feat(split): strip AuthBlocks from DeepDrftWeb; move CMS controllers to DeepDrftManager

Public host is now auth-free: no AuthBlocks, no DeepDrftCms ref, no stealth routing.
MainLayout restored to full chrome. DeepDrft.Content/.Cms HttpClients wired on Manager.
This commit is contained in:
Daniel Harvey
2026-05-19 17:01:24 -04:00
parent 840192fb79
commit 490bbbe942
19 changed files with 57 additions and 202 deletions
@@ -0,0 +1,90 @@
using DeepDrftData;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace DeepDrftManager.Controllers;
/// <summary>
/// CMS delete endpoint. Owned by W3-T3 — separate controller from upload/edit to
/// avoid merge contention with parallel CMS tracks.
///
/// Delete order (CMS-PLAN W1.5): SQL first, then vault. If the SQL row is gone we
/// return success to the user even when the subsequent vault delete fails — SQL is
/// the source of truth for "exists from the user's view". A vault failure is logged
/// as an orphan for maintenance to reap (see PLAN.md §4.3 dead-letter).
/// </summary>
[ApiController]
[Route("api/cms/track")]
[Authorize(Roles = "Admin")]
public class CmsDeleteController : ControllerBase
{
// Named HttpClient used to call DeepDrftContent's ApiKey-protected endpoints.
// The Manager owns this name now that the CMS lives here; the client is registered
// in Program.cs alongside the public "DeepDrft.API" client.
private const string ContentCmsHttpClientName = "DeepDrft.Content.Cms";
private readonly ITrackService _trackService;
private readonly IHttpClientFactory _httpClientFactory;
private readonly ILogger<CmsDeleteController> _logger;
public CmsDeleteController(
ITrackService trackService,
IHttpClientFactory httpClientFactory,
ILogger<CmsDeleteController> logger)
{
_trackService = trackService;
_httpClientFactory = httpClientFactory;
_logger = logger;
}
[HttpDelete("{id:long}")]
public async Task<ActionResult> DeleteTrack(long id)
{
// 1. Resolve the EntryKey before we delete the SQL row — afterwards the join is gone.
var lookup = await _trackService.GetById(id);
if (!lookup.Success)
{
_logger.LogError("CMS delete: lookup failed for track {TrackId}: {Error}", id, lookup.Messages.FirstOrDefault()?.Message);
return StatusCode(500, "Failed to load track");
}
var track = lookup.Value;
if (track == null)
{
return NotFound();
}
var entryKey = track.EntryKey;
// 2. SQL delete. On failure, do NOT touch the vault — nothing to clean up.
var sqlDelete = await _trackService.Delete(id);
if (!sqlDelete.Success)
{
_logger.LogError("CMS delete: SQL delete failed for track {TrackId}: {Error}", id, sqlDelete.Messages.FirstOrDefault()?.Message);
return StatusCode(500, "Failed to delete track");
}
// 3. Vault delete. Failure is logged as an orphan but does not fail the request:
// SQL is the source of truth for the user's view; the orphan is a maintenance concern.
var client = _httpClientFactory.CreateClient(ContentCmsHttpClientName);
try
{
var response = await client.DeleteAsync($"api/track/{Uri.EscapeDataString(entryKey)}");
if (!response.IsSuccessStatusCode)
{
_logger.LogWarning(
"Vault delete failed after SQL delete. {TrackId} {EntryKey} {StatusCode}",
id, entryKey, (int)response.StatusCode);
}
}
catch (Exception ex)
{
_logger.LogWarning(
ex,
"Vault delete threw after SQL delete. {TrackId} {EntryKey}",
id, entryKey);
}
return Ok();
}
}
@@ -0,0 +1,59 @@
using System.ComponentModel.DataAnnotations;
using DeepDrftData;
using DeepDrftModels.Entities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using NetBlocks.Models;
namespace DeepDrftManager.Controllers;
[ApiController]
[Authorize(Roles = "Admin")]
[Route("api/cms/track")]
public class CmsEditController : ControllerBase
{
private readonly ITrackService _trackService;
public CmsEditController(ITrackService trackService)
{
_trackService = trackService;
}
// Metadata-only update. EntryKey is immutable in Wave 1 — audio replacement
// is a separate Wave 2 operation that touches the vault.
