Merge branch 'split-phase2-strip' into dev

This commit is contained in:
Daniel Harvey
2026-05-19 17:22:05 -04:00
19 changed files with 57 additions and 202 deletions
@@ -2,7 +2,7 @@ using DeepDrftData;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
namespace DeepDrftWeb.Controllers; namespace DeepDrftManager.Controllers;
/// <summary> /// <summary>
/// CMS delete endpoint. Owned by W3-T3 — separate controller from upload/edit to /// CMS delete endpoint. Owned by W3-T3 — separate controller from upload/edit to
@@ -18,6 +18,11 @@ namespace DeepDrftWeb.Controllers;
[Authorize(Roles = "Admin")] [Authorize(Roles = "Admin")]
public class CmsDeleteController : ControllerBase public class CmsDeleteController : ControllerBase
{ {
// Named HttpClient used to call DeepDrftContent's ApiKey-protected endpoints.
// The Manager owns this name now that the CMS lives here; the client is registered
// in Program.cs alongside the public "DeepDrft.API" client.
private const string ContentCmsHttpClientName = "DeepDrft.Content.Cms";
private readonly ITrackService _trackService; private readonly ITrackService _trackService;
private readonly IHttpClientFactory _httpClientFactory; private readonly IHttpClientFactory _httpClientFactory;
private readonly ILogger<CmsDeleteController> _logger; private readonly ILogger<CmsDeleteController> _logger;
@@ -61,7 +66,7 @@ public class CmsDeleteController : ControllerBase
// 3. Vault delete. Failure is logged as an orphan but does not fail the request: // 3. Vault delete. Failure is logged as an orphan but does not fail the request:
// SQL is the source of truth for the user's view; the orphan is a maintenance concern. // SQL is the source of truth for the user's view; the orphan is a maintenance concern.
var client = _httpClientFactory.CreateClient(Startup.ContentCmsHttpClientName); var client = _httpClientFactory.CreateClient(ContentCmsHttpClientName);
try try
{ {
var response = await client.DeleteAsync($"api/track/{Uri.EscapeDataString(entryKey)}"); var response = await client.DeleteAsync($"api/track/{Uri.EscapeDataString(entryKey)}");
@@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using NetBlocks.Models; using NetBlocks.Models;
namespace DeepDrftWeb.Controllers; namespace DeepDrftManager.Controllers;
[ApiController] [ApiController]
[Authorize(Roles = "Admin")] [Authorize(Roles = "Admin")]
@@ -21,8 +21,8 @@ public class CmsEditController : ControllerBase
// Metadata-only update. EntryKey is immutable in Wave 1 — audio replacement // Metadata-only update. EntryKey is immutable in Wave 1 — audio replacement
// is a separate Wave 2 operation that touches the vault. // is a separate Wave 2 operation that touches the vault.
[HttpPut("{id:int}")] [HttpPut("{id:long}")]
public async Task<ActionResult<ApiResultDto<TrackEntity>>> Update(int id, [FromBody] CmsTrackUpdateRequest request) public async Task<ActionResult<ApiResultDto<TrackEntity>>> Update(long id, [FromBody] CmsTrackUpdateRequest request)
{ {
var existing = await _trackService.GetById(id); var existing = await _trackService.GetById(id);
if (!existing.Success) if (!existing.Success)
@@ -5,12 +5,12 @@ using DeepDrftModels.Entities;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
namespace DeepDrftWeb.Controllers; namespace DeepDrftManager.Controllers;
/// <summary> /// <summary>
/// CMS upload surface. Proxies a WAV + metadata multipart form to DeepDrftContent's /// CMS upload surface. Proxies a WAV + metadata multipart form to DeepDrftContent's
/// POST api/track/upload, then persists the returned unpersisted TrackEntity to SQL via /// POST api/track/upload, then persists the returned unpersisted TrackEntity to SQL via
/// ITrackService.Create. DeepDrftWeb intentionally does not reference DeepDrftContent.Data /// ITrackService.Create. DeepDrftManager intentionally does not reference DeepDrftContent.Data
/// (CMS-PLAN §5, Option B) — all vault access is over HTTP. /// (CMS-PLAN §5, Option B) — all vault access is over HTTP.
/// </summary> /// </summary>
[ApiController] [ApiController]
+23 -7
View File
@@ -81,10 +81,7 @@ builder.Services.AddAuthBlocks(options =>
var baseUrl = GetKestrelUrl(builder); var baseUrl = GetKestrelUrl(builder);
AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl); AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl);
// Named HttpClient used by CMS pages for delete/upload calls. // Named HttpClient used by CMS pages for auth API calls (AuthBlocks surface on this host).
