDataString(NavigationManager.Uri)}", forceLoad: true); - } - - + @@ -15,5 +9,3 @@

Sorry, there's nothing at this address.

- -@inject NavigationManager NavigationManager diff --git a/DeepDrftWeb/Components/_Imports.razor b/DeepDrftWeb/Components/_Imports.razor index 7e93709..ac766ef 100644 --- a/DeepDrftWeb/Components/_Imports.razor +++ b/DeepDrftWeb/Components/_Imports.razor @@ -1,7 +1,6 @@ @using System.Net.Http @using System.Net.Http.Json @using Microsoft.AspNetCore.Components.Forms -@using Microsoft.AspNetCore.Components.Authorization @using Microsoft.AspNetCore.Components.Routing @using Microsoft.AspNetCore.Components.Web @using static Microsoft.AspNetCore.Components.Web.RenderMode diff --git a/DeepDrftWeb/DeepDrftWeb.csproj b/DeepDrftWeb/DeepDrftWeb.csproj index be236df..318b1ba 100644 --- a/DeepDrftWeb/DeepDrftWeb.csproj +++ b/DeepDrftWeb/DeepDrftWeb.csproj @@ -20,9 +20,6 @@
- - - diff --git a/DeepDrftWeb/Middleware/CmsStealthRoutingHandler.cs b/DeepDrftWeb/Middleware/CmsStealthRoutingHandler.cs deleted file mode 100644 index 8e88204..0000000 --- a/DeepDrftWeb/Middleware/CmsStealthRoutingHandler.cs +++ /dev/null @@ -1,34 +0,0 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Authorization.Policy; - -namespace DeepDrftWeb.Middleware; - -/// -/// Returns 404 for any /cms/* request that fails authorization. -/// This prevents the CMS from acknowledging its own existence to unauthorized callers -/// (a redirect to /account/login would reveal that the route exists). -/// CMS-PLAN §3.4 stealth-routing constraint. -/// -public class CmsStealthRoutingHandler : IAuthorizationMiddlewareResultHandler -{ - private readonly AuthorizationMiddlewareResultHandler _default = new(); - - public async Task HandleAsync( - RequestDelegate next, - HttpContext context, - AuthorizationPolicy policy, - PolicyAuthorizationResult authorizeResult) - { - // For /cms/* routes (including an exact /cms hit), map any authorization - // failure to 404 regardless of cause (unauthenticated, wrong role, or any - // future policy failure). This prevents the CMS from acknowledging its - // own existence to callers outside the Admin hierarchy. - if (context.Request.Path.StartsWithSegments("/cms") && !authorizeResult.Succeeded) - { - context.Response.StatusCode = StatusCodes.Status404NotFound; - return; - } - - await _default.HandleAsync(next, context, policy, authorizeResult); - } -} diff --git a/DeepDrftWeb/Program.cs b/DeepDrftWeb/Program.cs index a4f5ad0..31a7c23 100644 --- a/DeepDrftWeb/Program.cs +++ b/DeepDrftWeb/Program.cs @@ -1,9 +1,4 @@ -using AuthBlocksLib; -using AuthBlocksLib.Options; -using DeepDrftCms; using DeepDrftWeb; -using DeepDrftWeb.Middleware; -using Microsoft.AspNetCore.Authorization; using MudBlazor.Services; using DeepDrftWeb.Components; using Microsoft.AspNetCore.HttpOverrides; @@ -14,68 +9,18 @@ var builder = WebApplication.CreateBuilder(args); // Add MudBlazor services builder.Services.AddMudServices(); -builder.Services.AddCmsServices(); - // Required credential files — must exist before the app will start. -// In dev: create the three files under DeepDrftWeb/environment/ (gitignored). +// In dev: create the files under DeepDrftWeb/environment/ (gitignored). // In prod: systemd CREDENTIALS_DIRECTORY points to encrypted credential blobs. -// - environment/apikey.json: { "DeepDrftContent": { "ApiKey": "..." } } -// - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "...", "Auth": "..." } } -// - environment/authblocks.json: { "AuthBlocks": { "Jwt": {...}, "Email": {...}, "Admin": {...