711480f8f6
This pull request introduces the dedicated containerized infrastructure and configuration for deploying NexusReader's beta version in the Test environment. ### Summary of Changes 1. **Docker Infrastructure & Secrets**: - **`docker-compose.test.yml`**: Configured dedicated database and auxiliary services (PostgreSQL 17, Qdrant, Neo4j) on isolated, non-standard ports to ensure zero conflict with the existing server configurations. - **`.env.test.template`**: Provided an environment variable template showing required setups, including mandatory database passwords, API keys, and admin custom passwords. - **`.gitignore`**: Excluded local `.env` files to prevent accidental commits of production or staging secrets. 2. **Database Hardening**: - Configured Neo4j with basic authentication (`IDriver` instantiation uses basic auth when credentials are provided in configuration). - Configured PostgreSQL to use mandatory authentication. - Configured the admin seeder (`DbInitializer.cs`) to dynamically use `NEXUS_ADMIN_PASSWORD` from environment variables, falling back to a default password in local Development only. 3. **Feature-Flagged Restrictions**: - **`appsettings.Test.json`**: Implemented `Features:AllowRegistration` and `Features:AllowPasswordReset` flags set to `false`. - **Middleware Enforcement (`Program.cs`)**: Intercepts requests to `/identity/register` and `/identity/forgotPassword` (and their MVC/form variations) and rejects them with a `403 Forbidden` response in restricted environments. - **OAuth Provisioning Guard (`Program.cs`)**: Blocks new account provisioning via Google OAuth callback by checking the `Features:AllowRegistration` configuration, redirecting users to the login page with a descriptive error. - **UI Protection (`Login.razor`, `Register.razor`)**: Conditionally hides registration/password reset links and intercepts manual navigation attempts to `/account/register` by redirecting to login with a warning. --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #56 Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
166 lines
6.3 KiB
Plaintext
166 lines
6.3 KiB
Plaintext
@inherits LayoutComponentBase
|
|
@using NexusReader.UI.Shared.Components.Molecules
|
|
@using NexusReader.UI.Shared.Components.Atoms
|
|
@using NexusReader.Application.Abstractions.Services
|
|
@using NexusReader.UI.Shared.Services
|
|
|
|
@if (!_isFullyLoaded)
|
|
{
|
|
<div class="app-preloader" style="backdrop-filter: blur(15px); background: rgba(18, 18, 18, 0.95); z-index: 100000;">
|
|
<div class="preloader-spinner"></div>
|
|
<div class="preloader-text">Synchronizing Secure Session...</div>
|
|
</div>
|
|
}
|
|
|
|
<div class="hub-container @(_isMobileMenuOpen ? "mobile-menu-open" : "")">
|
|
<AuthorizeView>
|
|
<Authorized>
|
|
<!-- Mobile Sticky Top-bar -->
|
|
<div class="nexus-mobile-topbar">
|
|
<button class="hamburger-btn" @onclick="ToggleMobileMenu" aria-label="Toggle Menu">
|
|
<NexusIcon Name="menu" Size="24" />
|
|
</button>
|
|
<div class="mobile-logo">
|
|
<NexusIcon Name="diamond" Size="20" Class="logo-icon pulsing-logo" />
|
|
<span class="logo-text">Nexus</span>
|
|
</div>
|
|
<div class="mobile-user-pill">
|
|
<div class="user-avatar-mini">
|
|
@context.User.Identity?.Name?[0].ToString().ToUpper()
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Mobile Backdrop overlay -->
|
|
@if (_isMobileMenuOpen)
|
|
{
|
|
<div class="mobile-sidebar-backdrop" @onclick="CloseMobileMenu"></div>
|
|
}
|
|
|
|
<aside class="hub-sidebar">
|
|
<div class="sidebar-header">
|
|
<div class="logo">
|
|
<NexusIcon Name="diamond" Size="24" Class="logo-icon" />
|
|
<span class="logo-text">Nexus</span>
|
|
</div>
|
|
</div>
|
|
|
|
<nav class="sidebar-nav">
|
|
<NavLink class="nav-item" href="/" Match="NavLinkMatch.All" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="home" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Dashboard</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/library" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="book-open" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Library</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/concepts-map" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="map" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Concepts Map</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/intelligence" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="cpu" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Global AI Q&A</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/profile" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="message-square" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Profile</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/settings" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="settings" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Settings</span>
|
|
</NavLink>
|
|
<NavLink class="nav-item" href="/concenters" @onclick="CloseMobileMenu">
|
|
<div class="nav-icon">
|
|
<NexusIcon Name="target" Size="18" />
|
|
</div>
|
|
<span class="nav-text">Concenters</span>
|
|
</NavLink>
|
|
|
|
</nav>
|
|
|
|
<div class="sidebar-footer">
|
|
<div class="user-brief">
|
|
<div class="user-avatar">
|
|
@context.User.Identity?.Name?[0].ToString().ToUpper()
|
|
</div>
|
|
<div class="user-details">
|
|
<span class="user-name">@context.User.Identity?.Name</span>
|
|
</div>
|
|
</div>
|
|
<button class="logout-btn" @onclick="HandleLogout" title="Logout">
|
|
<NexusIcon Name="log-out" Size="18" />
|
|
</button>
|
|
</div>
|
|
</aside>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
|
|
<main class="hub-main">
|
|
<div class="hub-content">
|
|
@Body
|
|
</div>
|
|
</main>
|
|
</div>
|
|
|
|
@code {
|
|
[Inject] private AuthenticationStateProvider AuthStateProvider { get; set; } = default!;
|
|
[Inject] private IIdentityService IdentityService { get; set; } = default!;
|
|
[Inject] private NavigationManager NavigationManager { get; set; } = default!;
|
|
|
|
private bool _isSyncing = false;
|
|
private bool _isMobileMenuOpen = false;
|
|
private bool _isFullyLoaded = false;
|
|
|
|
protected override async Task OnInitializedAsync()
|
|
{
|
|
if (_isSyncing) return;
|
|
|
|
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
|
|
if (!authState.User.Identity?.IsAuthenticated ?? true)
|
|
{
|
|
_isSyncing = true;
|
|
// Try to sync with server cookie
|
|
await IdentityService.GetProfileAsync();
|
|
}
|
|
}
|
|
|
|
protected override void OnAfterRender(bool firstRender)
|
|
{
|
|
if (firstRender)
|
|
{
|
|
_isFullyLoaded = true;
|
|
StateHasChanged();
|
|
}
|
|
}
|
|
|
|
private void ToggleMobileMenu()
|
|
{
|
|
_isMobileMenuOpen = !_isMobileMenuOpen;
|
|
}
|
|
|
|
private void CloseMobileMenu()
|
|
{
|
|
_isMobileMenuOpen = false;
|
|
}
|
|
|
|
private async Task HandleLogout()
|
|
{
|
|
CloseMobileMenu();
|
|
await IdentityService.LogoutAsync();
|
|
NavigationManager.NavigateTo("/account/logout-form", true);
|
|
}
|
|
}
|