// Phase 1: points at DeepDrftWeb (https://localhost:5001) where the CMS mutation controllers
// (CmsUploadController, CmsEditController, CmsDeleteController) currently live.
// When those controllers migrate to DeepDrftManager, update ApiUrls:ApiHost to this host's URL.
var apiHostUrl = builder.Configuration["ApiUrls:ApiHost"] var apiHostUrl = builder.Configuration["ApiUrls:ApiHost"]
?? throw new InvalidOperationException("ApiUrls:ApiHost is required"); ?? throw new InvalidOperationException("ApiUrls:ApiHost is required");
builder.Services.AddHttpClient("DeepDrft.API", client => builder.Services.AddHttpClient("DeepDrft.API", client =>
@@ -92,6 +89,25 @@ builder.Services.AddHttpClient("DeepDrft.API", client =>
client.BaseAddress = new Uri(apiHostUrl); client.BaseAddress = new Uri(apiHostUrl);
}); });
// Named HttpClient for unauthenticated Content API calls (e.g. CmsUploadController proxying WAV
// data to DeepDrftContent's POST api/track/upload). API key added per-request by the controller.
var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"]
?? throw new InvalidOperationException("ApiUrls:ContentApi is required");
builder.Services.AddHttpClient("DeepDrft.Content", client =>
{
client.BaseAddress = new Uri(contentApiUrl);
});
// Named HttpClient for ApiKey-protected Content API calls (e.g. CmsDeleteController's vault
// delete). API key baked into the default request headers so callers need not add it manually.
var contentApiKey = builder.Configuration["DeepDrftContent:ApiKey"]
?? throw new InvalidOperationException("DeepDrftContent:ApiKey is required");
builder.Services.AddHttpClient("DeepDrft.Content.Cms", client =>
{
client.BaseAddress = new Uri(contentApiUrl);
client.DefaultRequestHeaders.Add("ApiKey", contentApiKey);
});
// Reverse-proxy support (nginx in production). // Reverse-proxy support (nginx in production).
builder.Services.Configure<ForwardedHeadersOptions>(options => builder.Services.Configure<ForwardedHeadersOptions>(options =>
{ {
@@ -103,8 +119,8 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
options.KnownProxies.Clear(); options.KnownProxies.Clear();
}); });
// Controllers: no-op until CMS mutation controllers migrate from DeepDrftWeb, but registered // Controllers: discovers CMS mutation controllers (CmsUploadController, CmsEditController,
// now so they are discovered automatically when they arrive. Matches DeepDrftWeb precedent. // CmsDeleteController) and the AuthBlocks surface. Matches DeepDrftWeb precedent.
builder.Services.AddControllers(); builder.Services.AddControllers();
// InteractiveServer only — no WASM render mode on the CMS host. // InteractiveServer only — no WASM render mode on the CMS host.
@@ -152,7 +168,7 @@ app.MapStaticAssets();
// Razor pages (/account/login, /account/logout). // Razor pages (/account/login, /account/logout).
app.MapAuthBlocks(); app.MapAuthBlocks();
// No-op today; picks up CMS mutation controllers when they migrate from DeepDrftWeb. // Mounts CMS mutation controllers (CmsUploadController, CmsEditController, CmsDeleteController).