} } } -var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json"); -builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false); - +// - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "..." } } +// AuthBlocks and the DeepDrftContent API key now live on DeepDrftManager; +// the public host has no auth surface and no CMS upload proxy. var connectionsPath = CredentialTools.ResolvePathOrThrow("connections", "environment/connections.json"); builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false); -var authBlocksPath = CredentialTools.ResolvePathOrThrow("authblocks", "environment/authblocks.json"); -builder.Configuration.AddJsonFile(authBlocksPath, optional: false, reloadOnChange: false); - -var baseUrl = builder.GetKestrelUrl(); var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] ?? throw new Exception("Content API URL is not configured"); -// AuthBlocks: JWT Bearer auth, Identity, EF schema, admin seeding. -// Auth schema runs in its own database (separate from DefaultConnection by design). -builder.Services.AddAuthBlocks(options => -{ - options.ConnectionString = builder.Configuration.GetConnectionString("Auth") - ?? throw new InvalidOperationException("ConnectionStrings:Auth is required"); - options.ApplicationName = "DeepDrft"; - options.SupportEmail = builder.Configuration["AuthBlocks:SupportEmail"] ?? "admin@deepdrft.com"; - - options.JwtSettings.Secret = builder.Configuration["AuthBlocks:Jwt:Secret"] - ?? throw new InvalidOperationException("AuthBlocks:Jwt:Secret is required"); - options.JwtSettings.Issuer = builder.Configuration["AuthBlocks:Jwt:Issuer"] - ?? throw new InvalidOperationException("AuthBlocks:Jwt:Issuer is required"); - options.JwtSettings.Audience = builder.Configuration["AuthBlocks:Jwt:Audience"] - ?? throw new InvalidOperationException("AuthBlocks:Jwt:Audience is required"); - - options.EmailConnection.Host = builder.Configuration["AuthBlocks:Email:Host"] - ?? throw new InvalidOperationException("AuthBlocks:Email:Host is required"); - options.EmailConnection.Token = builder.Configuration["AuthBlocks:Email:Token"] - ?? throw new InvalidOperationException("AuthBlocks:Email:Token is required"); - - options.AdminUserSettings = new AdminUserSettings - { - UserName = builder.Configuration["AuthBlocks:Admin:UserName"] - ?? throw new InvalidOperationException("AuthBlocks:Admin:UserName is required"), - Email = builder.Configuration["AuthBlocks:Admin:Email"] - ?? throw new InvalidOperationException("AuthBlocks:Admin:Email is required"), - Password = builder.Configuration["AuthBlocks:Admin:Password"] - ?? throw new InvalidOperationException("AuthBlocks:Admin:Password is required") - }; -}); - -// CMS stealth routing: unauthorized /cms/* requests return 404, not a redirect. -// This prevents the CMS from revealing its own existence to unauthenticated callers. -// See CMS-PLAN §3.4. -builder.Services.AddSingleton(); - -// AuthBlocksWeb: Blazor JWT client services (auth API is mounted on this same host via MapAuthBlocks). -// AuthBlocksWeb.Startup.ConfigureAuthServices registers AddCascadingAuthenticationState server-side. -AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl); - -DeepDrftWeb.Client.Startup.ConfigureApiHttpClient(builder.Services, baseUrl); +DeepDrftWeb.Client.Startup.ConfigureApiHttpClient(builder.Services, builder.GetKestrelUrl()); DeepDrftWeb.Client.Startup.ConfigureDomainServices(builder.Services); DeepDrftWeb.Client.Startup.ConfigureContentServices(builder.Services, contentApiUrl); @@ -110,9 +55,6 @@ builder.Services.Configure(options => var app = builder.Build(); -// Apply AuthBlocks EF migrations, seed system roles, seed admin user on first boot. -await app.Services.UseAuthBlocksStartupAsync(); - // Configure the HTTP request pipeline. // Use forwarded headers before other middleware app.UseForwardedHeaders(); @@ -135,9 +77,8 @@ else } } -app.UseAuthentication(); -app.UseAuthorization(); - +// Antiforgery is required by Blazor form handling. Authentication / authorization +// middleware is intentionally absent — this host is fully anonymous. app.UseAntiforgery(); // Configure cache headers for Blazor WebAssembly assets @@ -170,14 +111,10 @@ if (app.Environment.IsDevelopment()) } app.MapControllers(); -app.MapAuthBlocks(); // registers /api/auth/*, /api/users/*, /api/roles/*, /api/user-roles/*, /api/pending-registrations/* app.MapRazorComponents() .AddInteractiveServerRenderMode() .AddInteractiveWebAssemblyRenderMode() - .AddAdditionalAssemblies( - typeof(DeepDrftWeb.Client._Imports).Assembly, - typeof(DeepDrftCms._Imports).Assembly, - typeof(AuthBlocksWeb._Imports).Assembly); // exposes /account/login, /account/logout + .AddAdditionalAssemblies(typeof(DeepDrftWeb.Client._Imports).Assembly); app.Run(); diff --git a/DeepDrftWeb/Services/DarkModeService.cs b/DeepDrftWeb/Services/DarkModeService.cs index e90b38f..1935967 100644 --- a/DeepDrftWeb/Services/DarkModeService.cs +++ b/DeepDrftWeb/Services/DarkModeService.cs @@ -7,16 +7,12 @@ public class DarkModeService(DarkModeSettings darkModeSettings, IHttpContextAcce { public void CheckDarkMode() { - // get - // { - bool isDarkMode = false; // Default to light mode - var context = httpAccessor.HttpContext; - if (context?.Request.Cookies.TryGetValue(COOKIE_NAME, out var dark) == true) - { - isDarkMode = dark == "true"; - } - darkModeSettings.IsDarkMode = isDarkMode; - // return isDarkMode; - // } + bool isDarkMode = false; // Default to light mode + var context = httpAccessor.HttpContext; + if (context?.Request.Cookies.TryGetValue(COOKIE_NAME, out var dark) == true) + { + isDarkMode = dark == "true"; + } + darkModeSettings.IsDarkMode = isDarkMode; } } \ No newline at end of file diff --git a/DeepDrftWeb/Startup.cs b/DeepDrftWeb/Startup.cs index 1331bb7..01cce77 100644 --- a/DeepDrftWeb/Startup.cs +++ b/DeepDrftWeb/Startup.cs @@ -8,13 +8,6 @@ namespace DeepDrftWeb; public static class Startup { - /// - /// Named HttpClient used by CMS controllers to call DeepDrftContent's ApiKey-protected endpoints. - /// Distinct from the public WASM-facing "DeepDrft.Content" client so the API key never reaches - /// the browser. Configured server-side only. - /// - public const string ContentCmsHttpClientName = "DeepDrft.Content.Cms"; - public static void ConfigureDomainServices(WebApplicationBuilder builder) { // Add Entity Framework services @@ -28,26 +21,13 @@ public static class Startup .AddScoped(); // Add Track services. TrackManager implements ITrackService for backward compatibility - // with controllers and CMS pages that inject the interface; resolving ITrackService - // returns the same scoped TrackManager instance so the manager surface (DTO-space) - // and the service surface (entity-space) share state. + // with pages that inject the interface; resolving ITrackService returns the same scoped + // TrackManager instance so the manager surface (DTO-space) and the service surface + // (entity-space) share state. builder.Services .AddScoped() .AddScoped() .AddScoped(sp => sp.GetRequiredService()); - - // CMS → DeepDrftContent client. The API key is required up front (no lazy resolution) - // so a misconfiguration surfaces at startup instead of on the first delete attempt. - var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] - ?? throw new InvalidOperationException("ApiUrls:ContentApi is required"); - var contentApiKey = builder.Configuration["DeepDrftContent:ApiKey"] - ?? throw new InvalidOperationException("DeepDrftContent:ApiKey is required (see environment/apikey.json)"); - - builder.Services.AddHttpClient(ContentCmsHttpClientName, client => - { - client.BaseAddress = new Uri(contentApiUrl); - client.DefaultRequestHeaders.Add("ApiKey", contentApiKey); - }); } public static string GetKestrelUrl(this WebApplicationBuilder builder) diff --git a/DeepDrftWeb/apikey.example.json b/DeepDrftWeb/apikey.example.json deleted file mode 100644 index 9300155..0000000 --- a/DeepDrftWeb/apikey.example.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "DeepDrftContent": { - "ApiKey": "your-secret-api-key-here" - } -} diff --git a/DeepDrftWeb/authblocks.example.json b/DeepDrftWeb/authblocks.example.json deleted file mode 100644 index 1cf53de..0000000 --- a/DeepDrftWeb/authblocks.example.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "AuthBlocks": { - "SupportEmail": "admin@deepdrft.com", - "Jwt": { - "Secret": "your-jwt-secret-here", - "Issuer": "https://deepdrft.com", - "Audience": "deepdrft-users" - }, - "Email": { - "Host": "smtp.your-provider.com", - "Token": "your-email-token-here" - }, - "Admin": { - "UserName": "admin", - "Email": "admin@deepdrft.com", - "Password": "your-admin-password-here" - } - } -}