[HttpPut("{id:long}")]
public async Task<ActionResult<ApiResultDto<TrackEntity>>> Update(long id, [FromBody] CmsTrackUpdateRequest request)
{
var existing = await _trackService.GetById(id);
if (!existing.Success)
{
var failure = ApiResult<TrackEntity>.CreateFailResult(existing.GetMessage());
return StatusCode(500, new ApiResultDto<TrackEntity>(failure));
}
if (existing.Value is null)
{
return NotFound();
}
var track = existing.Value;
track.TrackName = request.TrackName;
track.Artist = request.Artist;
track.Album = request.Album;
track.Genre = request.Genre;
track.ReleaseDate = request.ReleaseDate;
var updated = await _trackService.Update(track);
var apiResult = ApiResult<TrackEntity>.From(updated);
var dto = new ApiResultDto<TrackEntity>(apiResult);
return updated.Success ? Ok(dto) : StatusCode(500, dto);
}
}
public record CmsTrackUpdateRequest(
[Required, MaxLength(200)] string TrackName,
[Required, MaxLength(200)] string Artist,
[MaxLength(200)] string? Album,
[MaxLength(100)] string? Genre,
DateOnly? ReleaseDate);
@@ -0,0 +1,168 @@
using System.Net.Http.Headers;
using System.Security.Claims;
using DeepDrftData;
using DeepDrftModels.Entities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace DeepDrftManager.Controllers;
/// <summary>
/// CMS upload surface. Proxies a WAV + metadata multipart form to DeepDrftContent's
/// POST api/track/upload, then persists the returned unpersisted TrackEntity to SQL via
/// ITrackService.Create. DeepDrftManager intentionally does not reference DeepDrftContent.Data
/// (CMS-PLAN §5, Option B) — all vault access is over HTTP.
/// </summary>
[ApiController]
[Authorize(Roles = "Admin")]
[Route("api/cms")]
public class CmsUploadController : ControllerBase
{
private const string ContentClientName = "DeepDrft.Content";
private const string UploadPath = "api/track/upload";
private readonly IHttpClientFactory _httpClientFactory;
private readonly ITrackService _trackService;
private readonly IConfiguration _configuration;
private readonly ILogger<CmsUploadController> _logger;
public CmsUploadController(
IHttpClientFactory httpClientFactory,
ITrackService trackService,
IConfiguration configuration,
ILogger<CmsUploadController> logger)
{
_httpClientFactory = httpClientFactory;
_trackService = trackService;
_configuration = configuration;
_logger = logger;
}
// Match DeepDrftContent's per-request ceiling so the proxy itself does not reject
// a payload the downstream endpoint would accept.
[HttpPost("track")]
[RequestSizeLimit(1_073_741_824)]
[RequestFormLimits(MultipartBodyLengthLimit = 1_073_741_824)]
public async Task<ActionResult<TrackEntity>> UploadTrack(
[FromForm] IFormFile? wav,
[FromForm] string? trackName,
[FromForm] string? artist,
[FromForm] string? album,
[FromForm] string? genre,
[FromForm] string? releaseDate,
CancellationToken cancellationToken)
{
if (wav is null || wav.Length == 0)
{
return BadRequest("WAV file is required");
}
if (string.IsNullOrWhiteSpace(trackName))
{
return BadRequest("trackName is required");
}
if (string.IsNullOrWhiteSpace(artist))
{
return BadRequest("artist is required");
}
var apiKey = _configuration["DeepDrftContent:ApiKey"];
if (string.IsNullOrWhiteSpace(apiKey))
{
_logger.LogError("DeepDrftContent:ApiKey is not configured");
return StatusCode(500, "Content API key is not configured");
}
var userIdValue = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!long.TryParse(userIdValue, out var userId))
{
// [Authorize(Roles = "Admin")] gates upstream, so a missing/unparseable
// user id here is a configuration bug, not a normal client state.