app.MapControllers(); app.MapControllers();
app.MapRazorComponents<App>() app.MapRazorComponents<App>()
+2 -1
View File
@@ -7,7 +7,8 @@
}, },
"AllowedHosts": "*", "AllowedHosts": "*",
"ApiUrls": { "ApiUrls": {
"ApiHost": "https://localhost:5001" "ApiHost": "https://localhost:5001",
"ContentApi": "https://content.deepdrft.com"
}, },
"ForwardedHeaders": { "ForwardedHeaders": {
"DisableHttpsRedirection": false "DisableHttpsRedirection": false
@@ -15,7 +15,6 @@
<PackageReference Include="Microsoft.Extensions.Http" Version="10.0.7" /> <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.7" />
<PackageReference Include="MudBlazor" Version="8.15.0" /> <PackageReference Include="MudBlazor" Version="8.15.0" />
<PackageReference Include="MudBlazor.ThemeManager" Version="3.0.0" /> <PackageReference Include="MudBlazor.ThemeManager" Version="3.0.0" />
<PackageReference Include="Cerebellum.AuthBlocks.Web.Client" Version="10.3.32" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
-2
View File
@@ -1,8 +1,6 @@
@page "/" @page "/"
@rendermode InteractiveAuto @rendermode InteractiveAuto
@using DeepDrftWeb.Client.Services @using DeepDrftWeb.Client.Services
@using Microsoft.AspNetCore.Authorization
@attribute [AllowAnonymous]
<PageTitle>Deep DRFT - Electronic Music Collective</PageTitle> <PageTitle>Deep DRFT - Electronic Music Collective</PageTitle>
@@ -1,8 +1,6 @@
@page "/tracks" @page "/tracks"
@rendermode InteractiveAuto @rendermode InteractiveAuto
@using Microsoft.AspNetCore.Authorization
@using DeepDrftWeb.Client.Controls @using DeepDrftWeb.Client.Controls
@attribute [AllowAnonymous]
<PageTitle>DeepDrft Track Gallery</PageTitle> <PageTitle>DeepDrft Track Gallery</PageTitle>
-4
View File
@@ -14,10 +14,6 @@ Startup.ConfigureApiHttpClient(builder.Services, builder.HostEnvironment.BaseAdd
Startup.ConfigureContentServices(builder.Services, contentApiUrl); Startup.ConfigureContentServices(builder.Services, contentApiUrl);
Startup.ConfigureDomainServices(builder.Services); Startup.ConfigureDomainServices(builder.Services);
// AuthBlocks WASM: auth state deserialization bridge (prerender → WASM handoff).
// Registers AddAuthorizationCore, AddCascadingAuthenticationState, AddAuthenticationStateDeserialization.
AuthBlocksWeb.Client.Startup.ConfigureServices(builder.Services);
var app = builder.Build(); var app = builder.Build();
await app.RunAsync(); await app.RunAsync();
-1
View File
@@ -1,6 +1,5 @@
@using System.Net.Http @using System.Net.Http
@using System.Net.Http.Json @using System.Net.Http.Json
@using Microsoft.AspNetCore.Components.Authorization
@using Microsoft.AspNetCore.Components.Forms @using Microsoft.AspNetCore.Components.Forms
@using Microsoft.AspNetCore.Components.Routing @using Microsoft.AspNetCore.Components.Routing
@using Microsoft.AspNetCore.Components.Web @using Microsoft.AspNetCore.Components.Web
+2 -10
View File
@@ -1,13 +1,7 @@
<Router AppAssembly="typeof(App).Assembly" <Router AppAssembly="typeof(App).Assembly"
AdditionalAssemblies="new[] { typeof(DeepDrftWeb.Client._Imports).Assembly, typeof(DeepDrftCms._Imports).Assembly, typeof(AuthBlocksWeb._Imports).Assembly }"> AdditionalAssemblies="new[] { typeof(DeepDrftWeb.Client._Imports).Assembly }">
<Found Context="routeData"> <Found Context="routeData">
<AuthorizeRouteView RouteData="routeData"> <RouteView RouteData="routeData" DefaultLayout="typeof(DeepDrftWeb.Client.Layout.MainLayout)" />
<NotAuthorized>
@{
NavigationManager.NavigateTo($"account/login?returnUrl={Uri.EscapeDataString(NavigationManager.Uri)}", forceLoad: true);
}
</NotAuthorized>
</AuthorizeRouteView>
<FocusOnNavigate RouteData="routeData" Selector="h1" /> <FocusOnNavigate RouteData="routeData" Selector="h1" />
</Found> </Found>
<NotFound> <NotFound>
@@ -15,5 +9,3 @@
<p role="alert">Sorry, there's nothing at this address.</p> <p role="alert">Sorry, there's nothing at this address.</p>
</NotFound> </NotFound>
</Router> </Router>
@inject NavigationManager NavigationManager
-1
View File
@@ -1,7 +1,6 @@
@using System.Net.Http @using System.Net.Http
@using System.Net.Http.Json @using System.Net.Http.Json
@using Microsoft.AspNetCore.Components.Forms @using Microsoft.AspNetCore.Components.Forms
@using Microsoft.AspNetCore.Components.Authorization
@using Microsoft.AspNetCore.Components.Routing @using Microsoft.AspNetCore.Components.Routing
@using Microsoft.AspNetCore.Components.Web @using Microsoft.AspNetCore.Components.Web
@using static Microsoft.AspNetCore.Components.Web.RenderMode @using static Microsoft.AspNetCore.Components.Web.RenderMode
-3
View File
@@ -20,9 +20,6 @@
</PackageReference> </PackageReference>
<!-- Npgsql 10.0.1 requires Microsoft.EntityFrameworkCore >= 10.0.4; keep in sync --> <!-- Npgsql 10.0.1 requires Microsoft.EntityFrameworkCore >= 10.0.4; keep in sync -->
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.1" /> <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.1" />
<PackageReference Include="Cerebellum.AuthBlocks" Version="10.3.32" />
<PackageReference Include="Cerebellum.AuthBlocks.Web" Version="10.3.32" />
<ProjectReference Include="..\DeepDrftCms\DeepDrftCms.csproj" />
<ProjectReference Include="..\DeepDrftModels\DeepDrftModels.csproj" /> <ProjectReference Include="..\DeepDrftModels\DeepDrftModels.csproj" />
<ProjectReference Include="..\DeepDrftWeb.Client\DeepDrftWeb.Client.csproj" /> <ProjectReference Include="..\DeepDrftWeb.Client\DeepDrftWeb.Client.csproj" />
<ProjectReference Include="..\DeepDrftData\DeepDrftData.csproj" /> <ProjectReference Include="..\DeepDrftData\DeepDrftData.csproj" />
@@ -1,34 +0,0 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;
namespace DeepDrftWeb.Middleware;
/// <summary>
/// Returns 404 for any /cms/* request that fails authorization.
