refactor: consolidate project structure by migrating authentication, identity, and shared UI components while removing legacy Web Client files.

2026-04-28 20:23:40 +02:00
parent 131981992c
commit 10efed0369
124 changed files with 2822 additions and 2213 deletions
@@ -3,7 +3,17 @@ using NexusReader.Application;
 using NexusReader.Infrastructure;
 using NexusReader.Application.Abstractions.Services;
 using NexusReader.Web.Client.Services;
+using NexusReader.Web.New.Services;
 using NexusReader.UI.Shared.Services;
+using NexusReader.Domain.Entities;
+using NexusReader.Infrastructure.Persistence;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.AspNetCore.Authorization;
+using NexusReader.Infrastructure.Identity;
+using Microsoft.AspNetCore.Authentication;
+using System.Security.Claims;

 var builder = WebApplication.CreateBuilder(args);

@@ -12,6 +22,8 @@ builder.Services.AddRazorComponents()
    .AddInteractiveServerComponents()
    .AddInteractiveWebAssemblyComponents();

+builder.Services.AddControllers();
+
 // Enable detailed circuit errors for Server‑Side Blazor components
 builder.Services.AddServerSideBlazor()
    .AddCircuitOptions(options =>
@@ -20,6 +32,7 @@ builder.Services.AddServerSideBlazor()
    });

 builder.Services.AddScoped<IPlatformService, WebPlatformService>();
+builder.Services.AddScoped<INativeStorageService, WebStorageService>();
 builder.Services.AddScoped<IThemeService, ThemeService>();
 builder.Services.AddScoped<IQuizStateService, QuizStateService>();
 builder.Services.AddScoped<IFocusModeService, FocusModeService>();
@@ -28,16 +41,77 @@ builder.Services.AddScoped<IKnowledgeGraphService, KnowledgeGraphService>();
 builder.Services.AddScoped<IReaderInteractionService, ReaderInteractionService>();
 builder.Services.AddScoped<KnowledgeCoordinator>();

+builder.Services.AddHttpClient("NexusAPI", client => 
+{
+    client.BaseAddress = new Uri(builder.Configuration["ApiBaseUrl"] ?? "http://localhost:5000");
+});
+builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("NexusAPI"));
+
+builder.Services.AddScoped<IIdentityService, IdentityService>();
+builder.Services.AddScoped<NexusAuthenticationStateProvider>();
+builder.Services.AddScoped<AuthenticationStateProvider>(sp => sp.GetRequiredService<NexusAuthenticationStateProvider>());
+builder.Services.AddCascadingAuthenticationState();
+
 builder.Services.AddApplication();
 builder.Services.AddInfrastructure(builder.Configuration);

+// Authorization Policies
+builder.Services.AddScoped<IAuthorizationHandler, TokenLimitHandler>();
+builder.Services.AddAuthorization(options =>
+{
+    options.AddPolicy("ProUser", policy => policy.RequireClaim("Plan", "Pro", "Enterprise"));
+    options.AddPolicy("HasAvailableTokens", policy => policy.AddRequirements(new TokenLimitRequirement()));
+});
+
+// Authentication
+builder.Services.AddAuthentication(options =>
+    {
+        options.DefaultScheme = IdentityConstants.ApplicationScheme;
+        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
+    })
+    .AddGoogle(options =>
+    {
+        options.ClientId = builder.Configuration["Authentication:Google:ClientId"] ?? "placeholder-id";
+        options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"] ?? "placeholder-secret";
+    });
+
+builder.Services.AddIdentityApiEndpoints<NexusUser>()
+    .AddEntityFrameworkStores<AppDbContext>();
+
+builder.Services.ConfigureApplicationCookie(options =>
+{
+    options.Cookie.HttpOnly = true;
+    options.ExpireTimeSpan = TimeSpan.FromDays(30);
+    options.SlidingExpiration = true;
+});
+
+builder.Services.Configure<IdentityOptions>(options =>
+{
+    // Password settings
+    options.Password.RequireDigit = true;
+    options.Password.RequireLowercase = true;
+    options.Password.RequireNonAlphanumeric = true;
+    options.Password.RequireUppercase = true;
+    options.Password.RequiredLength = 8;
+    options.Password.RequiredUniqueChars = 1;
+
+    // Lockout settings
+    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
+    options.Lockout.MaxFailedAccessAttempts = 5;
+    options.Lockout.AllowedForNewUsers = true;
+
+    // User settings
+    options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
+    options.User.RequireUniqueEmail = true;
+});
+
 var app = builder.Build();