_logger.LogError("Authenticated user has no parseable NameIdentifier claim: {Value}", userIdValue);
return StatusCode(500, "Authenticated user is missing a valid identifier");
}
// Forward the upload to DeepDrftContent. We rebuild the multipart container rather
// than relaying Request.Body so the boundary is owned by HttpClient and IFormFile's
// already-buffered stream (memory + temp-file backed by Kestrel) is the source.
using var multipart = new MultipartFormDataContent();
await using var wavStream = wav.OpenReadStream();
var wavContent = new StreamContent(wavStream);
wavContent.Headers.ContentType = new MediaTypeHeaderValue(
string.IsNullOrWhiteSpace(wav.ContentType) ? "audio/wav" : wav.ContentType);
multipart.Add(wavContent, "wav", wav.FileName);
multipart.Add(new StringContent(trackName), "trackName");
multipart.Add(new StringContent(artist), "artist");
if (!string.IsNullOrWhiteSpace(album)) multipart.Add(new StringContent(album), "album");
if (!string.IsNullOrWhiteSpace(genre)) multipart.Add(new StringContent(genre), "genre");
if (!string.IsNullOrWhiteSpace(releaseDate)) multipart.Add(new StringContent(releaseDate), "releaseDate");
var client = _httpClientFactory.CreateClient(ContentClientName);
using var request = new HttpRequestMessage(HttpMethod.Post, UploadPath) { Content = multipart };
request.Headers.Add("ApiKey", apiKey);
HttpResponseMessage response;
try
{
response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
}
catch (Exception ex)
{
_logger.LogError(ex, "Content API call failed for upload of {TrackName}", trackName);
return StatusCode(502, "Content API is unreachable");
}
using (response)
{
if (!response.IsSuccessStatusCode)
{
var body = await response.Content.ReadAsStringAsync(cancellationToken);
var statusCode = (int)response.StatusCode;
if (statusCode >= 500)
{
_logger.LogError("Content API returned {Status} for upload of {TrackName}: {Body}", statusCode, trackName, body);
return StatusCode(statusCode, "Upload failed on the content server. Please try again.");
}
// 4xx: body is user-friendly validation text from DeepDrftContent — relay as-is.
_logger.LogWarning("Content API rejected upload: {Status} {Body}", statusCode, body);
return StatusCode(statusCode, body);
}
TrackEntity? unpersisted;
try
{
unpersisted = await response.Content.ReadFromJsonAsync<TrackEntity>(cancellationToken);
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to deserialize TrackEntity from Content API response");
return StatusCode(502, "Content API returned an unexpected response");
}
if (unpersisted is null)
{
_logger.LogError("Content API returned a null TrackEntity");
return StatusCode(502, "Content API returned an empty response");
}
unpersisted.CreatedByUserId = userId;
var saveResult = await _trackService.Create(unpersisted);
if (!saveResult.Success || saveResult.Value is null)
{
// The vault write succeeded but the SQL persist failed — audio is now orphaned
// in the tracks vault under EntryKey. CMS-PLAN W2.4 covers the dead-letter
// mechanism; until then we log loudly so the orphan is recoverable manually.
var error = saveResult.Messages.FirstOrDefault()?.Message ?? "Unknown error";
_logger.LogError(
"Track persisted to vault but SQL save failed. Orphaned entry: {EntryKey}. Error: {Error}",
unpersisted.EntryKey, error);
return StatusCode(500, $"Track was uploaded but could not be saved: {error}");
}
return Ok(saveResult.Value);
}
}
}