/// This prevents the CMS from acknowledging its own existence to unauthorized callers
/// (a redirect to /account/login would reveal that the route exists).
/// CMS-PLAN §3.4 stealth-routing constraint.
/// </summary>
public class CmsStealthRoutingHandler : IAuthorizationMiddlewareResultHandler
{
private readonly AuthorizationMiddlewareResultHandler _default = new();
public async Task HandleAsync(
RequestDelegate next,
HttpContext context,
AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
// For /cms/* routes (including an exact /cms hit), map any authorization
// failure to 404 regardless of cause (unauthenticated, wrong role, or any
// future policy failure). This prevents the CMS from acknowledging its
// own existence to callers outside the Admin hierarchy.
if (context.Request.Path.StartsWithSegments("/cms") && !authorizeResult.Succeeded)
{
context.Response.StatusCode = StatusCodes.Status404NotFound;
return;
}
await _default.HandleAsync(next, context, policy, authorizeResult);
}
}
+8 -71
View File
@@ -1,9 +1,4 @@
using AuthBlocksLib;
using AuthBlocksLib.Options;
using DeepDrftCms;
using DeepDrftWeb; using DeepDrftWeb;
using DeepDrftWeb.Middleware;
using Microsoft.AspNetCore.Authorization;
using MudBlazor.Services; using MudBlazor.Services;
using DeepDrftWeb.Components; using DeepDrftWeb.Components;
using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpOverrides;
@@ -14,68 +9,18 @@ var builder = WebApplication.CreateBuilder(args);
// Add MudBlazor services // Add MudBlazor services
builder.Services.AddMudServices(); builder.Services.AddMudServices();
builder.Services.AddCmsServices();
// Required credential files — must exist before the app will start. // Required credential files — must exist before the app will start.
// In dev: create the three files under DeepDrftWeb/environment/ (gitignored). // In dev: create the files under DeepDrftWeb/environment/ (gitignored).
// In prod: systemd CREDENTIALS_DIRECTORY points to encrypted credential blobs. // In prod: systemd CREDENTIALS_DIRECTORY points to encrypted credential blobs.
// - environment/apikey.json: { "DeepDrftContent": { "ApiKey": "..." } } // - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "..." } }
// - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "...", "Auth": "..." } } // AuthBlocks and the DeepDrftContent API key now live on DeepDrftManager;
// - environment/authblocks.json: { "AuthBlocks": { "Jwt": {...}, "Email": {...}, "Admin": {...} } } // the public host has no auth surface and no CMS upload proxy.
var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json");
builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false);
var connectionsPath = CredentialTools.ResolvePathOrThrow("connections", "environment/connections.json"); var connectionsPath = CredentialTools.ResolvePathOrThrow("connections", "environment/connections.json");
builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false); builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false);
var authBlocksPath = CredentialTools.ResolvePathOrThrow("authblocks", "environment/authblocks.json");
builder.Configuration.AddJsonFile(authBlocksPath, optional: false, reloadOnChange: false);
var baseUrl = builder.GetKestrelUrl();
var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] ?? throw new Exception("Content API URL is not configured"); var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] ?? throw new Exception("Content API URL is not configured");
// AuthBlocks: JWT Bearer auth, Identity, EF schema, admin seeding. DeepDrftWeb.Client.Startup.ConfigureApiHttpClient(builder.Services, builder.GetKestrelUrl());
// Auth schema runs in its own database (separate from DefaultConnection by design).