 // Ensure Database is initialized
 using (var scope = app.Services.CreateScope())
 {
    var dbContext = scope.ServiceProvider.GetRequiredService<NexusReader.Infrastructure.Persistence.AppDbContext>();
-    dbContext.Database.EnsureCreated();
+    await dbContext.Database.MigrateAsync();
 }

 // Configure the HTTP request pipeline.
@@ -58,7 +132,10 @@ if (!app.Environment.IsDevelopment())
 }

 app.UseAntiforgery();
+app.UseAuthentication();
+app.UseAuthorization();
 app.MapStaticAssets();
+app.MapControllers();

 // API endpoint for WASM client to fetch EPUB content
 app.MapGet("/api/epub/{index}", async (int index, IEpubService epubService) =>
@@ -100,6 +177,67 @@ app.MapDelete("/api/knowledge", async (IKnowledgeService knowledgeService) =>
    return Results.BadRequest(errorMsg);
 });

+app.MapGroup("/identity").MapIdentityApi<NexusUser>();
+
+app.MapGet("/identity/login/google", (string? returnUrl) =>
+{
+    var properties = new AuthenticationProperties
+    {
+        RedirectUri = "/identity/callback/google",
+        Items = { { "returnUrl", returnUrl ?? "/" } }
+    };
+    return Results.Challenge(properties, new[] { "Google" });
+});
+
+app.MapGet("/identity/callback/google", async (
+    HttpContext context, 
+    SignInManager<NexusUser> signInManager, 
+    UserManager<NexusUser> userManager) =>
+{
+    var info = await signInManager.GetExternalLoginInfoAsync();
+    if (info == null) return Results.Redirect("/account/login?error=ExternalLoginFailed");
+
+    var result = await signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false);
+    if (result.Succeeded)
+    {
+        return Results.Redirect("/");
+    }
+
+    // New user provisioning
+    var email = info.Principal.FindFirstValue(ClaimTypes.Email);
+    if (email != null)
+    {
+        var user = new NexusUser { UserName = email, Email = email, EmailConfirmed = true };
+        var createResult = await userManager.CreateAsync(user);
+        if (createResult.Succeeded)
+        {
+            await userManager.AddLoginAsync(user, info);
+            await signInManager.SignInAsync(user, isPersistent: false);
+            return Results.Redirect("/");
+        }
+    }
+
+    return Results.Redirect("/account/login?error=ProvisioningFailed");
+});
+
+app.MapGet("/identity/profile", async (ClaimsPrincipal user, UserManager<NexusUser> userManager) =>
+{
+    var userId = user.FindFirstValue(ClaimTypes.NameIdentifier);
+    if (userId == null) return Results.Unauthorized();
+
+    var nexusUser = await userManager.FindByIdAsync(userId);
+    if (nexusUser == null) return Results.NotFound();
+
+    return Results.Ok(new
+    {
+        nexusUser.Email,
+        nexusUser.AITokenLimit,
+        nexusUser.AITokensUsed,
+        nexusUser.CurrentPlan,
+        nexusUser.TenantId
+    });
+}).RequireAuthorization();
+
 app.MapRazorComponents<App>()
    .AddInteractiveServerRenderMode()
    .AddInteractiveWebAssemblyRenderMode()