builder.Services.AddAuthBlocks(options =>
{
options.ConnectionString = builder.Configuration.GetConnectionString("Auth")
?? throw new InvalidOperationException("ConnectionStrings:Auth is required");
options.ApplicationName = "DeepDrft";
options.SupportEmail = builder.Configuration["AuthBlocks:SupportEmail"] ?? "admin@deepdrft.com";
options.JwtSettings.Secret = builder.Configuration["AuthBlocks:Jwt:Secret"]
?? throw new InvalidOperationException("AuthBlocks:Jwt:Secret is required");
options.JwtSettings.Issuer = builder.Configuration["AuthBlocks:Jwt:Issuer"]
?? throw new InvalidOperationException("AuthBlocks:Jwt:Issuer is required");
options.JwtSettings.Audience = builder.Configuration["AuthBlocks:Jwt:Audience"]
?? throw new InvalidOperationException("AuthBlocks:Jwt:Audience is required");
options.EmailConnection.Host = builder.Configuration["AuthBlocks:Email:Host"]
?? throw new InvalidOperationException("AuthBlocks:Email:Host is required");
options.EmailConnection.Token = builder.Configuration["AuthBlocks:Email:Token"]
?? throw new InvalidOperationException("AuthBlocks:Email:Token is required");
options.AdminUserSettings = new AdminUserSettings
{
UserName = builder.Configuration["AuthBlocks:Admin:UserName"]
?? throw new InvalidOperationException("AuthBlocks:Admin:UserName is required"),
Email = builder.Configuration["AuthBlocks:Admin:Email"]
?? throw new InvalidOperationException("AuthBlocks:Admin:Email is required"),
Password = builder.Configuration["AuthBlocks:Admin:Password"]
?? throw new InvalidOperationException("AuthBlocks:Admin:Password is required")
};
});
// CMS stealth routing: unauthorized /cms/* requests return 404, not a redirect.
// This prevents the CMS from revealing its own existence to unauthenticated callers.
// See CMS-PLAN §3.4.
builder.Services.AddSingleton<IAuthorizationMiddlewareResultHandler, CmsStealthRoutingHandler>();
// AuthBlocksWeb: Blazor JWT client services (auth API is mounted on this same host via MapAuthBlocks).
// AuthBlocksWeb.Startup.ConfigureAuthServices registers AddCascadingAuthenticationState server-side.
AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl);
DeepDrftWeb.Client.Startup.ConfigureApiHttpClient(builder.Services, baseUrl);
DeepDrftWeb.Client.Startup.ConfigureDomainServices(builder.Services); DeepDrftWeb.Client.Startup.ConfigureDomainServices(builder.Services);
DeepDrftWeb.Client.Startup.ConfigureContentServices(builder.Services, contentApiUrl); DeepDrftWeb.Client.Startup.ConfigureContentServices(builder.Services, contentApiUrl);
@@ -110,9 +55,6 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
var app = builder.Build(); var app = builder.Build();
// Apply AuthBlocks EF migrations, seed system roles, seed admin user on first boot.
await app.Services.UseAuthBlocksStartupAsync();
// Configure the HTTP request pipeline. // Configure the HTTP request pipeline.
// Use forwarded headers before other middleware // Use forwarded headers before other middleware
app.UseForwardedHeaders(); app.UseForwardedHeaders();
@@ -135,9 +77,8 @@ else
} }
} }
app.UseAuthentication(); // Antiforgery is required by Blazor form handling. Authentication / authorization
app.UseAuthorization(); // middleware is intentionally absent — this host is fully anonymous.
app.UseAntiforgery(); app.UseAntiforgery();
// Configure cache headers for Blazor WebAssembly assets // Configure cache headers for Blazor WebAssembly assets
@@ -170,14 +111,10 @@ if (app.Environment.IsDevelopment())
} }
app.MapControllers(); app.MapControllers();
app.MapAuthBlocks(); // registers /api/auth/*, /api/users/*, /api/roles/*, /api/user-roles/*, /api/pending-registrations/*
app.MapRazorComponents<App>() app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode() .AddInteractiveServerRenderMode()
.AddInteractiveWebAssemblyRenderMode() .AddInteractiveWebAssemblyRenderMode()
.AddAdditionalAssemblies( .AddAdditionalAssemblies(typeof(DeepDrftWeb.Client._Imports).Assembly);
typeof(DeepDrftWeb.Client._Imports).Assembly,
typeof(DeepDrftCms._Imports).Assembly,
typeof(AuthBlocksWeb._Imports).Assembly); // exposes /account/login, /account/logout
app.Run(); app.Run();
-4
View File
@@ -7,8 +7,6 @@ public class DarkModeService(DarkModeSettings darkModeSettings, IHttpContextAcce
{ {
public void CheckDarkMode() public void CheckDarkMode()
{ {
// get
// {
bool isDarkMode = false; // Default to light mode bool isDarkMode = false; // Default to light mode
var context = httpAccessor.HttpContext; var context = httpAccessor.HttpContext;
if (context?.Request.Cookies.TryGetValue(COOKIE_NAME, out var dark) == true) if (context?.Request.Cookies.TryGetValue(COOKIE_NAME, out var dark) == true)
@@ -16,7 +14,5 @@ public class DarkModeService(DarkModeSettings darkModeSettings, IHttpContextAcce
isDarkMode = dark == "true"; isDarkMode = dark == "true";
} }
darkModeSettings.IsDarkMode = isDarkMode; darkModeSettings.IsDarkMode = isDarkMode;
// return isDarkMode;
// }
} }
} }
+3 -23
View File
@@ -8,13 +8,6 @@ namespace DeepDrftWeb;
public static class Startup public static class Startup
{ {
/// <summary>
/// Named HttpClient used by CMS controllers to call DeepDrftContent's ApiKey-protected endpoints.
/// Distinct from the public WASM-facing "DeepDrft.Content" client so the API key never reaches
/// the browser. Configured server-side only.
/// </summary>
public const string ContentCmsHttpClientName = "DeepDrft.Content.Cms";
public static void ConfigureDomainServices(WebApplicationBuilder builder) public static void ConfigureDomainServices(WebApplicationBuilder builder)
{ {
// Add Entity Framework services // Add Entity Framework services
@@ -28,26 +21,13 @@ public static class Startup
.AddScoped<DarkModeService>(); .AddScoped<DarkModeService>();
// Add Track services. TrackManager implements ITrackService for backward compatibility // Add Track services. TrackManager implements ITrackService for backward compatibility
// with controllers and CMS pages that inject the interface; resolving ITrackService // with pages that inject the interface; resolving ITrackService returns the same scoped
// returns the same scoped TrackManager instance so the manager surface (DTO-space) // TrackManager instance so the manager surface (DTO-space) and the service surface
// and the service surface (entity-space) share state. // (entity-space) share state.
builder.Services builder.Services
.AddScoped<TrackRepository>() .AddScoped<TrackRepository>()
.AddScoped<TrackManager>() .AddScoped<TrackManager>()
.AddScoped<ITrackService>(sp => sp.GetRequiredService<TrackManager>()); .AddScoped<ITrackService>(sp => sp.GetRequiredService<TrackManager>());
// CMS → DeepDrftContent client. The API key is required up front (no lazy resolution)
// so a misconfiguration surfaces at startup instead of on the first delete attempt.
var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"]
?? throw new InvalidOperationException("ApiUrls:ContentApi is required");
var contentApiKey = builder.Configuration["DeepDrftContent:ApiKey"]
?? throw new InvalidOperationException("DeepDrftContent:ApiKey is required (see environment/apikey.json)");
builder.Services.AddHttpClient(ContentCmsHttpClientName, client =>
{
client.BaseAddress = new Uri(contentApiUrl);
client.DefaultRequestHeaders.Add("ApiKey", contentApiKey);
});
} }
public static string GetKestrelUrl(this WebApplicationBuilder builder) public static string GetKestrelUrl(this WebApplicationBuilder builder)
-5
View File
@@ -1,5 +0,0 @@
{
"DeepDrftContent": {
"ApiKey": "your-secret-api-key-here"
}
}
-19
View File
@@ -1,19 +0,0 @@
{
"AuthBlocks": {
"SupportEmail": "admin@deepdrft.com",
"Jwt": {
"Secret": "your-jwt-secret-here",
"Issuer": "https://deepdrft.com",
"Audience": "deepdrft-users"
},
"Email": {
"Host": "smtp.your-provider.com",
"Token": "your-email-token-here"
},
"Admin": {
"UserName": "admin",
"Email": "admin@deepdrft.com",
"Password": "your-admin-password-here"
}
}
}